Configuring a Layer 2 Virtual Switch
A Layer 2 virtual switch, which isolates a LAN segment with its spanning-tree protocol instance and separates its VLAN ID space, filters and forwards traffic only at the data link layer. Layer 3 routing is not performed. Each bridge domain consists of a set of logical ports that participate in Layer 2 learning and forwarding. A virtual switch represents a Layer 2 network.
Two main types of interfaces are used in virtual switch hierarchies:
Layer 2 logical interface—This type of interface uses the VLAN-ID as a virtual circuit identifier and the scope of the VLAN-ID is local to the interface port. This type of interface is often used in service-provider-centric applications.
Access or trunk interface—This type of interface uses a VLAN-ID with global significance. The access or trunk interface is implicitly associated with bridge domains based on VLAN membership. Access or trunk interfaces are typically used in enterprise-centric applications.
Note:The difference between access interfaces and trunk interfaces is that access interfaces can be part of one VLAN only and the interface is normally attached to an end-user device (packets are implicitly associated with the configured VLAN). In contrast, trunk interfaces multiplex traffic from multiple VLANs and usually interconnect switches.
To configure a Layer 2 virtual switch, include the following statements:
[edit]
routing-instances {
routing-instance-name (
instance-type virtual-switch;
bridge-domains {
bridge-domain-name {
domain-type bridge;
interface interface-name;
vlan-id (all | none | number); # Cannot be used with ’vlan-tags’ statement
vlan-id-list [ vlan-id-numbers ];
vlan-tags outer number inner number; # Cannot be used with ’vlan-id’ statement
}
}
protocols {
mstp {
...mstp-configuration ...
}
}
}
}
To enable a virtual switch, you must specify virtual-switch as the instance-type.
For each bridge domain that you configure for the virtual switch,
specify a bridge-domain-name. You must
also specify the value bridge for the domain-type statement.
For the vlan-id statement, you can specify either
a valid VLAN identifier or the none or all options.
The all option is not supported with IRB.
You do not have to specify a VLAN identifier for a bridge domain. However, you cannot specify the same VLAN identifier for more than one bridge domain within a virtual switch. Each bridge domain within a virtual switch must have a unique VLAN identifier.
For a single bridge domain, you can include either the vlan-id statement or the vlan-tags statement, but
not both. The vlan-id statement, vlan-id-list statement, and vlan-tags statement are mutually exclusive.
The vlan-id-list statement allows you to automatically
create multiple bridge-domains for each vlan-id in the list.
To specify one or more logical interfaces to include in the
bridge domain, specify an interface-name for an Ethernet interface you configured at the [edit interfaces] hierarchy level. For more information, see the Junos OS Network Interfaces Library for Routing Devices.