Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS EVPN User Guide EVPN-VXLAN Configuring EVPN-VXLAN Interfaces

EVPN User Guide

keyboard_arrow_up
close
keyboard_arrow_left
EVPN User Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Overlapping VLAN Support Using VLAN Translation in EVPN-VXLAN Networks

date_range 20-Dec-24
arrow_backward
arrow_forward

You can use VLAN translation to manage overlapping VLAN IDs in an EVPN-VXLAN fabric. For this purpose, we support VLAN translation on the following platforms operating as leaf devices in the fabric:

  • QFX5110 and QFX5120 switches—Starting in Junos OS Release 21.2R1

  • QFX5130-32CD and QFX5700 switches—Starting in Junos OS Evolved Release 22.1R1

We support this feature:

  • On trunk mode access-side interfaces configured in the enterprise style.

  • On leaf devices in edge-routed bridging (ERB) and centrally routed bridging (CRB) overlays.

  • With MAC-VRF EVPN routing instances (any supported service types).

  • On access side ports that can be single-homed or multihomed.

  • On Layer 2 (L2) VXLAN gateway access-side ports.

  • On Layer 3 (L3) VXLAN gateway IRB interfaces for VXLAN bridge domains.

Benefits

  • Simplifies re-provisioning a network after combining different business areas in the network that might use the same VLAN IDs for different functions.

  • Helps service providers to maintain traffic isolation in the same network among different customers using one or more of the same VLAN IDs.

Overview

When you configure VLAN translation, you map the host VLAN ID in tagged packets coming in on an interface to a configured VLAN ID. We call that configured VLAN ID a mapped VLAN value. For ingress packets from the host, the device substitutes the mapped VLAN value for the host VLAN ID before the packet enters the packet processing pipeline. On egress when forwarding tagged traffic toward the host, the device replaces the mapped VLAN value with the host VLAN ID.

You use the usual VLAN configuration statements to define the VLANs you plan to use as mapped VLAN values. You also associate interfaces with those VLANs. Then to configure the VLAN translation, use the vlan-rewrite translate from-vlan-id to-vlan-id statement at the [edit interfaces interface-name unit logical-unit-number family ethernet-switching] for each host VLAN mapping and interface as needed. With this statement:

  • The from-vlan-id is the host VLAN ID.

  • The to-vlan-id is the mapped VLAN value.

You can specify host VLAN IDs and mapped VLAN values in the usual VLAN range—1 through 4094.

If you configure an interface with multiple host VLANs and map some (but not all) of those host VLANs to mapped VLAN values, the interface:

  • Accepts and passes through packets that are tagged with host VLAN IDs that are not mapped (host VLAN IDs that have no corresponding vlan-rewrite translate statement).

  • Accepts packets that are tagged with a host VLAN ID for which the interface has a vlan-rewrite translate configuration. The interface drops packets that are tagged with the corresponding mapped VLAN value.

For example, the following configuration includes VLANs 100 and 101 on interface xe-0/0/1. The configuration also establishes VLAN translation for host VLAN ID 200 to mapped VLAN value 100.

content_copy zoom_out_map
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan101
set vlans vlan100 vlan-id 100
set vlans vlan101 vlan-id 101

set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100

With this configuration, the interface:

  • Accepts incoming packets that are tagged with VLAN 101 because that VLAN isn't mapped.

  • Accepts incoming packets that are tagged with VLAN 200 because that VLAN is a host VLAN with a vlan-rewrite mapping.

  • Drops incoming packets tagged with VLAN 100 because that VLAN is a mapped VLAN value for host VLAN 200.

Supported VLAN Translation Configurations

We support VLAN translation on an interface as follows:

  • You can map a host VLAN ID to a mapped VLAN value only on access interfaces with enterprise style interface configurations.

  • You can map each host VLAN to one and only one mapped VLAN value.

    You'll see a commit error if you try to configure VLAN translation of the same host VLAN to more than one mapped VLAN value.

    For example, the following configuration includes VLAN IDs 100 and 101 on interface xe-0/0/1. The configuration also maps host VLAN ID 200 to mapped VLAN value 100.

    content_copy zoom_out_map
    set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan101
set vlans vlan100 vlan-id 100
set vlans vlan101 vlan-id 101

set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100

    If you then try to map the same host VLAN 200 to the other configured VLAN 101 on the same interface, the CLI won't allow the commit:

    content_copy zoom_out_map
    set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 101

  • You can map only one host VLAN to the same mapped VLAN value on an interface.

    In other words, after you map a host VLAN, you can’t map a different host VLAN tag to the same mapped VLAN value on the same interface. The CLI doesn't block the commit operation, but only the most recent mapping will take effect.

    For example, you configure VLAN 100 on an interface, and map host VLAN 200 to mapped VLAN value 100:

    content_copy zoom_out_map
    set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100
set vlans vlan100 vlan-id 100

set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100

    You commit that configuration, then configure a mapping from host VLAN 300 to the same mapped VLAN value 100:

    content_copy zoom_out_map
    set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 300 100

    The device overwrites the first mapping with the second one for that mapped VLAN value, and processes packets only according to the second mapping.

  • You can map different host VLANs to different mapped VLAN values on the same interface.

    For example, if you configure VLANs 100 and 101 on an interface, you can map host VLAN 200 to one mapped VLAN value (100) and host VLAN 300 to another mapped VLAN value (101) on that same interface:

    content_copy zoom_out_map
    set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan101
set vlans vlan100 vlan-id 100
set vlans vlan101 vlan-id 101

set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 300 101

  • You can map the same host VLAN to the same mapped VLAN value on different interfaces.

    For example, if you configure two interfaces xe-0/0/1 and xe-0/0/2 as members of VLAN 100, you can map host VLAN 200 to the same mapped VLAN value (100) for both interfaces:

    content_copy zoom_out_map
    set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members vlan100
set vlans vlan100 vlan-id 100

set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan-rewrite translate 200 100

  • You can map different host VLAN tags to the same mapped VLAN value on different interfaces.

    For example, your configuration includes VLAN 100 on interfaces xe-0/0/1 and xe-0/0/2. You can map host VLAN 200 on xe-0/0/1 and host VLAN 300 on xe-0/0/2 to the same mapped VLAN value 100:

    content_copy zoom_out_map
    set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members vlan100
set vlans vlan100 vlan-id 100

set  interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100
set  interfaces xe-0/0/2 unit 0 family ethernet-switching vlan-rewrite translate 300 100
Note:

(QFX5xxx switches) In an EVPN-VXLAN fabric, you can’t configure the native-vlan-id statement on the same interface where you enable VLAN translation with the vlan-rewrite statement.

Verify VLAN Translation Mappings on an Interface

Run the show ethernet-switching interface interface-name detail CLI command to verify the VLAN translation mappings on an interface.

For example, consider again the case where you configure different VLANs (VLAN 100 and VLAN 101) on the same interface, xe-0/0/1. Then you map different host VLAN IDs (200 and 300) to each of those mapped VLAN values (100 and 101, respectively).

content_copy zoom_out_map
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan101
set vlans vlan100 vlan-id 100
set vlans vlan101 vlan-id 101

set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 300 101

In the output from the show ethernet-switching interface xe-0/0/1 detail, you see the host VLAN ID (200 or 300) in the Trunk id: output field. You also see the corresponding mapped VLAN value (100 or 101) in the VLAN id: output field, and its configured VLAN name (vlan100 or vlan101) in the VLAN name: output field.

content_copy zoom_out_map
user@leaf> show ethernet-switching interface xe-0/0/1 detail

Information for interface family:
Name: xe-0/0/1.0
  Type: IFF                             Handle: 0x2701c10
  Index: 554                            Generation: 186
                                        Flags: UP
  IFD index: 659                        Routing/Vlan index: 7
  IFL index: 554                        Address family: 63
  Sequence number: 0                    MAC sequence number: 0
  MAC limit: 294912                     MACs learned: 0
  Static MACs learned: 0                Non configured static MACs learned: 0
  MAC+IP limit: 0                       MAC+IPs learned: 0
Name: xe-0/0/1.0
  Type: IFBD (static)                   Handle: 0x1de8890
  Index:                                Generation: 147
  Trunk id: 200                         Flags: UP,
  IFD index:                            Routing/Vlan index: 5
  IFL index:                            Address family:
  VLAN id: 100                          VLAN name: vlan100
  Sequence number: 0                    MAC sequence number: 0
  MAC limit: 294912                     MACs learned: 0
  Static MACs learned: 0                Non configured static MACs learned: 0
  MAC+IP limit: 0                       MAC+IPs learned: 0
  VSTP index: 9                         STP State: Forwarding
  Tagging: tagged                       Rewrite op: SWAP
Name: xe-0/0/1.0
  Type: IFBD (static)                   Handle: 0x1de7c50
  Index:                                Generation: 148
  Trunk id: 300                         Flags: UP,
  IFD index:                            Routing/Vlan index: 6
  IFL index:                            Address family:
  VLAN id: 101                          VLAN name: vlan101
  Sequence number: 0                    MAC sequence number: 0
  MAC limit: 294912                     MACs learned: 0
  Static MACs learned: 0                Non configured static MACs learned: 0
  MAC+IP limit: 0                       MAC+IPs learned: 0
  VSTP index: 9                         STP State: Forwarding
  Tagging: tagged                       Rewrite op: SWAP

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
22.1R1EVO
Starting in Junos OS Evolved Release 22.1R1 on QFX5130-32CD and QFX5700 switches, you can use VLAN translation to support overlapping host VLAN IDs on leaf devices in an EVPN-VXLAN fabric.
21.2R1
Starting in Junos OS Release 21.2R1 on QFX5110 and QFX5120 switches, you can use VLAN translation to support overlapping host VLAN IDs on leaf devices in an EVPN-VXLAN fabric.
arrow_backward PREVIOUS EVPN-VXLAN Lightweight Leaf to Server Loop Detection
NEXT arrow_forward Overlapping VLAN Support Using Multiple Forwarding Instances or VLAN Normalization
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top