Meraki

mudvayn15 · ‎Aug 21 2022

Hi All,

Just need to get some advice regarding this issue, after the Meraki stacks were installed.
The Palo alto started getting flow_rcv_dot1q_tag_err from the same VLAN and Client.

I checked the dashboard and it shows the following

Stack Member 2 Port 48

IP: 10.5.4.2

MAC: 02:02:0a:05:04:02

VLAN: 404

Stack Member 5 Port 47

IP: 10.5.4.2

MAC: 02:01:0a:05:04:02

VLAN: 404

The customer says that they never encountered packet drops in the firewall before using old switch stacks (not meraki).

Brash · ‎Aug 21 2022

Possibly spanning tree related?

What can Cause flow_rcv_dot1q_tag_err errors? - Knowledge Base - Palo Alto Networks

What is the old switchport config in comparison to the Meraki switchport config?

mudvayn15 · ‎Aug 21 2022

The configuration is as follows for both ports.

interface GE0/x
description 32-063
switchport access vlan 464
switchport mode access
switchport voice vlan 600
spanning-tree portfast

Previously the load-balancer VLAN is using 464, on the new meraki, it is now using 404

mudvayn15 · ‎Aug 21 2022

This is the config in Meraki

Stack 2 Port 48

Stack 5 Port 47

RaphaelL · ‎Aug 21 2022

This was really the port configured towards the PA ? Odd seeing a voice vlan configured.

mudvayn15 · ‎Aug 21 2022

Hi, the uplink to PA is this port.

mudvayn15 · ‎Aug 23 2022

Hi All,

Will this cause the issue?

Stack Member 2 Port 48

IP: 10.5.4.2

MAC: 02:02:0a:05:04:02

VLAN: 404

Stack Member 5 Port 47

IP: 10.5.4.2

MAC: 02:01:0a:05:04:02

VLAN: 404

The same IP address with a different mac address, from what I know it will cause a loop but I don't see any logs showing up in Meraki.

Only the Palo Alto Firewall is getting 802.1q packet drops.

Meraki

Community

Dot1q packet drops in Palo Alto Firewall

Dot1q packet drops in Palo Alto Firewall