vlans
Syntax (QFX Series, QFabric, NFX Series, and EX4600)
vlans {
vlan-name {
description text-description;
dot1q-tunneling {
customer-vlans (id | range);
}
filter input filter-name;
filter output filter-name;{
isolated;
mapping (policy | tag push | native push);
promiscuous;
}
isolation-vlan-id;
l3-interface vlan.logical-interface-number;
mac-limit number;
no-local-switching;
no-mac-learning;
primary-vlan vlan-name;
pvlan extend-secondary-vlan-id vlan-id;
vlan-id number;
vlan-range vlan-id-low-vlan-id-high;
}
}
Syntax (QFX Series, NFX Series, and EX4600)
vlans {
vlan-name {
description text-description;
domain-type bridge;
forwarding-options {
dhcp-security {
arp-inspection;
group group-name {
interface interface-name {
static-ip ip-address {
mac mac-address;
}
}
overrides {
no-option82;
trusted;
untrusted;
}
}
ip-source-guard;
no-dhcp-snooping;
option-82 {
circuit-id {
prefix {
host-name;
logical-system-name;
routing-instance-name;
}
use-interface-description (device | logical);
use-vlan-id;
}
remote-id {
host-name hostname;
use-interface-description (device | logical);
use-string string;
}
vendor-id {
use-string string;
}
}
}
fip-security {
examine-vn2vf;
examine-vn2vn {
beacon-period milliseconds;
}
fc-map fc-map-value;
interface interface-name {
(fcoe-trusted | no-fcoe-trusted;)
}
}
}
l3-interface irb.logical-unit-number;
multicast-snooping-options {
flood-groups [group-names];
forwarding-cache {
threshold {
reuse threshold;
suppress threshold;
}
}
graceful-restart {
disable;
restart-duration duration;
}
host-outbound-traffic {
dot1p bits;
forwarding-class forwarding-class;
}
multichassis-lag-replicate-state;
nexthop-hold-time time;
options {
syslog {
level level;
mark interval;
upto level;
}
}
traceoptions {
file filename {
files number;
no-world-readable;
size file-size;
world-readable;
}
flag flag {
disable;
}
}
}
switch-options {
interface interface-name {
interface-mac-limit limit {
packet-action action;
}
static-mac mac-address;
}
interface-mac-limit limit {
packet-action action;
}
mac-move-limit limit {
packet-action action;
}
mac-table-size limit {
packet-action drop;
}
no-mac-learning;
}
}
vlan-id number;
vlan-id-list [vlan-id | vlan-id–vlan-id];
vlan-tags
inner value;
outer value;
}
vxlan {
ingress-node-replication
ovsdb-managed
}
}
}
}
Syntax (SRX Series and EX Series)
vlans {
vlan-name {
description text-description;
dot1q-tunneling {
customer-vlans (id | range)
layer2-protocol-tunneling all | protocol-name {
drop-threshold number;
shutdown-threshold number;
}
}
filter input filter-name;
filter output filter-name;{
egress;
ingress;
mapping (native (push | swap) | policy | tag (push | swap));
pvlan-trunk;
}
isolation-id id-number;
l3-interface l3-interface-name.logical-interface-number;
l3-interface-ingress-counting layer-3-interface-name;
mac-limit limit action action;
mac-table-aging-time seconds;
no-local-switching (VLAN);
no-mac-learning;
primary-vlan vlan-name;
vlan-id number;
vlan-prune;
vlan-range vlan-id-low-vlan-id-high;
}
}
Syntax (SRX Series)
vlans {
vlan name {
(vlan-id (1..3967) | vlan-id-list [ vlan-id-numbers]);
description;
forwarding-options {
dhcp-security {
arp-inspection;
dhcpv6-options {
option-16 {
use-string use-string;
}
option-18 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
option-37 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
}
group group-name {
interface interface-name {
static-ip {
ip-address {
mac-address;
}
}
static-ipv6 {
ip-address {
mac-address;
}
}
}
overrides {
no-dhcpv6-options;
no-option16;
no-option18;
no-option37;
no-option82;
trusted;
untrusted;
}
}
ip-source-guard;
ipv6-source-guard;
neighbor-discovery-inspection;
no-dhcp-snooping;
no-dhcpv6-snooping;
option-82 {
circuit-id {
prefix {
host-name;
logical-system-name;
routing-instance-name;
}
use-interface-description (device | logical);
use-vlan-id;
}
remote-id {
host-name;
mac;
use-interface-description (device | logical);
use-string use-string;
}
vendor-id {
use-string use-string;
}
}
}
filter {
input filter-name;
}
flood {
input filter-name;
}
}
interface interface-name;
l3-interface l3-interface-name;
mcae-mac-flush;
mcae-mac-synchronize;
service-id service-id;
switch-options {
interface name {
action-priority action-priority;
encapsulation-type (ethernet | ethernet-vlan);
ignore-encapsulation-mismatch;
interface-mac-limit {
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
no-mac-learning;
pseudowire-status-tlv;
static-mac mac-address {
vlan-id value;
}
}
interface-mac-limit {
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
mac-table-aging-time seconds;
mac-table-size {
limit;
packet-action {
drop;
}
}
no-mac-learning;
static-rvtep-mac {
mac mac_addr {
remote-vtep;
}
}
}
}
}
Syntax (vSRX Virtual Firewall)
vlans {
vlan name {
(vlan-id (all | none | number) | vlan-id-list [ vlan-id-numbers] | vlan-tags <inner number> outer number);
description;
forwarding-options {
dhcp-security {
arp-inspection;
dhcpv6-options {
option-16 {
use-string use-string;
}
option-18 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
option-37 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
}
group group-name {
interface interface-name {
static-ip {
ip-address;
}
static-ipv6 {
ip-address;
}
}
overrides {
no-dhcpv6-options;
no-option16;
no-option18;
no-option37;
no-option82;
trusted;
untrusted;
}
}
ip-source-guard;
ipv6-source-guard;
light-weight-dhcpv6-relay;
neighbor-discovery-inspection;
no-dhcp-snooping;
no-dhcpv6-snooping;
option-82 {
circuit-id {
prefix {
host-name;
logical-system-name;
routing-instance-name;
}
use-interface-description (device | logical);
use-vlan-id;
}
remote-id {
host-name;
mac;
use-interface-description (device | logical);
use-string use-string;
}
vendor-id {
use-string use-string;
}
}
}
filter {
input filter-name;
}
flood {
input filter-name;
}
}
interface interface-name;
l3-interface l3-interface-name;
mcae-mac-synchronize;
no-irb-layer-2-copy;
service-id service-id;
switch-options {
interface name {
action-priority action-priority;
encapsulation-type (ethernet | ethernet-vlan);
ignore-encapsulation-mismatch;
interface-mac-limit {
disable;
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
mac-pinning;
no-mac-learning;
pseudowire-status-tlv;
static-mac mac-address {
vlan-id value;
}
}
interface-mac-limit {
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
mac-statistics;
mac-table-aging-time seconds;
mac-table-size {
limit;
packet-action {
drop;
}
}
no-mac-learning;
static-rvtep-mac {
mac mac_addr {
remote-vtep;
}
}
}
}
}
Hierarchy Level
[edit]
[edit routing-instances routing-instance-name]
Description
Configure VLAN properties.
On EX Series switches and SRX Series Firewalls (including vSRX Virtual Firewall), the following configuration guidelines apply:
Only private VLAN (PVLAN) firewall filters can be used when the VLAN is enabled for Q-in-Q tunneling.
An S-VLAN tag is added to the packet if the VLAN is Q-in-Q-tunneled and the packet is arriving from an access interface.
You cannot use a firewall filter to assign an integrated routing and bridging (IRB) interface or a routed VLAN interface (RVI) to a VLAN.
VLAN assignments performed using a firewall filter override all other VLAN assignments.
Default
If you use the default factory configuration, all switch interfaces become part of the VLAN default.
Options
vlan-name—Name of the VLAN. The name can include letters, numbers, hyphens (-), and periods (.) and can contain up to 255 characters long.
The remaining statements are explained separately. See CLI Explorer.
The remaining statements are described separately.
Required Privilege Level
routing—To view this statement in the configuration.
routing–control—To add this statement to the configuration.
system—To view this statement in the configuration.
system–control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.0.
Statements for private VLANs and Q-in-Q tunneling introduced in Junos OS Release 12.1 for the QFX Series switches.