[an error occurred while processing this directive] [an error occurred while processing this directive]

Example: Setting Up Bridging with Multiple VLANs for EX Series Switches

To segment traffic on a LAN into separate broadcast domains, you create separate virtual LANs (VLANs) on an EX Series switch. Each VLAN is a collection of network nodes. When you use VLANs, frames whose origin and destination are in the same VLAN are forwarded only within the local VLAN, and only frames not destined for the local VLAN are forwarded to other broadcast domains. VLANs thus limit the amount of traffic flowing across the entire LAN, reducing the possible number of collisions and packet retransmissions within the LAN.

This example describes how to configure bridging for an EX Series switch and how to create two VLANs to segment the LAN:

Requirements

This example uses the following hardware and software components:

  • One EX4200-48P Virtual Chassis switch
  • JUNOS Release 9.0 or later for EX Series switches

Before you set up bridging and VLANs, be sure you have:

Overview and Topology

EX Series switches connect all devices in an office or data center into a single LAN to provide sharing of common resources such as printers and file servers and to enable wireless devices to connect to the LAN through wireless access points. The default configuration creates a single VLAN, and all traffic on the switch is part of that broadcast domain. Creating separate network segments reduces the span of the broadcast domain and allows you to group related users and network resources without being limited by physical cabling or by the location of a network device in the building or on the LAN.

This example shows a simple configuration to illustrate the basic steps for creating two VLANs on a single switch. One VLAN, called sales, is for the sales and marketing group, and a second, called support, is for the customer support team. The sales and support groups each have their own dedicated file servers, printers, and wireless access points. For the switch ports to be segmented across the two VLANs, each VLAN must have its own broadcast domain, identified by a unique name and tag (VLAN ID). In addition, each VLAN must be on its own distinct IP subnet.

The topology for this example consists of one EX4200-48P switch, which has a total of 48 Gigabit Ethernet ports, all of which support Power over Ethernet (PoE). Most of the switch ports connect to Avaya IP telephones. The remainder of the ports connect to wireless access points, file servers, and printers.

Table 1: Components of the Multiple VLAN Topology

Property Settings

Switch hardware

EX4200-48P, 48 Gigabit Ethernet ports, all PoE-enabled (ge-0/0/0 through ge-0/0/47)

VLAN names and tag IDs

sales, tag 100
support, tag 200

VLAN subnets

sales: 192.0.2.0/25 (addresses 192.0.2.1 through 192.0.2.126)
support: 192.0.2.128/25 (addresses 192.0.2.129 through 192.0.2.254)

Interfaces in VLAN sales

Avaya IP telephones: ge-0/0/3 through ge-0/0/19
Wireless access points: ge-0/0/0 and ge-0/0/1
Printers: ge-0/0/22 and ge-0/0/23
File servers: ge-0/0/20 and ge-0/0/21

Interfaces in VLAN support

Avaya IP telephones: ge-0/0/25 through ge-0/0/43
Wireless access points: ge-0/0/24
Printers: ge-0/0/44 and ge-0/0/45
File servers: ge-0/0/46 and ge-0/0/47

Unused interfaces

ge-0/0/2 and ge-0/0/25

This configuration example creates two IP subnets, one for the sales VLAN and the second for the support VLAN. The switch bridges traffic within a VLAN. For traffic passing between two VLANs, the switch routes the traffic using a Layer 3 routing interface on which you have configured the address of the IP subnet.

To keep the example simple, the configuration steps show only a few devices in each of the VLANs. Use the same configuration procedure to add more LAN devices.

Configuration

Configure Layer 2 switching for two VLANs:

CLI Quick Configuration

To quickly configure Layer 2 switching for the two VLANs (sales and support) and to quickly configure Layer 3 routing of traffic between the two VLANs, copy the following commands and paste them into the switch terminal window:


[edit]


set interfaces ge-0/0/0 unit 0 description “Sales wireless access point port”


set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members sales


set interfaces ge-0/0/3 unit 0 description “Sales phone port”

set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members sales


set interfaces ge-0/0/22 unit 0 description “Sales printer port”

set interfaces ge-0/0/22 unit 0 family ethernet-switching vlan members sales


set interfaces ge-0/0/20 unit 0 description “Sales file server port”

set interfaces ge-0/0/20 unit 0 family ethernet-switching vlan members sales


set interfaces ge-0/0/24 unit 0 description “Support wireless access point port”


set interfaces ge-0/0/24 unit 0 family ethernet-switching vlan members support


set interfaces ge-0/0/26 unit 0 description “Support phone port”

set interfaces ge-0/0/26 unit 0 family ethernet-switching vlan members support


set interfaces ge-0/0/44 unit 0 description “Support printer port”

set interfaces ge-0/0/44 unit 0 family ethernet-switching vlan members support


set interfaces ge-0/0/46 unit 0 description “Support file server port”


set interfaces ge-0/0/46 unit 0 family ethernet-switching vlan members support


set interfaces vlan unit 0 family inet address 192.0.2.0/25


set interfaces vlan unit 1 family inet address 192.0.2.128/25

set vlans sales l3–interface vlan.0


set vlans sales vlan-id 100


set vlans support vlan-id 200


set vlans support l3-interface vlan.1

Step-by-Step Procedure

Configure the switch interfaces and the VLANs to which they belong. By default, all interfaces are in access mode, so you do not have to configure the port mode.

  1. Configure the interface for the wireless access point in the sales VLAN:

    [edit interfaces ge-0/0/0 unit 0]
    user@switch# set description “Sales wireless access point port”
    user@switch# set family ethernet-switching vlan members sales
  2. Configure the interface for the Avaya IP phone in the sales VLAN:

    [edit interfaces ge-0/0/3 unit 0]
    user@switch# set description “Sales phone port”
    user@switch# set family ethernet-switching vlan members sales
  3. Configure the interface for the printer in the sales VLAN:

    [edit interfaces ge-0/0/22 unit 0]
    user@switch# set description “Sales printer port”
    user@switch# set family ethernet-switching vlan members sales
  4. Configure the interface for the file server in the sales VLAN:

    [edit interfaces ge-0/0/20 unit 0]
    user@switch# set description “Sales file server port”
    user@switch# set family ethernet-switching vlan members sales
  5. Configure the interface for the wireless access point in the support VLAN:

    [edit interfaces ge-0/0/24 unit 0]
    user@switch# set description “Support wireless access point port”
    user@switch# set family ethernet-switching vlan members support
  6. Configure the interface for the Avaya IP phone in the support VLAN:

    [edit interfaces ge-0/0/26 unit 0]
    user@switch# set description “Support phone port”
    user@switch# set family ethernet-switching vlan members support
  7. Configure the interface for the printer in the support VLAN:

    [edit interfaces ge-0/0/44 unit 0]
    user@switch# set description “Support printer port”
    user@switch# set family ethernet-switching vlan members support
  8. Configure the interface for the file server in the support VLAN:

    [edit interfaces ge-0/0/46 unit 0]
    user@switch# set description “Support file server port”
    user@switch# set family ethernet-switching vlan members support
  9. Create the subnet for the sales broadcast domain:

    [edit interfaces]
    user@switch# set vlan unit 0 family inet address 192.0.2.1/25
  10. Create the subnet for the support broadcast domain:

    [edit interfaces]
    user@switch# set vlan unit 1 family inet address 192.0.2.129/25
  11. Configure the VLAN tag IDs for the sales and support VLANs:

    [edit vlans]
    user@switch# set sales vlan-id 100
    user@switch# set support vlan-id 200
  12. To route traffic between the sales and support VLANs, define the interfaces that are members of each VLAN and associate a Layer 3 interface:

    [edit vlans]
    user@switch# set sales l3-interface vlan.0
    user@switch# set support l3-interface vlan.1

Results

Display the results of the configuration:

user@switch> show configuration
interfaces {
ge-0/0/0 {
unit 0 {
description “Sales wireless access point port”;
family ethernet-switching {
vlan members sales;
}
}
}
ge-0/0/3 {
unit 0 {
description “Sales phone port”;
family ethernet-switching {
vlan members sales;
}
}
}
ge-0/0/22 {
unit 0 {
description “Sales printer port”;
family ethernet-switching {
vlan members sales;
}
}
}
ge-0/0/20 {
unit 0 {
description “Sales file server port”;
family ethernet-switching {
vlan members sales;
}
}
}
ge-0/0/24 {
unit 0 {
description “Support wireless access point port”;
family ethernet-switching {
vlan members support;
}
}
}
ge-0/0/26 {
unit 0 {
description “Support phone port”;
family ethernet-switching {
vlan members support;
}
}
}
ge-0/0/44 {
unit 0 {
description “Support printer port”;
family ethernet-switching {
vlan members support;
}
}
}
ge-0/0/46 {
unit 0 {
description “Support file server port”;
family ethernet-switching {
vlan members support;
}
}
vlans {
unit 0 {
family inet address 192.0.2.0/25;
}
unit 1 {
family inet address 192.0.2.128/25;
}
}
}
}
vlans {
sales {
vlan-id 100;
interface ge-0/0/0.0:
interface ge-0/0/3/0;
interface ge-0/0/20.0;
interface ge-0/0/22.0;
l3-interface vlan 0;
}
support {
vlan-id 200;
interface ge-0/0/24.0:
interface ge-0/0/26.0;
interface ge-0/0/44.0;
interface ge-0/0/46.0;
l3-interface vlan 1;
}
}

Tip: To quickly configure the sales and support VLAN interfaces, issue the load merge terminal command, then copy the hierarchy and paste it into the switch terminal window.

Verification

Verify that the “sales” and “support” VLANs have been created and are operating properly, perform these tasks:

Verifying That the VLANs Have Been Created and Associated to the Correct Interfaces

Purpose

Verify that the VLANs sales and support have been created on the switch and that all connected interfaces on the switch are members of the correct VLAN.

Action

List all VLANs configured on the switch:

Use the operational mode commands:


user@switch> show vlans 
Name           Tag     Interfaces
default       
                       ge-0/0/1.0, ge-0/0/2.0, ge-0/0/4.0, ge-0/0/5.0,
                       ge-0/0/6.0,  ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0,
                       ge-0/0/10.0*, ge-0/0/11.0, ge-0/0/12.0, ge-0/0/13.0*,
                       ge-0/0/14.0, ge-0/0/15.0, ge-0/0/16.0, ge-0/0/17.0,
                       ge-0/0/18.0, ge-0/0/19.0, ge-0/0/21.0, ge-0/0/23.0*,
                       ge-0/0/25.0, ge-0/0/27.0, ge-0/0/28.0, ge-0/0/29.0,
                       ge-0/0/30.0, ge-0/0/31.0, ge-0/0/32.0, ge-0/0/33.0,
                       ge-0/0/34.0, ge-0/0/35.0, ge-0/0/36.0, ge-0/0/37.0,
                       ge-0/0/38.0, ge-0/0/39.0, ge-0/0/40.0, ge-0/0/41.0,
                       ge-0/0/42.0, ge-0/0/43.0, ge-0/0/45.0, ge-0/0/47.0,
                       ge-0/1/0.0*, ge-0/1/1.0*, ge-0/1/2.0*, ge-0/1/3.0*

sales       100
                       ge-0/0/0.0*, ge-0/0/3.0, ge-0/0/20.0, ge-0/0/22.0
                       
support     200
                       ge-0/0/0.24, ge-0/0/26.0, ge-0/0/44.0, ge-0/0/46.0*
mgmt          
                       me0.0*

Meaning

The show vlans command lists all VLANs configured on the switch and which interfaces are members of each VLAN. This command output shows that the sales and support VLANs have been created. The sales VLAN has a tag ID of 100 and is associated with interfaces ge-0/0/0.0, ge-0/0/3.0, ge-0/0/20.0, and ge-0/0/22.0. VLAN support has a tag ID of 200 and is associated with interfaces ge-0/0/24.0, ge-0/0/26.0, ge-0/0/44.0, and ge-0/0/46.0.

Verifying That Traffic Is Being Routed Between the Two VLANs

Purpose

Verify routing between the two VLANs.

Action

List the Layer 3 routes in the switch's Address Resolution Protocol (ARP) table:


user@switch> show arp 
MAC Address       Address         Name                     Flags

00:00:0c:06:2c:0d        192.0.2.3       vlan.0                   None
00:13:e2:50:62:e0        192.0.2.11      vlan.1                   None

Meaning

Sending IP packets on a multiaccess network requires mapping from an IP address to a MAC address (the physical or hardware address). The ARP table displays the mapping between the IP address and MAC address for both vlan.0 (associated with sales) and vlan.1 (associated with support). These VLANs can route traffic to each other.

Verifying That Traffic Is Being Switched Between the Two VLANs

Purpose

Verify that learned entries are being added to the Ethernet switching table.

Action

List the contents of the Ethernet switching table:


user@switch> show ethernet-switching table 
Ethernet-switching table: 8 entries, 5 learned
  VLAN              MAC address       Type         Age Interfaces
  default           *                 Flood          - All-members
  default           00:00:05:00:00:01 Learn          - ge-0/0/10.0
  default           00:00:5e:00:01:09 Learn          - ge-0/0/13.0
  default           00:19:e2:50:63:e0 Learn          - ge-0/0/23.0
  sales             *                 Flood          - All-members
  sales             00:00:5e:00:07:09 Learn          - ge-0/0/0.0
  support           *                 Flood          – All–members
  support           00:00:5e:00:01:01 Learn          – ge-0/0/46.0

Meaning

The output shows that learned entries for the sales and support VLANs have been added to the Ethernet switching table, and are associated with interfaces ge-0/0/0.0 and ge-0/0/46.0. Even though the VLANs were associated with more than one interface in the configuration, these interfaces are the only ones that are currently operating.

Published: 2009-07-22

[an error occurred while processing this directive]