VLAN trunking between Juniper EX -> Cisco Catalyst -> and Cisco Router

cisco switch juniper trunk

26,538

Solution 1

Ok, so for any one that is having pains integrating cisco switches with juniper equipment, i found the problem and the resolution.

Diagram

so the problem was that the switch 1 (catalyst) was sending tagged PVST BPDUs over the truck port and because juniper does not understand the PVST BPDUS it treats them as brodcast traffic and flood them to the correspongind vlan, in this case the ports that internonceted the juniper with the downwards cisco switch was set up as an access port(dont ask i was set up like that by another genius) so on the other side of the link the port was marked as incosistent, becuase it received a tagged BPDU.

so the solution was to create a firewall filter on the EX and bloc the paquets sent to the PVST address 01:00:0c:cc:cc:cd.

Solution 2

You stated that ports 3 and 42 were configured on the Catalyst switch, but then provided configurations for ports 46 and 48. The configuration you posted for port 46 should be applied to port 3 that connects to the EX2200. Your router's connection is unchanged, so hopefully we can assume that configuration is fine.

Now, on the EX2200, the following lines of code would be appropriate to do the following:

ge-0/0/0 - trunk allowing the same vlans as defined above on port 46

ge-0/0/6 - access port on VLAN80

set vlans vlan80 vlan-id 80
set vlans vlan82 vlan-id 82
set vlans vlan83 vlan-id 83
set vlans vlan93 vlan-id 93
set vlans vlan289 vlan-id 289
set interfaces ge-0/0/0 description uplink-to-catalyst 
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan80
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan82
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan83
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan93
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan289
set interfaces ge-0/0/6 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan80

Some other suggestions for you:

1) Turn on LLDP on your switch so you can do a show lldp neighbors and see where your connections go.

2) Don't use RSTP for spanning tree on the juniper switch, it doesn't play nice with Cisco that well, use VSTP instead. If you end up with a ton of vlans, you might even need to use MSTP.

3) Turn off chassis alarm for the management ethernet if you're not using it.

On the EX2200:

delete protocols rstp
set protocols vstp vlan all bridge-priority 4k
set protocols lldp interface all
set chassis alarm management-ethernet link-down ignore

On the Catalyst (if it supports it)

lldp run

26,538

Hugo Garcia

I'm a Sysadmin/developer/security professional that loves to learn new things every day

Updated on September 18, 2022

Comments

Hugo Garcia over 1 year
I have the following scenario:

EX2200 Switch whit
- ge-0/0/8 set as an access port on VLAN 80
- ge-0/0/0 set as a trunk port connected to a catalyst switch and various vlans allowed to pass includin vlan 80
On the Catalyst Switch.
- port #3 set up as a trunk port that receives traffic from the EX switch.
- port 46 is set up also as a trunk port that connects to a cisco router. Port #48 is where the host used to be connected
host → EX2200 → Catalyst → Router

the problem is that this EX2200 is a new addition to the network and the host connected previosly to the catalyst switch on GigabitEthernet1/48.

traffic is not getting from the host to the router, but the router can send ARP request to the host.

following is the relevant configuration:

Catalyst Switch: interface GigabitEthernet1/3 ### trunk to EX2200 Switch switchport trunk encapsulation dot1q switchport trunk allowed vlan 69,74,80,82,231,401 switchport mode trunk !
```
interface GigabitEthernet1/46
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 80,82,83,93,289
 switchport mode trunk
 mtu 1532
 media-type rj45
 speed 1000
 duplex full
 arp timeout 300
!

interface GigabitEthernet1/48
 switchport access vlan 80
 switchport mode access
 mtu 1532
 media-type rj45
 speed 100
 duplex full
 arp timeout 300
 no cdp enable
!
```
EX2200 Switch:
```
ge-0/0/0 {    ###TRUNK TO Catalyst switch on Ge 1/3
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ 69 74 80 82 231 401 ];
            }
            native-vlan-id 1;
        }
    }
}

root@XXXXX# show vlans 

...
XXXXXXXXXXXXXXX {  ###CONNECTS TO Host that was on cisco Ge 1/48
    vlan-id 80;
    interface {
        ge-0/0/8.0;
    }
}
...
```
So, to resume the problem, when the host is connected to port 48 of cisco switch, everyting works, but when we move connection to new switch EX2200 on port ge-0/0/8 traffic stops working.

Another note is that VLAN 69 that is configured on the EX2200 switch on ports 3 to 5 works fine.

we did another test and replaced juniper switch with cisco switch, and the traffic flows normally.
- Hugo Garcia over 11 years
  
  Hi, sorry for the messup, the host was connected to port 48 and now it is connected to the Juniper Switch. and we are not able to ping the routers interface or from the router ping the host, or any other king of traffic other than ARP request getting from the router to the host.
- SpacemanSpiff over 11 years
  
  Well hold on, Port 48 shows above as an access port, not a trunk port, where is your Juniper configuration?
- Hugo Garcia over 11 years
  
  Hi @SpacemanSpiff, thanks for the help, i added the relevant EX2200 configuration and some other comments to improve the question.
- SpacemanSpiff over 11 years
  
  Okay how about the configuration statement from Catalyst then for Gig 1/3?
- Hugo Garcia over 11 years
  
  I thinks i have found out what the problems is. in the other side of the connection(the host is really a FiberOptics Multiplexor that interconnect to cities over 1000 KM distantaces) there is a cisco switch that has a redundant connection to the catalyst switch, so adding the juniper switch increases the cost of that path for Sapanning Tree and it uses the secondary link. i would test this and update the question, thanks for the help
SpacemanSpiff over 11 years

Also, when setting the vlan members for a trunk, be careful, use integers, OR strings. I used terms like "vlan80" because I NAMED it vlan80. I could have used just the integer 80. You could also do a range using integers like 80-84
Hugo Garcia over 11 years

Hi thanks for the help, i have read that there is some incompatibility between cisco psvq+ and rstp and that you should run spanning-tree pathcost method long on the cisco gear. could it be posible that this is what is interfering with the traffic flow?
SpacemanSpiff over 11 years

No, I believe your trunking configurations are your problem. Can you update the above with the ports in use?
SpacemanSpiff over 11 years

run Rapid PVST+ on the Cisco, and run VSTP on the Juniper.