[an error occurred while processing this directive] [an error occurred while processing this directive]

Example: Configure Automatic VLAN Administration Using GVRP

As a network expands and the number of clients and VLANs increases, VLAN administration becomes complex, and the task of efficiently configuring VLANs on multiple EX Series switches becomes increasingly difficult. To automate VLAN administration, you can enable GARP VLAN Registration Protocol (GVRP) on the network.

Note: Only trunk interfaces can be enabled for GVRP.

This example describes how to use GVRP to automate administration of VLAN membership changes within your network:

Requirements

This example uses the following hardware and software components:

  • Two EX3200 access switches
  • One EX4200 distribution switch
  • JUNOS Release 9.0 or later for EX Series switches

Before you configure GVRP on the access switches and on the distribution switch, be sure you have:

Overview and Topology

When you are setting up your network, you should configure all VLANs on all switches, even though some switches are not actively participating in a VLAN. Then enable GVRP on the trunk interface of each switch. GVRP ensures that the VLAN membership information on the trunk interface is updated as the switch’s access interfaces become active or inactive in the configured VLANs.

You do not need to take an extra step of explicitly binding a VLAN to the trunk interface. When GVRP is enabled, the trunk interface advertises all the VLANs that are active (bound to access interfaces) on that switch. A GVRP-enabled trunk interface does not advertise VLANs that have been configured on the switch but that are not currently bound to an access interface. Thus, GVRP provides the benefit of reducing network overhead—by limiting the scope of broadcast, unknown unicast, and multicast (BUM) traffic to interested devices only.

This example shows a network with three VLANs: finance, sales, and lab.

Access Switch A has been configured to support all three VLANS and all three VLANS are active, bound to interfaces that are connected to personal computers:

  • ge-0/0/1— Connects PC1 as member of finance vlan, VLAN ID 100
  • ge-0/0/2— Connects PC2 as member of lab vlan, VLAN ID 200
  • ge-0/0/3— Connects PC3 as member of sales vlan, VLAN ID 300

Access Switch B has also been configured to support three VLANS. However, currently only two VLANs are active, bound to interfaces that are connected to personal computers:

  • ge-0/0/0— Connects PC4 as member of finance vlan, VLAN ID 100
  • ge-0/0/1— Connects PC5 as member of lab vlan, VLAN ID 200

The Distribution Switch is also configured to support the three VLANs (finance, lab, sales). However, the Distribution Switch does not have any access interfaces that are connecting devices as members of these VLANs. The Distribution Switch has two trunk interfaces:

  • xe-0/1/1— Connects Distribution Switch to Access Switch A.
  • xe-0/1/0— Connects Distribution Switch to Access Switch B.

Figure 1 shows GVRP configured on two access switches and one distribution switch.

Figure 1: GVRP Configured on Two Access Switches and One Distribution Switch for Automatic VLAN Administration

Image g020303.gif

Table 1: Components of the Network Topology

Property Settings

Switch hardware
  • Access Switch A–EX3200 switch
  • Access Switch B–EX3200 access switch
  • Distribution Switch–EX4200 switch

VLAN names and tag IDs

finance, tag 100
lab, tag 200
sales, tag 300


Interfaces

Access Switch A Interfaces

  • ge-0/0/1— Connects PC1 to Access Switch A.
  • ge-0/0/2— Connects PC2 to Access Switch A.
  • ge-0/0/3— Connects PC3 to Access Switch A.
  • xe-0/1/1— Connects Access Switch A to Distribution Switch. (trunk)

Access Switch B Interfaces

  • ge-0/0/0— Connects PC4 to Access Switch B.
  • ge-0/0/1— Connects PC5 to Access Switch B.
  • xe-0/1/0— Connects Access Switch B to Distribution Switch. (trunk)

Distribution Switch Interfaces

  • xe-0/1/1— Connects Distribution Switch to Access Switch A. (trunk)
  • xe-0/1/0— Connects Distribution Switch to Access Switch B. (trunk)

When VLAN access interfaces become active or inactive, GVRP ensures that the updated information is advertised on the trunk interface. Thus, the Distribution Switch does not forward traffic to inactive VLANs.

Configuring VLANs and GVRP on Access Switch A

To configure three VLANs on the switch, bind access interfaces for PC1, PC2, and PC3 to the VLANs (finance, lab, sales), and enable GVRP on the trunk interface of Access Switch A, perform these tasks:

CLI Quick Configuration

To quickly configure Access Switch A to support the three VLANs, bind interfaces for the three PCs to the appropriate VLANs, and enable GVRP on the trunk interface, copy the following commands and paste them into the switch terminal window of Switch A:


[edit]
set vlans finance vlan-id 100


set vlans lab vlan-id 200


set vlans sales vlan-id 300


set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members finance

set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members lab

set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members sales


set interfaces xe-0/1/1 unit 0 family ethernet-switching port-mode trunk

set protocols gvrp interface xe-0/1/1.0

Note: As we recommend, default GVRP timers are used in this example. The default values associated with each GVRP timer are: 200 ms for the join-timer, 600 ms for the leave-timer, and 1000 cs (10000 ms) for the leaveall-timer. Modifying timers to inappropriate values may cause an imbalance in the operation of GVRP. Refer to IEEE 802.1D [2004] Clause 12 for more information. The timer values are displayed when you use the show gvrp command to verify that GVRP is enabled. For more information on the timers, see gvrp and its associated configuration statements.

Step-by-Step Procedure

To configure Access Switch A to support the three VLANs, bind interfaces for the three PCs to the appropriate VLANs, and enable GVRP on the trunk interface, copy the following commands and paste them into the switch terminal window of Switch A:

  1. Configure the finance VLAN:

    [edit]
    user@Access-Switch-A# set vlans finance vlan-id 100
  2. Configure the lab VLAN:

    [edit]
    user@Access-Switch-A# set vlans lab vlan–id 200
  3. Configure the sales VLAN:

    [edit]
    user@Access-Switch-A# set vlans sales vlan–id 300
  4. Configure an Ethernet interface as a member of the finance VLAN:

    [edit]
    user@Access-Switch-A# set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members finance
  5. Configure an Ethernet interface as a member of the lab VLAN:

    [edit]
    user@Access-Switch-A# set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members lab
  6. Configure an Ethernet interface as a member of the sales VLAN:

    [edit]
    user@Access-Switch-A# set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members sales
  7. Configure a trunk interface:

    user@Access-Switch-A# set interfaces xe-0/1/1 unit 0 family ethernet-switching port-mode trunk
  8. Enable GVRP on the trunk interface:

    [edit]
    user@Access-Switch-A# set protocols gvrp interface xe-0/1/1.0

Results

Check the results of the configuration:

interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members lab;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members sales;
}
}
}
}
xe-0/1/1 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/3 {
unit 0 {
family ethernet-switching;
}
}
}
protocols {
igmp-snooping {
vlan all;
}
lldp {
interface all;
}
lldp-med {
interface all;
}
gvrp {
interface xe-0/1/1.0;
}
rstp;
}
ethernet-switching-options {
storm-control {
interface all {
level 50;
}
}
}
vlans {
finance {
vlan-id 100;
}
lab {
vlan-id 200;
}
sales {
vlan-id 300;
}

Configuring VLANs and GVRP on Access Switch B

To configure three VLANs on the switch, bind access interfaces for PC4 and PC5 to the VLANs (finance and lab), and enable GVRP on the trunk interface of Access Switch Switch B, perform these tasks:

CLI Quick Configuration

To quickly configure Access Switch B to support the three VLANs, bind interfaces for the two PCs to the appropriate VLANs, and enable GVRP on the trunk interface, copy the following commands and paste them into the switch terminal window of Switch B:


[edit]
set vlans finance vlan-id 100


set vlans lab vlan-id 200


set vlans sales vlan-id 300



set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members finance

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members lab


set interfaces xe-0/1/0 unit 0 family ethernet-switching port-mode trunk

set protocols gvrp interface xe-0/1/0.0

Step-by-Step Procedure

To configure Access Switch B to support the three VLANs, bind interfaces for the two PCs to the appropriate VLAN, and enable GVRP on the trunk interface, copy the following commands and paste them into the switch terminal window of Switch B:

  1. Configure the finance VLAN:

    [edit]
    user@Access-Switch-B# set vlans finance vlan-id 100
  2. Configure the lab VLAN:

    [edit]
    user@Access-Switch-B# set vlans lab vlan–id 200
  3. Configure the sales VLAN:

    [edit]
    user@Access-Switch-B# set vlans sales vlan–id 300
  4. Configure an Ethernet interface as a member of the finance VLAN:

    [edit]
    user@Access-Switch-B# set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members finance
  5. Configure an Ethernet interface as a member of the lab VLAN:

    [edit]
    user@Access-Switch-B# set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members lab
  6. Configure a trunk interface:

    user@Access-Switch-B# set interfaces xe-0/1/0 unit 0 family ethernet-switching port-mode trunk
  7. Enable GVRP on the trunk interface:

    [edit]
    user@Access-Switch-B# set protocols gvrp xe-0/1/0.0

    Note: As we recommend, default GVRP timers are used in this example. The default values associated with each GVRP timer are: 200 ms for the join-timer, 600 ms for the leave-timer, and 1000 cs (10000 ms) for the leaveall-timer. Modifying timers to inappropriate values may cause an imbalance in the operation of GVRP. Refer to IEEE 802.1D [2004] Clause 12 for more information. The timer values are displayed when you use the show gvrp command to verify that GVRP is enabled. For more information on the timers, see gvrp and its associated configuration statements.

Results

Check the results of the configuration:

[edit]
user@Access-Switch-B #show
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members lab;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/0 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/3 {
unit 0 {
family ethernet-switching;
}
}
}
protocols {
igmp-snooping {
vlan all;
}
lldp {
interface all;
}
lldp-med {
interface all;
}
gvrp {
interface xe-0/1/0.0;
}
rstp;
}
ethernet-switching-options {
storm-control {
interface all {
level 50;
}
}
}
vlans {
finance {
vlan-id 100;
}
lab {
vlan-id 200;
}
sales {
vlan-id 300;
}
}

Configuring VLANS and GVRP on the Distribution Switch

CLI Quick Configuration

To quickly configure the finance, lab, and sales VLANs on the Distribution Switch and to enable GVRP on the trunk interface of the Distribution Switch, copy the following commands and paste them into the switch terminal window of the Distribution Switch:


[edit]
set vlans finance vlan-id 100


set vlans lab vlan-id 200


set vlans sales vlan-id 300


set interfaces xe-0/1/1 unit 0 family ethernet-switching port-mode trunk
set interfaces xe-0/1/0 unit 0 family ethernet-switching port-mode trunk


set protocols gvrp interface xe-0/1/1.0

set protocols gvrp interface xe-0/1/0.0

Step-by-Step Procedure

To configure the three VLANs on the Distribution Switch, to configure the trunk interfaces, and to enable GVRP on the trunk interface of the Distribution Switch:

  1. Configure the finance VLAN:

    [edit]
    user@Distribution-Switch# set vlans finance vlan–id 100
  2. Configure the lab VLAN:

    [edit]
    user@Distribution-Switch# set vlans lab vlan–id 200
  3. Configure the sales VLAN:

    [edit]
    user@Distribution-Switch# set vlans sales vlan–id 300
  4. Configure the trunk interface to Access Switch A:

    [edit]
    user@Distribution-Switch# set interfaces xe-0/1/1 unit 0 family ethernet-switching port-mode trunk
  5. Configure the trunk interface to Access Switch B:

    [edit]
    user@Distribution-Switch# set interfaces xe-0/1/0 unit 0 family ethernet-switching port-mode trunk
  6. Enable GVRP on the trunk interface for xe-0/1/1 :

    [edit]
    user@Distribution-Switch# set protocols gvrp interface xe-0/1/1.0

  7. Enable GVRP on the trunk interface for xe-0/1/0 :

    [edit]
    user@Distribution-Switch# set protocols gvrp interface xe-0/1/0.0

Results

Display the results of the configuration:

[edit]
user@Distribution Switch-D #show
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/1 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/3 {
unit 0 {
family ethernet-switching;
}
}
}
protocols {
igmp-snooping {
vlan all;
}
lldp {
interface all;
}
lldp-med {
interface all;
}
gvrp {
interface xe-0/1/0.0;
interface xe-0/1/1.0;
}
rstp;
}
ethernet-switching-options {
storm-control {
interface all {
level 50;
}
}
}
vlans {
finance {
vlan-id 100;
}
lab {
vlan-id 300;
}
sales {
vlan-id 300;
}
}

Verification

To confirm that the configuration is updating VLAN membership, perform these tasks:

Verifying That GVRP Is Enabled on Access Switch A

Purpose

Verify that GVRP is enabled on the switch.

Action

Show the GVRP configuration, using the show gvrp command:


user@Access-Switch-A> show gvrp 
Global GVRP configuration 
  GVRP status  : Enabled        
  GVRP Timers (ms) 
    Join       : 200    
    Leave      : 600    
    LeaveAll   : 10000  
Interface Name      Protocol Status
--------------      ---------------
xe-0/1/1.0          Enabled

Meaning

The results show that GVRP is enabled on the trunk interface of Switch A and that the default timers are used.

Verifying That GVRP Is Updating VLAN Membership on Switch A

Purpose

To verify that GVRP is updating VLAN membership, display the Ethernet switching interfaces and associated VLANs that are active on switch A:

Action

List Ethernet switching interfaces on the switch, using the show ethernet-switching interfaces command:



user@Access-Switch-A> show ethernet-switching interfaces

Interface   State    VLAN members           Blocking 
ge-0/0/1.0  up       finance                unblocked
ge-0/0/2.0  up       lab                    unblocked
ge-0/0/3.0  up       sales                  unblocked
xe-0/1/1.0  up       finance                unblocked
                     lab                    unblocked

Meaning

GVRP has automatically added finance and lab as VLAN members on the trunk interface, because they are being advertised by Access Switch B.

Verifying That GVRP Is Enabled on Access Switch B

Purpose

Verify that GVRP is enabled on the switch.

Action

Show the GVRP configuration:


user@Access-Switch-B> show gvrp 
Global GVRP configuration 
  GVRP status  : Enabled        
  GVRP Timers (ms) 
    Join       : 200    
    Leave      : 600    
    LeaveAll   : 10000  
Interface Name      Protocol Status
--------------      ---------------
xe-0/1/0.0          Enabled

Meaning

The results show that GVRP is enabled on the trunk interface of Switch B and that the default timers are used.

Verifying That GVRP Is Updating VLAN Membership on Switch B

Purpose

To verify that GVRP is updating VLAN membership, display the Ethernet switching interfaces and associated VLANs that are active on switch B:

Action

List Ethernet switching interfaces on the switch:


user@Access-Switch-B> show ethernet-switching interfaces 

Interface   State    VLAN members           Blocking 
ge-0/0/0.0  up       finance                unblocked
ge-0/0/1.0  up       lab                    unblocked
xe-0/1/1.0  up       finance                unblocked
                     lab                    unblocked
                     sales                  unblocked

Meaning

GVRP has automatically added finance, lab, and sales as VLAN members on the trunk interface because they are being advertised by Access Switch A.

Verifying That GVRP Is Enabled on the Distribution Switch

Purpose

Verify that GVRP is enabled on the switch.

Action

Show the GVRP configuration:


user@Distribution-Switch> show gvrp 
Global GVRP configuration 
  GVRP status  : Enabled        
  GVRP Timers (ms) 
    Join       : 200    
    Leave      : 600    
    LeaveAll   : 10000  
Interface Name      Protocol Status
--------------      ---------------
xe-0/1/0.0          Enabled  
xe-0/1/1.0          Enabled

Verifying That GVRP Is Updating VLAN Membership on the Distribution Switch

Purpose

To verify that GVRP is updating VLAN membership on the distribution switch, display the Ethernet switching interfaces and associated VLANs on the Distribution Switch:

Action

List the Ethernet switching interfaces on the switch:


user@Distribution-Switch> show ethernet-switching interfaces 

Interface   State    VLAN members           Blocking 
xe-0/1/1.0  up       finance                unblocked
                     lab                    unblocked
                     sales                  unblocked
xe-0/1/0.0  up       finance                unblocked
                     lab                    unblocked

Meaning

The Distribution Switch has two trunk interfaces. Interface xe-0/1/1.0 connects the Distribution Switch to Access Switch A and is therefore updated to show that it is a member of all the VLANs that are active on Access Switch A. Any traffic for those VLANs will be passed on from the Distribution Switch to Access Switch A, through interface xe-0/1/1.0. Interface xe-0/1/0.0 connects the Distribution Switch to Access Switch B and is updated to show that it is a member of the two VLANs that are active on Access Switch B. Thus, the Distribution Switch sends traffic for finance and lab to both Access Switch A and Access Switch B. But the Distribution Switch sends traffic for sales only to Access Switch A.

Published: 2009-07-22

[an error occurred while processing this directive]