Supported Platforms
Related Documentation
Example: Setting Up Bridging with Multiple VLANs
The QFX Series products use bridging and virtual LANs (VLANs) to connect network devices in a LAN—storage devices, file servers, and other network components—and to segment the LAN into smaller bridging domains.
To segment traffic on a LAN into separate broadcast domains, you create separate virtual LANs (VLANs) on a switch. Each VLAN is a collection of network nodes. When you use VLANs, frames whose origin and destination are in the same VLAN are forwarded only within the local VLAN, and only frames not destined for the local VLAN are forwarded to other broadcast domains. VLANs thus limit the amount of traffic flowing across the entire LAN, reducing the possible number of collisions and packet retransmissions within the LAN.
This example describes how to configure bridging for the QFX Series and how to create two VLANs to segment the LAN:
Requirements
This example uses the following hardware and software components:
- A configured and provisioned QFX3500 switch
- Junos OS Release 11.1 or later for the QFX Series
Overview and Topology
Switches connect all devices in an office or data center into a single LAN to provide sharing of common resources such as file servers. The default configuration creates a single VLAN, and all traffic on the switch is part of that broadcast domain. Creating separate network segments reduces the span of the broadcast domain and enables you to group related users and network resources without being limited by physical cabling or by the location of a network device in the building or on the LAN.
This example shows a simple configuration to illustrate the basic steps for creating two VLANs on a single switch. One VLAN, called sales, is for the sales and marketing group, and a second, called support, is for the customer support team. The sales and support groups each have their own dedicated file servers and other resources. For the switch ports to be segmented across the two VLANs, each VLAN must have its own broadcast domain, identified by a unique name and tag (VLAN ID). In addition, each VLAN must be on its own distinct IP subnet.
The topology used in this example consists of a single QFX3500 switch, with a total of 48 10-Gbps Ethernet ports. (For the purposes of this example, the QSFP+ ports Q0-Q3, which are ports xe-0/1/0 through xe-0/1/15, are excluded.)
Table 1: Components of the Multiple VLAN Topology
Property | Settings |
|---|---|
Switch hardware | QFX3500 switch configured with 48 10-Gbps Ethernet ports (xe-0/0/0 through xe-0/0/47) |
VLAN names and tag IDs | sales,
tag 100 |
VLAN subnets | sales: 192.0.2.0/25 (addresses 192.0.2.1 through 192.0.2.126) |
Interfaces in VLAN sales | File servers: xe-0/0/20 and xe-0/0/21 |
Interfaces in VLAN support | File servers: xe-0/0/46 and xe-0/0/47 |
Unused interfaces | xe-0/0/2 and xe-0/0/25 |
This configuration example creates two IP subnets, one for the sales VLAN and the second for the support VLAN. The switch bridges traffic within a VLAN. For traffic passing between two VLANs, the switch routes the traffic using a Layer 3 routing interface on which you have configured the address of the IP subnet.
To keep the example simple, the configuration steps show only a few devices in each of the VLANs. Use the same configuration procedure to add more LAN devices.
Configuration
CLI Quick Configuration
To quickly configure Layer 2 switching for the two VLANs (sales and support) and to quickly configure Layer 3 routing of traffic between the two VLANs, copy the following commands and paste them into the switch terminal window:
[edit] set interfaces xe-0/0/0
unit 0 family ethernet-switching vlan members sales
set interfaces xe-0/0/3
unit 0 family ethernet-switching vlan members sales
set interfaces xe-0/0/22
unit 0 family ethernet-switching vlan members sales
set interfaces xe-0/0/20
unit 0 description “Sales file server port” set interfaces xe-0/0/20
unit 0 family ethernet-switching vlan members sales
set interfaces xe-0/0/24
unit 0 family ethernet-switching vlan members support set interfaces xe-0/0/26
unit 0 family ethernet-switching vlan members support set interfaces xe-0/0/44
unit 0 family ethernet-switching vlan members support set interfaces xe-0/0/46
unit 0 description “Support file server port” set interfaces xe-0/0/46
unit 0 family ethernet-switching vlan members support set interfaces vlan
unit 0 family inet address 192.0.2.0/25
set interfaces vlan
unit 1 family inet address 192.0.2.128/25
set vlans sales l3–interface
vlan.0 set vlans sales vlan-id
100 set vlans support vlan-id
200 set vlans support l3-interface
vlan.1 Step-by-Step Procedure
Configure the switch interfaces and the VLANs to which they belong. By default, all interfaces are in access mode, so you do not have to configure the port mode.
- Configure the interface for the file server in the sales VLAN:
[edit interfaces xe-0/0/20 unit 0]
user@switch# set description “Sales file server port”
user@switch# set family ethernet-switching vlan members sales - Configure the interface for the file server in the support VLAN:
[edit interfaces xe-0/0/46 unit 0]
user@switch# set description “Support file server port”
user@switch# set family ethernet-switching vlan members support - Create the subnet for the sales broadcast domain:
[edit interfaces]
user@switch# set vlan unit 0 family inet address 192.0.2.1/25 - Create the subnet for the support broadcast domain:
[edit interfaces]
user@switch# set vlan unit 1 family inet address 192.0.2.129/25 - Configure the VLAN tag IDs for the sales and support VLANs:
[edit vlans]
user@switch# set sales vlan-id 100
user@switch# set support vlan-id 200 - To route traffic between the sales and support VLANs, define the interfaces that are members of each VLAN and associate
a Layer 3 interface:
[edit vlans]
user@switch# set sales l3-interface vlan.0
user@switch# set support l3-interface vlan.1
Display the results of the configuration:
 | Tip: To quickly configure the sales and support VLAN interfaces, issue the load merge terminal command. Then copy the hierarchy and paste it into the switch terminal window. |
Verification
Verify that the sales and support VLANs have been created and are operating properly, perform these tasks:
- Verifying That the VLANs Have Been Created and Associated with the Correct Interfaces
- Verifying That Traffic Is Being Routed Between the Two VLANs
- Verifying That Traffic Is Being Switched Between the Two VLANs
Verifying That the VLANs Have Been Created and Associated with the Correct Interfaces
Purpose
Verify that the sales and support VLANs have been created on the switch and that all connected interfaces on the switch are members of the correct VLAN.
Action
To list all VLANs configured on the switch, use the show vlans command:
user@switch> show vlansName Tag Interfaces
default
xe-0/0/1.0, xe-0/0/2.0, xe-0/0/4.0, xe-0/0/5.0,
xe-0/0/6.0, xe-0/0/7.0, xe-0/0/8.0, xe-0/0/9.0,
xe-0/0/10.0*, xe-0/0/11.0, xe-0/0/12.0, xe-0/0/13.0*,
xe-0/0/14.0, xe-0/0/15.0, xe-0/0/16.0, xe-0/0/17.0,
xe-0/0/18.0, xe-0/0/19.0, xe-0/0/21.0, xe-0/0/23.0*,
xe-0/0/25.0, xe-0/0/27.0, xe-0/0/28.0, xe-0/0/29.0,
xe-0/0/30.0, xe-0/0/31.0, xe-0/0/32.0, xe-0/0/33.0,
xe-0/0/34.0, xe-0/0/35.0, xe-0/0/36.0, xe-0/0/37.0,
xe-0/0/38.0, xe-0/0/39.0, xe-0/0/40.0, xe-0/0/41.0,
xe-0/0/42.0, xe-0/0/43.0, xe-0/0/45.0, xe-0/0/47.0,
xe-0/1/0.0*, xe-0/1/1.0*, xe-0/1/2.0*, xe-0/1/3.0*
sales 100
xe-0/0/0.0*, xe-0/0/3.0, xe-0/0/20.0, xe-0/0/22.0
support 200
xe-0/0/0.24, xe-0/0/26.0, xe-0/0/44.0, xe-0/0/46.0*
mgmt
me0.0*
Meaning
The show vlans command lists all VLANs configured on the switch and which interfaces are members of each VLAN. This command output shows that the sales and support VLANs have been created. The sales VLAN has a tag ID of 100 and is associated with interfaces xe-0/0/0.0, xe-0/0/3.0, xe-0/0/20.0, and xe-0/0/22.0. VLAN support has a tag ID of 200 and is associated with interfaces xe-0/0/24.0, xe-0/0/26.0, xe-0/0/44.0, and xe-0/0/46.0.
Verifying That Traffic Is Being Routed Between the Two VLANs
Purpose
Verify routing between the two VLANs.
Action
List the Layer 3 routes in the switch Address Resolution Protocol (ARP) table:
user@switch> show arp
MAC Address Address Name Flags 00:00:0c:06:2c:0d 192.0.2.3 vlan.0 None 00:13:e2:50:62:e0 192.0.2.11 vlan.1 None
Meaning
Sending IP packets on a multiaccess network requires mapping from an IP address to a MAC address (the physical or hardware address). The ARP table displays the mapping between the IP address and MAC address for both vlan.0 (associated with sales) and vlan.1 (associated with support). These VLANs can route traffic to each other.
Verifying That Traffic Is Being Switched Between the Two VLANs
Purpose
Verify that learned entries are being added to the Ethernet switching table.
Action
List the contents of the Ethernet switching table:
user@switch> show ethernet-switching table Ethernet-switching table: 8 entries, 5 learned VLAN MAC address Type Age Interfaces default * Flood - All-members default 00:00:05:00:00:01 Learn - xe-0/0/10.0 default 00:00:5e:00:01:09 Learn - xe-0/0/13.0 default 00:19:e2:50:63:e0 Learn - xe-0/0/23.0 sales * Flood - All-members sales 00:00:5e:00:07:09 Learn - xe-0/0/0.0 support * Flood – All–members support 00:00:5e:00:01:01 Learn – xe-0/0/46.0
Meaning
The output shows that learned entries for the sales and support VLANs have been added to the Ethernet switching table, and are associated with interfaces xe-0/0/0.0 and xe-0/0/46.0. Even though the VLANs were associated with more than one interface in the configuration, these interfaces are the only ones that are currently operating.
