Supported Platforms
Example: Setting Up Basic Bridging and a VLAN for an EX Series Switch
 | Note: This example uses Junos OS for EX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs Junos OS that does not support ELS, see Example: Setting Up Basic Bridging and a VLAN for an EX Series Switch. For ELS details, see Getting Started with Enhanced Layer 2 Software. |
EX Series switches use bridging and virtual LANs (VLANs) to connect network devices in a LAN—desktop computers or laptops, IP telephones, printers, file servers, wireless access points, and others—and to segment the LAN into smaller broadcast domains.
This example describes how to configure basic bridging and a VLAN on an EX Series switch:
Requirements
This example uses the following hardware and software components:
- One EX Series switch
- Junos OS Release 13.2X50-D10 or later for EX Series switches
Before you set up bridging and a VLAN, be sure you have:
- Installed your EX Series switch. See the installation instructions for your switch.
- Performed the initial switch configuration. See Connecting and Configuring an EX Series Switch (CLI Procedure).
Overview and Topology
EX Series switches connect network devices in an office LAN or a data center LAN to provide sharing of common resources such as printers and file servers and to enable wireless devices to connect to the LAN through wireless access points. Without bridging and VLANs, all devices on the Ethernet LAN are in a single broadcast domain, and all the devices detect all the packets on the LAN. Bridging creates separate broadcast domains on the LAN, creating VLANs, which are independent logical networks that group together related devices into separate network segments. The grouping of devices on a VLAN is independent of where the devices are physically located in the LAN.
To use an EX Series switch to connect network devices on a LAN, you must, at a minimum, explicitly configure at least one VLAN, even if your network is simple and you want only one broadcast domain to exist, as is the case with this example. You must also assign all needed interfaces to the VLAN, after which the interfaces function in access mode. After the VLAN is configured, you can plug access devices—such as desktop or laptop computers, IP telephones, file servers, printers, and wireless access points—into the switch, and they are joined immediately into the VLAN, and the LAN is up and running.
The topology used in this example consists of one EX4300-24P switch, which has a total of 24 ports. All ports support Power over Ethernet (PoE), which means they provide both network connectivity and electric power for the device connecting to the port. To these ports, you can plug in devices requiring PoE, such as Avaya VoIP telephones, wireless access points, and some IP cameras. (Avaya phones have a built-in hub that allows you to connect a desktop PC to the phone, so the desktop and phone in a single office require only one port on the switch.) Table 1 details the topology used in this configuration example.
Table 1: Components of the Basic Bridging Configuration Topology
| Property | Settings |
|---|---|
Switch hardware | EX4300-24P switch, with 24 Gigabit Ethernet ports: in this example, 8 ports are used as PoE ports (ge-0/0/0 through ge-0/0/7 ) and 16 ports used as non-PoE ports (ge-0/0/8 through ge-0/0/23) |
VLAN name | employee-vlan |
VLAN ID | 10 |
Connection to wireless access point (requires PoE) | ge-0/0/0 |
Connections to Avaya IP telephone—with integrated hub, to connect phone and desktop PC to a single port (requires PoE) | ge-0/0/1 through ge-0/0/7 |
Direct connections to desktop PCs and laptops (no PoE required) | ge-0/0/8 through ge-0/0/12 |
Connections to file servers (no PoE required) | ge-0/0/17 and ge-0/0/18 |
Connections to integrated printer/fax/copier machines (no PoE required) | ge-0/0/19 through ge-0/0/20 |
Unused ports (for future expansion) | ge-0/0/13 through ge-0/0/16, and ge-0/0/21 through ge-0/0/23 |
Configuration
To set up basic bridging and a VLAN:
CLI Quick Configuration
To quickly configure a VLAN, copy the following commands and paste them into the switch terminal window:
[edit]set vlans employee-vlan vlan-id 10set interfaces ge-0/0/0 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/1 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/2 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/3 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/4 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/5 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/6 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/7 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/8 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/9 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/10 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/11 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/12 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/17 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/18 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/19 unit 0 family ethernet-switching
vlan members employee-vlanset interfaces ge-0/0/20 unit 0 family ethernet-switching
vlan members employee-vlanYou must then plug the wireless access point into PoE-enabled port ge-0/0/0 and the Avaya IP phones into the PoE-enabled ports ge-0/0/1 through ge-0/0/7. Also, plug the PCs, file servers, and printers into ports ge-0/0/8 through ge-0/0/12 and ge-0/0/17 through ge-0/0/20.
Step-by-Step Procedure
To set up basic bridging and a VLAN:
- Create a VLAN named employee-vlan and specify the VLAN
ID of 10 for it:
[edit vlans]user@switch# set employee-vlan vlan-id 10 - Assign interfaces ge-0/0/0 through ge-0/0/12, and ge-0/0/17
through ge-0/0/20 to the employee-vlan VLAN:
[edit interface]user@switch# set ge-0/0/0 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/1 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/2 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/3 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/4 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/5 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/6 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/7 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/8 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/9 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/10 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/11 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/12 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/17 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/18 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/19 unit 0 family ethernet-switching vlan members employee-vlanuser@switch# set ge-0/0/20 unit 0 family ethernet-switching vlan members employee-vlan - Connect the wireless access point to switch port ge-0/0/0.
- Connect the seven Avaya phones to switch ports ge-0/0/1 through ge-0/0/7.
- Connect the five PCs to ports ge-0/0/8 through ge-0/0/12.
- Connect the two file servers to ports ge-0/0/17 and ge-0/0/18.
- Connect the two printers to ports ge-0/0/19 and ge-0/0/20.
Results
Check the results of the configuration:
user@switch> show configuration ge-0/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/17 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/18 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/19 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
vlan {
members employee-vlan;
}
}
}
}
Verification
To verify that switching is operational and that employee-vlan has been created, perform these tasks:
- Verifying That the VLAN Has Been Created
- Verifying That Interfaces Are Associated with the Proper VLANs
Verifying That the VLAN Has Been Created
Purpose
Verify that the VLAN named employee-vlan has been created on the switch.
Action
List all VLANs configured on the switch:
user@switch> show vlans Routing instance VLAN name Tag Interfaces
default-switch employee-vlan 10
ge-0/0/0.0
ge-0/0/1.0
ge-0/0/2.0
ge-0/0/3.0
ge-0/0/4.0
ge-0/0/5.0
ge-0/0/6.0
ge-0/0/7.0
ge-0/0/8.0
ge-0/0/9.0
ge-0/0/10.0
ge-0/0/11.0
ge-0/0/12.0
ge-0/0/17.0
ge-0/0/18.0
ge-0/0/19.0
ge-0/0/20.0
...
Meaning
The show vlans command lists the VLANs configured on the switch. This output shows that the VLAN employee-vlan has been created.
Verifying That Interfaces Are Associated with the Proper VLANs
Purpose
Verify that Ethernet switching is enabled on switch interfaces and that all interfaces are included in the VLAN.
Action
List all interfaces on which switching is enabled:
user@switch> show ethernet-switching interfaces
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/0.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/1.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/2.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/3.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/4.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/5.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/6.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/7.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/8.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/9.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/10.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/11.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/12.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/17.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/18.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/19.0 65535 untagged
employee-vlan 10
65535 Discarding
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/20.0 65535 untagged
employee-vlan 10
65535 Discarding
...Meaning
The show ethernet-switching interfaces command lists all interfaces on which switching is enabled (in the Logical interface column), along with the VLANs that are active on the interfaces (in the VLAN members column). The output in this example shows all the connected interfaces, ge-0/0/0 through ge-0/0/12 and ge-0/0/17 through ge-0/0/20 and that they are all part of VLAN employee-vlan. Notice that the interfaces listed are the logical interfaces, not the physical interfaces. For example, the output shows ge-0/0/0.0 instead of ge-0/0/0. This is because Junos OS creates VLANs on logical interfaces, not directly on physical interfaces.
