%SPANTREE-7-BLOCK_PORT_TYPE:

Hello,

There's a problem in a spanning-tree between your fw and Cat4k.

I don't know if NetScreen firewall supports VLANs on its ports, and if yes - you should also configure Trunk on your Gi2/2 port - because your NetScreen is obviously sending BPDU messages which are part of STP protocol. Check your status on Gi2/2, you may have some bpdu filtering or bpdu guard actived there, because you configured your port with macro configuration - and it automatically adds those security features.

regards, h.

I tried to configure this port as a trunk too here are the errors

000155: Mar 6 12:17:30 UTC: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 660 on GigabitEthernet2/2 VLAN1. 000156: Mar 6 12:17:30 UTC: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet2/2 on VLAN0001. Inconsistent local vlan. 000157: Mar 6 12:18:22 UTC: %SYS-5-CONFIG_I: Configured from console by suseadmin on vty0 000158: Mar 6 12:18:24 UTC: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on GigabitEthernet2/2 VLAN1.

There is nt much on the netscreen side i can configure as far as vlans and trunks. By default that interfasce is already on vlan1

Do you have on NetScreen port VLAN 660, and locally on Cat4K you don't have that Vlan defined?

Check your Gi2/2 status with sh int gi2/2 switchport

regards, H.

The vlan660 is actually from the other side of the firewall to the gateway or router device I dont have access to. The reason I am seeing it I guess is because the firewall is configured in transparent mode. I also set both interfaces on my firewall to trunk interfaces and no luck.