Juniper Config Commit causes Cisco Etherchannels to go into err-disable state

Thu Apr 5 21:16:12 UTC 2018

No there isn't, but from what I am getting responses both onlist and off
list is to just run this on the Cisco switches:

no spanning-tree etherchannel guard misconfig

and that should resolve the issue.

Thanks Everyone.

On Thu, Apr 5, 2018 at 2:10 PM, Robert Webb <rwebb at ropeguru.com> wrote:

> I don't see any issue with the snippet of the config you provided for the
> "Firewall Port". Is there a chance that the port ge-0/0/67 is referenced
> somewhere else in the Juniper config that when applying your trunk setup is
> causing issues?
>
> Just throw that out off the top of my head and not really thinking it
> through.
>
> Robert
>
> -----Original Message-----
> From: NANOG <nanog-bounces at nanog.org> On Behalf Of Joseph Jenkins
> Sent: Thursday, April 5, 2018 4:58 PM
> To: nanog at nanog.org
> Subject: Juniper Config Commit causes Cisco Etherchannels to go into
> err-disable state
>
> I have cases open with both Cisco and Juniper on this, but wanted to see
> if anyone else had seen an issue like this because support has no idea.
>
> I have a Juniper QFX 5100 Core running in Virtual Chassis mode with 4
> switches. I have 4 separate stacks of Cisco 3750 switches with 2x1GB
> uplinks bound into 4 different LACP trunks. I have had it happen twice now
> where I apply a trunk port config(not an LACP trunk) to a port that isn't a
> part of any of the LACP trunks and it causes all 4 of the Etherchannels on
> the Cisco stacked switches to go into an err-disable state with these
> messages:
>
> Mar 14 07:11:33: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
> on Gi1/0/48, putting Gi1/0/48 in err-disable state
>
> Mar 14 07:11:33: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
> on Po17, putting Gi1/0/48 in err-disable state
>
> Mar 14 07:11:33: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
> on Po17, putting Po17 in err-disable state
>
> Mar 14 07:11:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> GigabitEthernet1/0/48, changed state to down
>
> Mar 14 07:11:33: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
> on Gi2/0/48, putting Gi2/0/48 in err-disable state (CA-TOR-1-7-2)
>
> Mar 14 07:11:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> GigabitEthernet2/0/48, changed state to down
>
> Mar 14 07:11:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Port-channel17, changed state to down
>
> Here is the config I am applying to the port that has caused this issue to
> happen twice now:
>
> set interfaces ge-0/0/67 description "Firewall Port"
> set interfaces ge-0/0/67 unit 0 family ethernet-switching interface-mode
> trunk set interfaces ge-0/0/67 unit 0 family ethernet-switching vlan
> members 9-10 set interfaces ge-0/0/67 unit 0 family ethernet-switching vlan
> members 29 set interfaces ge-0/0/67 unit 0 family ethernet-switching vlan
> members 31-32 set interfaces ge-0/0/67 unit 0 family ethernet-switching
> vlan members 43 set interfaces ge-0/0/67 unit 0 family ethernet-switching
> vlan members 50-51 set interfaces ge-0/0/67 unit 0 family
> ethernet-switching vlan members 56 set interfaces ge-0/0/67 unit 0 family
> ethernet-switching vlan members 58 set interfaces ge-0/0/67 unit 0 family
> ethernet-switching vlan members 66 set interfaces ge-0/0/67 unit 0 family
> ethernet-switching vlan members 68 set interfaces ge-0/0/67 unit 0 family
> ethernet-switching vlan members 90 set interfaces ge-0/0/67 unit 0 family
> ethernet-switching vlan members 143 set interfaces ge-0/0/67 unit 0 family
> ethernet-switching vlan members 170
>
> The issue happens within a couple of minutes of committing the config on
> the Juniper side, there are no cables plugged into port 0/0/67 so
> technically there shouldn't be any BPDU's sent out since there isn't a port
> change.
>
> Juniper Support wants me to turn on trace option and then run though a
> bunch of scenarios, the issue is that testing this takes down my network.
>
> Just wanted to put it out there to see if anyone else had run into a
> situation similar to this.
>
> TIA
>
> Joe
>