Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Configuring Routing Between VLANs on One Switch

Requirements

• One switch
• Junos OS Release 11.1 or later

Overview and Topology

This example uses an IRB to route traffic between two VLANs on the same switch. The topology is shown in Figure 1.

Figure 1: IRB with One Switch

This example shows a simple configuration to illustrate the basic steps for creating two VLANs on a single switch and configuring an IRB to enable routing between the VLANs. One VLAN, called blue, is for the sales and marketing group, and a second, called red, is for the customer support team. The sales and support groups each have their own file servers and wireless access points. Each VLAN must have a unique name, tag (VLAN ID), and distinct IP subnet. Table 1 lists the components of the sample topology.

This configuration example creates two IP subnets, one for the blue VLAN and the second for the red VLAN. The switch bridges traffic within the VLANs. For traffic passing between two VLANs, the switch routes the traffic using an IRB on which you have configured addresses in each IP subnet.

To keep the example simple, the configuration steps show only a few interfaces and VLANs. Use the same configuration procedure to add more interfaces and VLANs. By default, all interfaces are in access mode, so you do not have to configure the port mode.

Configure Layer 2 switching for two VLANs

CLI Quick Configuration

To quickly configure Layer 2 switching for the two VLANs (blue and red) and to quickly configure Layer 3 routing of traffic between the two VLANs, copy the following commands and paste them into the switch terminal window:

Note: The following example uses a version of Junos OS that supports Enhanced Layer 2 Software (ELS). When you use ELS, you create a Layer 3 virtual interface named irb. If you are using a version of Junos OS that does not support ELS, you create a Layer 3 virtual interface named vlan.

Step-by-Step Procedure

1. Configure the interface for the sales server in the blue VLAN:
   [edit interfaces xe-0/0/4 unit 0]
user@switch# set description “Sales server port”
user@switch# set family ethernet-switching vlan members blue
2. Configure the interface for the wireless access point in the blue VLAN:
   [edit interfaces xe-0/0/6 unit 0]
user@switch# set description “Sales wireless access point port”
user@switch# set family ethernet-switching vlan members blue
3. Configure the interface for the support server in the red VLAN:
   [edit interfaces xe-0/0/0 unit 0]
user@switch# set description “Support server port”
user@switch# set family ethernet-switching vlan members red
4. Configure the interface for the wireless access point in the red VLAN:
   [edit interfaces xe-0/0/2 unit 0]
user@switch# set description “Support wireless access point port”
user@switch# set family ethernet-switching vlan members red

Step-by-Step Procedure

1. Create the red and blue VLANs by configuring the VLAN IDs for them:
   [edit vlans]
user@switch# set blue vlan-id 100
user@switch# set red vlan-id 200
2. Create the interface named irb with a logical unit in the sales broadcast domain (blue VLAN):
   [edit interfaces]
user@switch# set irb unit 100 family inet address 192.0.2.1/25

   The unit number is arbitrary and does not have to match the VLAN tag ID. However, configuring the unit number to match the VLAN ID can help avoid confusion.

3. Add a logical unit in the support broadcast domain (red VLAN) to the irb interface:
   [edit interfaces]
user@switch# set irb unit 200 family inet address 192.0.2.129/25
4. Complete the IRB configuration by binding the red and blue VLANs (Layer 2) with the appropriate logical units of the irb interface (Layer 3):
   [edit vlans]
user@switch# set blue l3-interface irb.100
user@switch# set red l3-interface irb.200

Display the results of the configuration:

user@switch> show configuration

interfaces {xe-0/0/4 {unit 0 {description “Sales server port”;family ethernet-switching {vlan members blue;}}}xe-0/0/6 {unit 0 {description “Sales wireless access point port”;family ethernet-switching {vlan members blue;}}}xe-0/0/0 {unit 0 {description “Support server port”;family ethernet-switching {vlan members red;}}}xe-0/0/2 {unit 0 {description “Support wireless access point port”;family ethernet-switching {vlan members red;}}}irb {unit 100 {family inet address 192.0.2.1/25;}unit 200 {family inet address 192.0.2.129/25;}}}}

vlans {blue {vlan-id 100;interface xe-0/0/4.0:interface xe-0/0/6.0;l3-interface irb 100;}red {vlan-id 200;interface xe-0/0/0.0:interface xe-0/0/2.0;l3-interface irb 200;}}

Tip: To quickly configure the blue and red VLAN interfaces, issue the load merge terminal command, copy the hierarchy, and paste it into the switch terminal window.

Verification

To verify that the blue and redVLANs have been created and are operating properly, perform these tasks:

• Verifying That the VLANs Have Been Created and Associated with the Correct Interfaces
• Verifying That Traffic Can Be Routed Between the Two VLANs

Verifying That the VLANs Have Been Created and Associated with the Correct Interfaces

Purpose

Verify that the VLANs blue and red have been created on the switch and that all connected interfaces on the switch are members of the correct VLAN.

Action

List all VLANs configured on the switch:

Name          Tag      Interfaces
default       	       xe-0/0/0.0, xe-0/0/2.0, xe-0/0/4.0, xe-0/0/6.0,
blue          100      xe-0/0/4.0, xe-0/0/6, 
red           200      xe-0/0/0.0, xe-0/0/2.0, *
mgmt                   me0.0*

Meaning

The show vlans command lists all VLANs configured on the switch and which interfaces are members of each VLAN. This command output shows that the blue and red VLANs have been created. The blue VLAN has a tag ID of 100 and is associated with interfaces xe-0/0/4.0 and xe-0/0/6.0. VLAN red has a tag ID of 200 and is associated with interfaces xe-0/0/0.0 and xe-0/0/2.0.

Verifying That Traffic Can Be Routed Between the Two VLANs

Purpose

Verify routing between the two VLANs.

Action

Verify that the IRB logical units are up:

irb.100                 up    up   inet     192.0.2.1/25

irb.200                 up    up   inet     192.0.2.129/25

Note: At least one port (access or trunk) with an appropriate VLAN assigned to it must be up for the irb interface to be up.

Verify that switch has created routes that use the IRB logical units:

192.0.2.0/25        *[Direct/0] 1d 03:26:45
                     > via irb.100 
192.0.2.1/32        *[Local/0] 1d 03:26:45
                       Local via irb.100
192.0.2.128/25      *[Direct/0] 1d 03:26:45
                     > via irb.200 
192.0.2.129/32      *[Local/0] 1d 03:26:45
                       Local via irb.200

List the Layer 3 routes in the switch's Address Resolution Protocol (ARP) table:

MAC Address              Address           Name                      Flags

00:00:0c:06:2c:0d        192.0.2.7        irb.100                   None
00:13:e2:50:62:e0        192.0.2.132      irb.200                   None

Meaning

The output of the show interfaces and show route commands show that the Layer 3 IRB logical units are working and the switch has used them to create direct routes that it will use to forward traffic between the VLAN subnets. The show arp command displays the mappings between the IP addresses and MAC addresses for devices on both irb.100 (associated with VLAN blue) and irb.200 (associated with VLAN red).These two devices can communicate.