Mailing List Archive

That seems like a trunking issue to me. Are you trunking the port on the
cisco 3524 switch that connects to the juniper ?

-----Original Message-----
From: juniper-nsp-bounces@puck.nether.net
[mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of David William
Sent: Monday, December 29, 2003 3:41 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] vlan tagging, vlan ids, etc.

First of all, I don't have much of a juniper background and have been
staring at the interfaces and class of service book for some time.

I have a Gigabit Ethernet connection between two facilities. On one side I
have a cisco 3524 switch, on the other, I have a juniper M40 running an
older version of Junos - 5.2R2.3

On the juniper side, I have a simple setup of the link...
root@edge# show interfaces ge-3/3/0
unit 0 {
family inet {
no-redirects;
address 10.0.0.1/29;
}
}

I can get across the link to the switch on the other end at 10.0.0.2

now, when I attempt to create subinterfaces I can no longer get to the
switch on the other end.

root@edge# show interfaces ge-3/3/0
vlan-tagging;
unit 0 {
vlan-id 1;
family inet {
no-redirects;
address 10.0.0.1/29;
}
unit 1 {
vlan-id 2;
family inet {
no-redirects;
address 10.0.1.1/30;
}
unit 2 {
vlan-id 3;
family inet {
no-redirects;
address 10.0.2.1/30;
}
}

I'm new to junos and am just unsure of what I am doing wrong. According to
the documentation this *should* work.

Any glaring problems with what I am doing? Maybe its lack of sleep from the

holidays that has me misreading this.

Thanks for any help

David William

_________________________________________________________________
Worried about inbox overload? Get MSN Extra Storage now!
http://join.msn.com/?PAGE=features/es

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp

On Mon, Dec 29, 2003 at 02:41:25PM -0600, David William wrote:
> now, when I attempt to create subinterfaces I can no longer get to the
> switch on the other end.

Did you put the GigE Port on the switch to trunking mode? Otherwise,
VLAN tagged frames are discarded.


Regards,
Daniel

I do not see any problems with the configuration. Some Gig-E PICs have
firmware limitations on VLAN support in a CCC/L2 VPN environment, but I am
not aware of any issues with conventional VLAN tagging.

Have you tried:

1. Deactivating/reactivating the interface to see if a bounce resolves
(maybe try a commit full also)?

2. Looking in the log for any error messages?

3. I suspect the issue lies at the remote end, or in some intervening
device. Can you monitor traffic while pinging to confirm that traffic
(likely an ARP) leaves the interface with appropriate tagging/encapsulation?

This config works for me with two juniper boxes back-to-back:

[edit interfaces ge-0/3/0]
lab@San_Jose-3# show
vlan-tagging;
unit 0 {
vlan-id 1;
family inet {
address 10.222.29.2/24;
}
}

[edit interfaces ge-0/3/0]
lab@San_Jose-3# run ping 10.222.29.1 count 1
PING 10.222.29.1 (10.222.29.1): 56 data bytes
64 bytes from 10.222.29.1: icmp_seq=0 ttl=255 time=1.868 ms

--- 10.222.29.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.868/1.868/1.868/0.000 ms

And a dump on the local router while a ping is issued on the remote end:

[edit interfaces ge-0/3/0]
lab@San_Jose-3# run monitor interface ge-0/3/0.0 detail layer2-headers

Listening on ge-0/3/0.0, capture size 96 bytes

. . .
13:52:21.596706 In IP (tos 0x0, ttl 255, id 16701, offset 0, flags [none],
length: 84) 10.222.29.1 > 10.222.29.2: icmp 64: echo request
13:52:21.596791 Out 0:90:69:d6:1c:5d 0:90:69:97:24:1f 8100 102: VID [0: 1]
IP (tos 0x0, ttl 255, id
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^
47106, offset 0, flags [none], length: 84) 10.222.29.2 > 10.222.29.1: icmp
64: echo reply
13:52:21.626012 In IP (tos 0xc0, ttl 1, id 16702, offset 0, flags [none],
length: 68) 10.222.29.1 > . . .. .

Note that L2 encap stuff in the outhoing echo reply.

HTHs.




> -----Original Message-----
> From: juniper-nsp-bounces@puck.nether.net
> [mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of
> David William
> Sent: Monday, December 29, 2003 12:41 PM
> To: juniper-nsp@puck.nether.net
> Subject: [j-nsp] vlan tagging, vlan ids, etc.
>
>
> First of all, I don't have much of a juniper background and have been
> staring at the interfaces and class of service book for some time.
>
> I have a Gigabit Ethernet connection between two facilities.
> On one side I
> have a cisco 3524 switch, on the other, I have a juniper M40
> running an
> older version of Junos - 5.2R2.3
>
> On the juniper side, I have a simple setup of the link...
> root@edge# show interfaces ge-3/3/0 unit 0 {
> family inet {
> no-redirects;
> address 10.0.0.1/29;
> }
> }
>
> I can get across the link to the switch on the other end at 10.0.0.2
>
> now, when I attempt to create subinterfaces I can no longer
> get to the
> switch on the other end.
>
> root@edge# show interfaces ge-3/3/0
> vlan-tagging;
> unit 0 {
> vlan-id 1;
> family inet {
> no-redirects;
> address 10.0.0.1/29;
> }
> unit 1 {
> vlan-id 2;
> family inet {
> no-redirects;
> address 10.0.1.1/30;
> }
> unit 2 {
> vlan-id 3;
> family inet {
> no-redirects;
> address 10.0.2.1/30;
> }
> }
>
> I'm new to junos and am just unsure of what I am doing wrong.
> According to
> the documentation this *should* work.
>
> Any glaring problems with what I am doing? Maybe its lack of
> sleep from the
> holidays that has me misreading this.
>
> Thanks for any help
>
> David William
>
> _________________________________________________________________
> Worried about inbox overload? Get MSN Extra Storage now!
> http://join.msn.com/?PAGE=features/es
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>

>On Mon, Dec 29, 2003 at 02:41:25PM -0600, David William wrote:
> > now, when I attempt to create subinterfaces I can no longer get to the
> > switch on the other end.
>
>Did you put the GigE Port on the switch to trunking mode? Otherwise,
>VLAN tagged frames are discarded.

Yes, the GigE port on the switch is set to trunk mode with encapsulation
dot1q

I'm beginning to question everything I've done, but it all seems to be
right. its confusing.

_________________________________________________________________
Working moms: Find helpful tips here on managing kids, home, work — and
yourself. http://special.msn.com/msnbc/workingmom.armx

What's hardware from Juniper M40 ?
Maybe "show chassis hardware" can grab firmware versions.
From old memory of mine, I recalled that P-1GE-SX - old version of GE PIC -
had some problems with vlan trunking with Cisco switches.

Hyun


On Mon, 29 Dec 2003 14:41:25 -0600, David William wrote
> First of all, I don't have much of a juniper background and have
> been staring at the interfaces and class of service book for some time.
>
> I have a Gigabit Ethernet connection between two facilities. On one
> side I have a cisco 3524 switch, on the other, I have a juniper M40
> running an older version of Junos - 5.2R2.3
>
> On the juniper side, I have a simple setup of the link...
> root@edge# show interfaces ge-3/3/0
> unit 0 {
> family inet {
> no-redirects;
> address 10.0.0.1/29;
> }
> }
>
> I can get across the link to the switch on the other end at 10.0.0.2
>
> now, when I attempt to create subinterfaces I can no longer get to
> the switch on the other end.
>
> root@edge# show interfaces ge-3/3/0
> vlan-tagging;
> unit 0 {
> vlan-id 1;
> family inet {
> no-redirects;
> address 10.0.0.1/29;
> }
> unit 1 {
> vlan-id 2;
> family inet {
> no-redirects;
> address 10.0.1.1/30;
> }
> unit 2 {
> vlan-id 3;
> family inet {
> no-redirects;
> address 10.0.2.1/30;
> }
> }
>
> I'm new to junos and am just unsure of what I am doing wrong.
> According to the documentation this *should* work.
>
> Any glaring problems with what I am doing? Maybe its lack of sleep
> from the holidays that has me misreading this.
>
> Thanks for any help
>
> David William
>
> _________________________________________________________________
> Worried about inbox overload? Get MSN Extra Storage now!
> http://join.msn.com/?PAGE=features/es
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp


--
Hyunseog Ryu
Senior Network Engineer

>What's hardware from Juniper M40 ?
>Maybe "show chassis hardware" can grab firmware versions.
From old memory of mine, I recalled that P-1GE-SX - old version of GE PIC -
>had some problems with vlan trunking with Cisco switches.
>
Here is the info from show chassis hardware

FPC 3 REV 01 710-001292 AD2053
PIC 3 REV 08 750-001072 AG4345 1x G/E, 1000
BASE-SX

if there were problems with vlan trunking with Cisco Switches, was there a
workaround?

David William

_________________________________________________________________
Tired of slow downloads? Compare online deals from your local high-speed
providers now. https://broadband.msn.com

Type this command on your 3524 "vlan dot1q tag native"

For VLAN tagging info on Cisco's dot1q trunking with the native VLAN
see:
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1835/products_
configuration_guide_chapter09186a00800ca801.html#xtocid10

Jack

-----Original Message-----
From: juniper-nsp-bounces@puck.nether.net
[mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of David William
Sent: Monday, December 29, 2003 2:41 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] vlan tagging, vlan ids, etc.


First of all, I don't have much of a juniper background and have been
staring at the interfaces and class of service book for some time.

I have a Gigabit Ethernet connection between two facilities. On one
side I
have a cisco 3524 switch, on the other, I have a juniper M40 running an
older version of Junos - 5.2R2.3

On the juniper side, I have a simple setup of the link... root@edge#
show interfaces ge-3/3/0 unit 0 {
family inet {
no-redirects;
address 10.0.0.1/29;
}
}

I can get across the link to the switch on the other end at 10.0.0.2

now, when I attempt to create subinterfaces I can no longer get to the
switch on the other end.

root@edge# show interfaces ge-3/3/0
vlan-tagging;
unit 0 {
vlan-id 1;
family inet {
no-redirects;
address 10.0.0.1/29;
}
unit 1 {
vlan-id 2;
family inet {
no-redirects;
address 10.0.1.1/30;
}
unit 2 {
vlan-id 3;
family inet {
no-redirects;
address 10.0.2.1/30;
}
}

I'm new to junos and am just unsure of what I am doing wrong. According
to
the documentation this *should* work.

Any glaring problems with what I am doing? Maybe its lack of sleep from
the
holidays that has me misreading this.

Thanks for any help

David William

_________________________________________________________________
Worried about inbox overload? Get MSN Extra Storage now!
http://join.msn.com/?PAGE=features/es

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
******************************************************************************************
The information contained in this message, including attachments, may contain
privileged or confidential information that is intended to be delivered only to the
person identified above. If you are not the intended recipient, or the person
responsible for delivering this message to the intended recipient, ALLTEL requests
that you immediately notify the sender and asks that you do not read the message or its
attachments, and that you delete them without copying or sending them to anyone else.

Sorry, I hit send too early...

Cisco uses the concept of native vlan. This is an untagged vlan. By
default this is vlan1. Your configuration on the Juniper M40 shows
vlan1 as tagged. Even though you enabled dot1q on the cat3524, vlan1 is
not tagged so the M40 will discard all the packets from vlan1. You have
two options:

1- Use "vlan dot1q tag native" to tag the native vlan, or
2- Move the native vlan to another vlan id not in use (i.e vlan100)

Jack

-----Original Message-----
From: juniper-nsp-bounces@puck.nether.net
[mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of David William
Sent: Monday, December 29, 2003 2:41 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] vlan tagging, vlan ids, etc.


First of all, I don't have much of a juniper background and have been
staring at the interfaces and class of service book for some time.

I have a Gigabit Ethernet connection between two facilities. On one
side I
have a cisco 3524 switch, on the other, I have a juniper M40 running an
older version of Junos - 5.2R2.3

On the juniper side, I have a simple setup of the link... root@edge#
show interfaces ge-3/3/0 unit 0 {
family inet {
no-redirects;
address 10.0.0.1/29;
}
}

I can get across the link to the switch on the other end at 10.0.0.2

now, when I attempt to create subinterfaces I can no longer get to the
switch on the other end.

root@edge# show interfaces ge-3/3/0
vlan-tagging;
unit 0 {
vlan-id 1;
family inet {
no-redirects;
address 10.0.0.1/29;
}
unit 1 {
vlan-id 2;
family inet {
no-redirects;
address 10.0.1.1/30;
}
unit 2 {
vlan-id 3;
family inet {
no-redirects;
address 10.0.2.1/30;
}
}

I'm new to junos and am just unsure of what I am doing wrong. According
to
the documentation this *should* work.

Any glaring problems with what I am doing? Maybe its lack of sleep from
the
holidays that has me misreading this.

Thanks for any help

David William

_________________________________________________________________
Worried about inbox overload? Get MSN Extra Storage now!
http://join.msn.com/?PAGE=features/es

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
******************************************************************************************
The information contained in this message, including attachments, may contain
privileged or confidential information that is intended to be delivered only to the
person identified above. If you are not the intended recipient, or the person
responsible for delivering this message to the intended recipient, ALLTEL requests
that you immediately notify the sender and asks that you do not read the message or its
attachments, and that you delete them without copying or sending them to anyone else.

It seems that you are using old version of Gigabit SX card that I encountered.
At the time, I had same configuration from other routers, and only difference
between working configuration and non-working configuration was Gigabit
Ethernet PIC type.
Working configuration used P-1GE-SX-B, and non-working configuration used P-
1GE-SX.
I used same VLAN id and same Cisco hardware from the other side router and
switch.
Fortunately we don't need VLAN feature for a moment, so I changed to no-vlan
configuraiton, and it worked.
I will upgrade P-1GE-SX to P-1GE-SX-B in coming year.

Hyun


On Mon, 29 Dec 2003 15:17:05 -0600, David William wrote
> >What's hardware from Juniper M40 ?
> >Maybe "show chassis hardware" can grab firmware versions.
> >From old memory of mine, I recalled that P-1GE-SX - old version of GE PIC -
> >had some problems with vlan trunking with Cisco switches.
> >
> Here is the info from show chassis hardware
>
> FPC 3 REV 01 710-001292 AD2053
> PIC 3 REV 08 750-001072 AG4345 1x G/E,
> 1000 BASE-SX
>
> if there were problems with vlan trunking with Cisco Switches, was
> there a workaround?
>
> David William
>
> _________________________________________________________________
> Tired of slow downloads? Compare online deals from your local high-
> speed providers now. https://broadband.msn.com


--
Hyunseog Ryu
Senior Network Engineer

after looking throught the archives of this list (I should have looked a
little harder before posting) and some great help both publicly and
privately, I've got it to work.

here is what I did.

I left the juniper side the same except I changed vlan1 to vlan100 and made
adjustments to the cisco 3524.

I shutdown VLAN1 and set the IP address of the switch on VLAN100, trunked
the GigabitEthernet port and set the encap to dot1q. Now everything is
happy. If there is a cleaner way to do this, I would love to hear it. The
"vlan dot1q tag native" doens't register to IOS C3500XL Software
(C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWARE (fc1)

Thanks again for all the help with this!

David William


>From: <Jack.W.Parks@alltel.com>
>To: <juniper-nsp@puck.nether.net>
>Subject: RE: [j-nsp] vlan tagging, vlan ids, etc.
>Date: Mon, 29 Dec 2003 15:37:44 -0600
>
>Sorry, I hit send too early...
>
>Cisco uses the concept of native vlan. This is an untagged vlan. By
>default this is vlan1. Your configuration on the Juniper M40 shows
>vlan1 as tagged. Even though you enabled dot1q on the cat3524, vlan1 is
>not tagged so the M40 will discard all the packets from vlan1. You have
>two options:
>
>1- Use "vlan dot1q tag native" to tag the native vlan, or
>2- Move the native vlan to another vlan id not in use (i.e vlan100)
>
>Jack
>
>-----Original Message-----
>From: juniper-nsp-bounces@puck.nether.net
>[mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of David William
>Sent: Monday, December 29, 2003 2:41 PM
>To: juniper-nsp@puck.nether.net
>Subject: [j-nsp] vlan tagging, vlan ids, etc.
>
>
>First of all, I don't have much of a juniper background and have been
>staring at the interfaces and class of service book for some time.
>
>I have a Gigabit Ethernet connection between two facilities. On one
>side I
>have a cisco 3524 switch, on the other, I have a juniper M40 running an
>older version of Junos - 5.2R2.3
>
>On the juniper side, I have a simple setup of the link... root@edge#
>show interfaces ge-3/3/0 unit 0 {
> family inet {
> no-redirects;
> address 10.0.0.1/29;
> }
>}
>
>I can get across the link to the switch on the other end at 10.0.0.2
>
>now, when I attempt to create subinterfaces I can no longer get to the
>switch on the other end.
>
>root@edge# show interfaces ge-3/3/0
>vlan-tagging;
>unit 0 {
> vlan-id 1;
> family inet {
> no-redirects;
> address 10.0.0.1/29;
> }
>unit 1 {
> vlan-id 2;
> family inet {
> no-redirects;
> address 10.0.1.1/30;
> }
>unit 2 {
> vlan-id 3;
> family inet {
> no-redirects;
> address 10.0.2.1/30;
> }
>}
>
>I'm new to junos and am just unsure of what I am doing wrong. According
>to
>the documentation this *should* work.
>
>Any glaring problems with what I am doing? Maybe its lack of sleep from
>the
>holidays that has me misreading this.
>
>Thanks for any help
>
>David William
>
>_________________________________________________________________
>Worried about inbox overload? Get MSN Extra Storage now!
>http://join.msn.com/?PAGE=features/es
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp@puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp
>******************************************************************************************
>The information contained in this message, including attachments, may
>contain
>privileged or confidential information that is intended to be delivered
>only to the
>person identified above. If you are not the intended recipient, or the
>person
>responsible for delivering this message to the intended recipient, ALLTEL
>requests
>that you immediately notify the sender and asks that you do not read the
>message or its
>attachments, and that you delete them without copying or sending them to
>anyone else.
>
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp@puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp

_________________________________________________________________
Working moms: Find helpful tips here on managing kids, home, work — and
yourself. http://special.msn.com/msnbc/workingmom.armx