Re: %SPANTREE-7-BLOCK_PORT_TYPE:

Do you have on NetScreen port VLAN 660, and locally on Cat4K you don't have
that Vlan defined?

Check your Gi2/2 status with sh int gi2/2 switchport

regards,
H.


"tony" <none@xxxxxxxx> wrote in message
news:eskih4$h88$1@xxxxxxxxxxxxxxxxxxxx
I tried to configure this port as a trunk too here are the errors


000155: Mar 6 12:17:30 UTC: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with
inconsistent peer vlan id 660 on GigabitEthernet2/2 VLAN1.
000156: Mar 6 12:17:30 UTC: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking
GigabitEthernet2/2 on VLAN0001. Inconsistent local vlan.
000157: Mar 6 12:18:22 UTC: %SYS-5-CONFIG_I: Configured from console by
suseadmin on vty0
000158: Mar 6 12:18:24 UTC: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU
with bad TLV on GigabitEthernet2/2 VLAN1.


There is nt much on the netscreen side i can configure as far as vlans and
trunks. By default that interfasce is already on vlan1


"Havoc 25" <havoc25@xxxxxxxxx> wrote in message
news:eskd5s$ejp$1@xxxxxxxxxxxxxxxxx
Hello,

There's a problem in a spanning-tree between your fw and Cat4k.

I don't know if NetScreen firewall supports VLANs on its ports, and if
yes - you should also
configure Trunk on your Gi2/2 port - because your NetScreen is
obviouslyre this port sending BPDU messages
which are part of STP protocol.
Check your status on Gi2/2, you may have some bpdu filtering or bpdu
guard actived there, because
you configured your port with macro configuration - and it automatically
adds those security features.

regards,
h.

"tony" <none@xxxxxxxx> wrote in message
news:esk9fc$8sk$1@xxxxxxxxxxxxxxxxxxxx
We have a core 4506 switch with 2 WS-X4306-GB and a supervisor II+. All
distribution switches connect via fiber to the GBIC slots. On one GBIC
slot, the fiber goes to a netscreen firewall. the firewall has a GBIC
module as well. They are all SX modules. When I connect the fiber to the
firewall, I gte this error in sh logging on the 4506:


%SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk
GigabitEthernet2/2 VLAN1.
000133: Mar 5 13:27:55 UTC: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking
GigabitEthernet2/2 on VLAN0001. Inconsistent port type.


I am only using VLAN1 but have configured all GBIC ports as trunk ports
as I will be creating more vlans in the future.

\Any idea how I should configure this particular port to work with the
firewall?

On all other uplink ports I have the cisco switch macro applied except
this port


Thanks







.

Relevant Pages

  • Re: ERS 8600, simple setup, IP, VLANs, etc.
    ... management port is just used to hang an IP address to. ... associated with an interface, such as a VLAN. ... fairly functionally homogenous network), but something that is ... or OS virtuallization - except that networks have been doing this kind of ...
    (comp.dcom.sys.nortel)
  • Re: [OT] VLAN Design & Routing
    ... weil nur die Verwaltung über einen Internetzugang verfügt. ... > Da brauchst Du kein VLAN. ... Die Firewall wird an einem ... Port am Switch angeschlossen -> Nur an welchem? ...
    (microsoft.public.de.german.windows.server.networking)
  • RE: IPS and Trunking
    ... 3Com/TippingPoint Intrusion Prevention Systems ... Supported VLAN ... I don't know what vendors support this capability, but it is certainly supported by Cisco sensors. ... You can plug an interface on a Cisco IPS sensor into a trunk port, and the sensor can treat each VLAN on the trunk separately. ...
    (Focus-IDS)
  • Re: Any Nortel Edge Switches With Private VLAN Features?
    ... with one port used to uplink to a router or firewall port, ... firewall, and the number of hosts are trivially small, I have no concerns ... about density or about passing VLAN information across multiple switches. ... Create 1 VLAN for the firewall, and 1 for each client. ...
    (comp.dcom.sys.nortel)
  • Re: Tagged and Untagged ports
    ... trunk that carries multiple VLANs 3,4,5,6 and is connected to another ... access port whose default VLAN is 3. ... and default vlan untagged on the other. ... switchport access vlan 101 ...
    (comp.dcom.sys.cisco)