We have a core 4506 switch with 2 WS-X4306-GB and a supervisor II+. All
distribution switches connect via fiber to the GBIC slots. On one GBIC slot,
the fiber goes to a netscreen firewall. the firewall has a GBIC module as
well. They are all SX modules. When I connect the fiber to the firewall, I
gte this error in sh logging on the 4506:
%SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk
GigabitEthernet2/2 VLAN1.
000133: Mar 5 13:27:55 UTC: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking
GigabitEthernet2/2 on VLAN0001. Inconsistent port type.
I am only using VLAN1 but have configured all GBIC ports as trunk ports as I
will be creating more vlans in the future.
\Any idea how I should configure this particular port to work with the
firewall?
On all other uplink ports I have the cisco switch macro applied except this
port
Thanks
|
|
0
|
|
|
|
Reply
|
 tony
|
3/6/2007 5:47:24 PM |
|
Hello,
There's a problem in a spanning-tree between your fw and Cat4k.
I don't know if NetScreen firewall supports VLANs on its ports, and if yes -
you should also
configure Trunk on your Gi2/2 port - because your NetScreen is obviously
sending BPDU messages
which are part of STP protocol.
Check your status on Gi2/2, you may have some bpdu filtering or bpdu guard
actived there, because
you configured your port with macro configuration - and it automatically
adds those security features.
regards,
h.
"tony" <none@none.com> wrote in message
news:esk9fc$8sk$1@news.Stanford.EDU...
> We have a core 4506 switch with 2 WS-X4306-GB and a supervisor II+. All
> distribution switches connect via fiber to the GBIC slots. On one GBIC
> slot, the fiber goes to a netscreen firewall. the firewall has a GBIC
> module as well. They are all SX modules. When I connect the fiber to the
> firewall, I gte this error in sh logging on the 4506:
>
>
> %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk
> GigabitEthernet2/2 VLAN1.
> 000133: Mar 5 13:27:55 UTC: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking
> GigabitEthernet2/2 on VLAN0001. Inconsistent port type.
>
>
> I am only using VLAN1 but have configured all GBIC ports as trunk ports as
> I will be creating more vlans in the future.
>
> \Any idea how I should configure this particular port to work with the
> firewall?
>
> On all other uplink ports I have the cisco switch macro applied except
> this port
>
>
> Thanks
>
|
|
|
0
|
|
|
|
Reply
|
Havoc
|
3/6/2007 6:50:58 PM
|
|
I tried to configure this port as a trunk too here are the errors
000155: Mar 6 12:17:30 UTC: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with
inconsistent peer vlan id 660 on GigabitEthernet2/2 VLAN1.
000156: Mar 6 12:17:30 UTC: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking
GigabitEthernet2/2 on VLAN0001. Inconsistent local vlan.
000157: Mar 6 12:18:22 UTC: %SYS-5-CONFIG_I: Configured from console by
suseadmin on vty0
000158: Mar 6 12:18:24 UTC: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU
with bad TLV on GigabitEthernet2/2 VLAN1.
There is nt much on the netscreen side i can configure as far as vlans and
trunks. By default that interfasce is already on vlan1
"Havoc 25" <havoc25@gmail.com> wrote in message
news:eskd5s$ejp$1@ss408.t-com.hr...
> Hello,
>
> There's a problem in a spanning-tree between your fw and Cat4k.
>
> I don't know if NetScreen firewall supports VLANs on its ports, and if
> yes - you should also
> configure Trunk on your Gi2/2 port - because your NetScreen is obviouslyre
> this port sending BPDU messages
> which are part of STP protocol.
> Check your status on Gi2/2, you may have some bpdu filtering or bpdu guard
> actived there, because
> you configured your port with macro configuration - and it automatically
> adds those security features.
>
> regards,
> h.
>
> "tony" <none@none.com> wrote in message
> news:esk9fc$8sk$1@news.Stanford.EDU...
>> We have a core 4506 switch with 2 WS-X4306-GB and a supervisor II+. All
>> distribution switches connect via fiber to the GBIC slots. On one GBIC
>> slot, the fiber goes to a netscreen firewall. the firewall has a GBIC
>> module as well. They are all SX modules. When I connect the fiber to the
>> firewall, I gte this error in sh logging on the 4506:
>>
>>
>> %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk
>> GigabitEthernet2/2 VLAN1.
>> 000133: Mar 5 13:27:55 UTC: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking
>> GigabitEthernet2/2 on VLAN0001. Inconsistent port type.
>>
>>
>> I am only using VLAN1 but have configured all GBIC ports as trunk ports
>> as I will be creating more vlans in the future.
>>
>> \Any idea how I should configure this particular port to work with the
>> firewall?
>>
>> On all other uplink ports I have the cisco switch macro applied except
>> this port
>>
>>
>> Thanks
>>
>
>
|
|
|
0
|
|
|
|
Reply
|
tony
|
3/6/2007 8:21:55 PM
|
|
Do you have on NetScreen port VLAN 660, and locally on Cat4K you don't have
that Vlan defined?
Check your Gi2/2 status with sh int gi2/2 switchport
regards,
H.
"tony" <none@none.com> wrote in message
news:eskih4$h88$1@news.Stanford.EDU...
>I tried to configure this port as a trunk too here are the errors
>
>
> 000155: Mar 6 12:17:30 UTC: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with
> inconsistent peer vlan id 660 on GigabitEthernet2/2 VLAN1.
> 000156: Mar 6 12:17:30 UTC: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking
> GigabitEthernet2/2 on VLAN0001. Inconsistent local vlan.
> 000157: Mar 6 12:18:22 UTC: %SYS-5-CONFIG_I: Configured from console by
> suseadmin on vty0
> 000158: Mar 6 12:18:24 UTC: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU
> with bad TLV on GigabitEthernet2/2 VLAN1.
>
>
> There is nt much on the netscreen side i can configure as far as vlans and
> trunks. By default that interfasce is already on vlan1
>
>
> "Havoc 25" <havoc25@gmail.com> wrote in message
> news:eskd5s$ejp$1@ss408.t-com.hr...
>> Hello,
>>
>> There's a problem in a spanning-tree between your fw and Cat4k.
>>
>> I don't know if NetScreen firewall supports VLANs on its ports, and if
>> yes - you should also
>> configure Trunk on your Gi2/2 port - because your NetScreen is
>> obviouslyre this port sending BPDU messages
>> which are part of STP protocol.
>> Check your status on Gi2/2, you may have some bpdu filtering or bpdu
>> guard actived there, because
>> you configured your port with macro configuration - and it automatically
>> adds those security features.
>>
>> regards,
>> h.
>>
>> "tony" <none@none.com> wrote in message
>> news:esk9fc$8sk$1@news.Stanford.EDU...
>>> We have a core 4506 switch with 2 WS-X4306-GB and a supervisor II+. All
>>> distribution switches connect via fiber to the GBIC slots. On one GBIC
>>> slot, the fiber goes to a netscreen firewall. the firewall has a GBIC
>>> module as well. They are all SX modules. When I connect the fiber to the
>>> firewall, I gte this error in sh logging on the 4506:
>>>
>>>
>>> %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk
>>> GigabitEthernet2/2 VLAN1.
>>> 000133: Mar 5 13:27:55 UTC: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking
>>> GigabitEthernet2/2 on VLAN0001. Inconsistent port type.
>>>
>>>
>>> I am only using VLAN1 but have configured all GBIC ports as trunk ports
>>> as I will be creating more vlans in the future.
>>>
>>> \Any idea how I should configure this particular port to work with the
>>> firewall?
>>>
>>> On all other uplink ports I have the cisco switch macro applied except
>>> this port
>>>
>>>
>>> Thanks
>>>
>>
>>
>
>
|
|
|
0
|
|
|
|
Reply
|
Havoc
|
3/7/2007 7:15:20 AM
|
|
There is no vlan 660 anywhere. I get this error when set this port as your
recommended as a trunk port.
"Havoc 25" <havoc25@gmail.com> wrote in message
news:eslopi$cns$1@ss408.t-com.hr...
> Do you have on NetScreen port VLAN 660, and locally on Cat4K you don't
> have that Vlan defined?
>
> Check your Gi2/2 status with sh int gi2/2 switchport
>
> regards,
> H.
>
>
> "tony" <none@none.com> wrote in message
> news:eskih4$h88$1@news.Stanford.EDU...
>>I tried to configure this port as a trunk too here are the errors
>>
>>
>> 000155: Mar 6 12:17:30 UTC: %SPANTREE-2-RECV_PVID_ERR: Received BPDU
>> with inconsistent peer vlan id 660 on GigabitEthernet2/2 VLAN1.
>> 000156: Mar 6 12:17:30 UTC: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking
>> GigabitEthernet2/2 on VLAN0001. Inconsistent local vlan.
>> 000157: Mar 6 12:18:22 UTC: %SYS-5-CONFIG_I: Configured from console by
>> suseadmin on vty0
>> 000158: Mar 6 12:18:24 UTC: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU
>> with bad TLV on GigabitEthernet2/2 VLAN1.
>>
>>
>> There is nt much on the netscreen side i can configure as far as vlans
>> and trunks. By default that interfasce is already on vlan1
>>
>>
>> "Havoc 25" <havoc25@gmail.com> wrote in message
>> news:eskd5s$ejp$1@ss408.t-com.hr...
>>> Hello,
>>>
>>> There's a problem in a spanning-tree between your fw and Cat4k.
>>>
>>> I don't know if NetScreen firewall supports VLANs on its ports, and if
>>> yes - you should also
>>> configure Trunk on your Gi2/2 port - because your NetScreen is
>>> obviouslyre this port sending BPDU messages
>>> which are part of STP protocol.
>>> Check your status on Gi2/2, you may have some bpdu filtering or bpdu
>>> guard actived there, because
>>> you configured your port with macro configuration - and it automatically
>>> adds those security features.
>>>
>>> regards,
>>> h.
>>>
>>> "tony" <none@none.com> wrote in message
>>> news:esk9fc$8sk$1@news.Stanford.EDU...
>>>> We have a core 4506 switch with 2 WS-X4306-GB and a supervisor II+. All
>>>> distribution switches connect via fiber to the GBIC slots. On one GBIC
>>>> slot, the fiber goes to a netscreen firewall. the firewall has a GBIC
>>>> module as well. They are all SX modules. When I connect the fiber to
>>>> the firewall, I gte this error in sh logging on the 4506:
>>>>
>>>>
>>>> %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk
>>>> GigabitEthernet2/2 VLAN1.
>>>> 000133: Mar 5 13:27:55 UTC: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking
>>>> GigabitEthernet2/2 on VLAN0001. Inconsistent port type.
>>>>
>>>>
>>>> I am only using VLAN1 but have configured all GBIC ports as trunk ports
>>>> as I will be creating more vlans in the future.
>>>>
>>>> \Any idea how I should configure this particular port to work with the
>>>> firewall?
>>>>
>>>> On all other uplink ports I have the cisco switch macro applied except
>>>> this port
>>>>
>>>>
>>>> Thanks
>>>>
>>>
>>>
>>
>>
>
>
|
|
|
0
|
|
|
|
Reply
|
tony
|
3/8/2007 5:24:40 PM
|
|
The vlan660 is actually from the other side of the firewall to the gateway
or router device I dont have access to. The reason I am seeing it I guess is
because the firewall is configured in transparent mode. I also set both
interfaces on my firewall to trunk interfaces and no luck.
"tony" <none@none.com> wrote in message
news:espgsq$8f0$1@news.Stanford.EDU...
> There is no vlan 660 anywhere. I get this error when set this port as your
> recommended as a trunk port.
> "Havoc 25" <havoc25@gmail.com> wrote in message
> news:eslopi$cns$1@ss408.t-com.hr...
>> Do you have on NetScreen port VLAN 660, and locally on Cat4K you don't
>> have that Vlan defined?
>>
>> Check your Gi2/2 status with sh int gi2/2 switchport
>>
>> regards,
>> H.
>>
>>
>> "tony" <none@none.com> wrote in message
>> news:eskih4$h88$1@news.Stanford.EDU...
>>>I tried to configure this port as a trunk too here are the errors
>>>
>>>
>>> 000155: Mar 6 12:17:30 UTC: %SPANTREE-2-RECV_PVID_ERR: Received BPDU
>>> with inconsistent peer vlan id 660 on GigabitEthernet2/2 VLAN1.
>>> 000156: Mar 6 12:17:30 UTC: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking
>>> GigabitEthernet2/2 on VLAN0001. Inconsistent local vlan.
>>> 000157: Mar 6 12:18:22 UTC: %SYS-5-CONFIG_I: Configured from console by
>>> suseadmin on vty0
>>> 000158: Mar 6 12:18:24 UTC: %SPANTREE-2-RECV_BAD_TLV: Received SSTP
>>> BPDU with bad TLV on GigabitEthernet2/2 VLAN1.
>>>
>>>
>>> There is nt much on the netscreen side i can configure as far as vlans
>>> and trunks. By default that interfasce is already on vlan1
>>>
>>>
>>> "Havoc 25" <havoc25@gmail.com> wrote in message
>>> news:eskd5s$ejp$1@ss408.t-com.hr...
>>>> Hello,
>>>>
>>>> There's a problem in a spanning-tree between your fw and Cat4k.
>>>>
>>>> I don't know if NetScreen firewall supports VLANs on its ports, and if
>>>> yes - you should also
>>>> configure Trunk on your Gi2/2 port - because your NetScreen is
>>>> obviouslyre this port sending BPDU messages
>>>> which are part of STP protocol.
>>>> Check your status on Gi2/2, you may have some bpdu filtering or bpdu
>>>> guard actived there, because
>>>> you configured your port with macro configuration - and it
>>>> automatically adds those security features.
>>>>
>>>> regards,
>>>> h.
>>>>
>>>> "tony" <none@none.com> wrote in message
>>>> news:esk9fc$8sk$1@news.Stanford.EDU...
>>>>> We have a core 4506 switch with 2 WS-X4306-GB and a supervisor II+.
>>>>> All distribution switches connect via fiber to the GBIC slots. On one
>>>>> GBIC slot, the fiber goes to a netscreen firewall. the firewall has a
>>>>> GBIC module as well. They are all SX modules. When I connect the fiber
>>>>> to the firewall, I gte this error in sh logging on the 4506:
>>>>>
>>>>>
>>>>> %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk
>>>>> GigabitEthernet2/2 VLAN1.
>>>>> 000133: Mar 5 13:27:55 UTC: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking
>>>>> GigabitEthernet2/2 on VLAN0001. Inconsistent port type.
>>>>>
>>>>>
>>>>> I am only using VLAN1 but have configured all GBIC ports as trunk
>>>>> ports as I will be creating more vlans in the future.
>>>>>
>>>>> \Any idea how I should configure this particular port to work with the
>>>>> firewall?
>>>>>
>>>>> On all other uplink ports I have the cisco switch macro applied except
>>>>> this port
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
|
|
|
0
|
|
|
|
Reply
|
tony
|
3/9/2007 8:11:56 PM
|
|
Ok after I applied a spanning tree bpdufilter on the port, its working now.
"tony" <none@none.com> wrote in message
news:essf2u$7uu$1@news.Stanford.EDU...
> The vlan660 is actually from the other side of the firewall to the gateway
> or router device I dont have access to. The reason I am seeing it I guess
> is because the firewall is configured in transparent mode. I also set both
> interfaces on my firewall to trunk interfaces and no luck.
>
>
> "tony" <none@none.com> wrote in message
> news:espgsq$8f0$1@news.Stanford.EDU...
>> There is no vlan 660 anywhere. I get this error when set this port as
>> your recommended as a trunk port.
>> "Havoc 25" <havoc25@gmail.com> wrote in message
>> news:eslopi$cns$1@ss408.t-com.hr...
>>> Do you have on NetScreen port VLAN 660, and locally on Cat4K you don't
>>> have that Vlan defined?
>>>
>>> Check your Gi2/2 status with sh int gi2/2 switchport
>>>
>>> regards,
>>> H.
>>>
>>>
>>> "tony" <none@none.com> wrote in message
>>> news:eskih4$h88$1@news.Stanford.EDU...
>>>>I tried to configure this port as a trunk too here are the errors
>>>>
>>>>
>>>> 000155: Mar 6 12:17:30 UTC: %SPANTREE-2-RECV_PVID_ERR: Received BPDU
>>>> with inconsistent peer vlan id 660 on GigabitEthernet2/2 VLAN1.
>>>> 000156: Mar 6 12:17:30 UTC: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking
>>>> GigabitEthernet2/2 on VLAN0001. Inconsistent local vlan.
>>>> 000157: Mar 6 12:18:22 UTC: %SYS-5-CONFIG_I: Configured from console
>>>> by suseadmin on vty0
>>>> 000158: Mar 6 12:18:24 UTC: %SPANTREE-2-RECV_BAD_TLV: Received SSTP
>>>> BPDU with bad TLV on GigabitEthernet2/2 VLAN1.
>>>>
>>>>
>>>> There is nt much on the netscreen side i can configure as far as vlans
>>>> and trunks. By default that interfasce is already on vlan1
>>>>
>>>>
>>>> "Havoc 25" <havoc25@gmail.com> wrote in message
>>>> news:eskd5s$ejp$1@ss408.t-com.hr...
>>>>> Hello,
>>>>>
>>>>> There's a problem in a spanning-tree between your fw and Cat4k.
>>>>>
>>>>> I don't know if NetScreen firewall supports VLANs on its ports, and if
>>>>> yes - you should also
>>>>> configure Trunk on your Gi2/2 port - because your NetScreen is
>>>>> obviouslyre this port sending BPDU messages
>>>>> which are part of STP protocol.
>>>>> Check your status on Gi2/2, you may have some bpdu filtering or bpdu
>>>>> guard actived there, because
>>>>> you configured your port with macro configuration - and it
>>>>> automatically adds those security features.
>>>>>
>>>>> regards,
>>>>> h.
>>>>>
>>>>> "tony" <none@none.com> wrote in message
>>>>> news:esk9fc$8sk$1@news.Stanford.EDU...
>>>>>> We have a core 4506 switch with 2 WS-X4306-GB and a supervisor II+.
>>>>>> All distribution switches connect via fiber to the GBIC slots. On one
>>>>>> GBIC slot, the fiber goes to a netscreen firewall. the firewall has a
>>>>>> GBIC module as well. They are all SX modules. When I connect the
>>>>>> fiber to the firewall, I gte this error in sh logging on the 4506:
>>>>>>
>>>>>>
>>>>>> %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk
>>>>>> GigabitEthernet2/2 VLAN1.
>>>>>> 000133: Mar 5 13:27:55 UTC: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking
>>>>>> GigabitEthernet2/2 on VLAN0001. Inconsistent port type.
>>>>>>
>>>>>>
>>>>>> I am only using VLAN1 but have configured all GBIC ports as trunk
>>>>>> ports as I will be creating more vlans in the future.
>>>>>>
>>>>>> \Any idea how I should configure this particular port to work with
>>>>>> the firewall?
>>>>>>
>>>>>> On all other uplink ports I have the cisco switch macro applied
>>>>>> except this port
>>>>>>
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
|
|
|
0
|
|
|
|
Reply
|
tony
|
3/12/2007 5:17:13 PM
|
|
|
6 Replies
307 Views
(page loaded in 0.075 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
24755 articles. 
23 followers. 