Supported Platforms
Getting Started with Enhanced Layer 2 Software
- Understanding Enhanced Layer 2 Software Support
- Using the ELS Translator Tool
- Configuring a VLAN
- Configuring the Native VLAN Identifier
- Configuring Layer 2 Interfaces
- Configuring Layer 3 Interfaces
- Configuring an IRB Interface
- Configuring an Aggregated Ethernet Interface and Configuring LACP on That Interface
- Enhanced Layer 2 CLI Configuration Statement and Command Changes
Understanding Enhanced Layer 2 Software Support
Enhanced Layer 2 software (ELS) is automatically supported if your device is running a Junos OS release that supports it. You do not need to take any action to enable ELS, and you cannot disable ELS.
ELS is available on the following EX Series switches and QFX Series devices.
Table 1: ELS Support
Device | Initial ELS Release |
|---|---|
EX4300 switches | 13.2X50-D10 |
EX4600 switches | 13.2X51-D25 |
EX9200 switches | 12.3R2 |
QFX3500 switches | 13.2X50-D15 |
QFX3600 switches | 13.2X50-D15 |
QFX5100 switches | 13.2X51-D10 |
ELS is supported on the EX4300, EX4600, and EX9200 switches for all Junos OS releases, starting with the initial releases shown in Table 1.
ELS support was introduced on QFX3500 and QFX3600 switches in Junos OS Release 13.2X50-D15. ELS is only supported on the software package that supports Virtual Chassis (the jinstall-qfx-3-* software package) for QFX3500 and QFX3600 switches.
For QFX5100 switches, ELS support was introduced in Junos OS Release 13.2X51-D10 and is supported on the jinstall-qfx-5-* software package.
 | Note: ELS is not supported on software packages that can be installed in a QFabric system. |
Using the ELS Translator Tool
The ELS Translator is a web-based tool that converts Junos OS Layer 2 configurations to Enhanced Layer 2 Software (ELS) configurations. This conversion tool supports all Juniper Networks EX Series, MX Series, and QFX Series platforms with ELS installed. The ELS Translator is hosted on Juniper Networks Customer Support website for EX Series switches, MX Series Universal Edge routers, and QFX Series switches and is available to registered users, internal users, partners, and premium service contract customers. You need to login using your Juniper Networks user name and password to access the ELS Translator tool.
Click to access the ELS translator tool.
If you are upgrading from a version of Junos OS that does not support ELS to a version of Junos OS that supports ELS, we recommend updating your configuration with the ELS Translator Tool using the following procedure:
- Log onto your device using the console port.
Note: Only perform this procedure from the console port. You will lose connectivity to your device if you perform this procedure from a management port or any other interface.
- Copy your entire existing configuration into another file. Save the file to a remote location. See Saving a Configuration to a File.
- Retain the portion of your existing configuration related to management network connectivity (such as [edit system]). Delete all other top-level configuration hierarchy levels (such as [edit interfaces], [edit protocols], and [edit vlans]). Issue a commit operation to remove the deleted configuration hierarchy levels.
- Perform the software upgrade. Reboot your device to complete
the upgrade. See Software Installation Overview
Note: Maintain your console port connection during the reboot.
- Click to access the ELS translator tool in a web browser. Follow the instructions on the page to update your configuration.
- Return to your console port connection. When the switch has rebooted to complete the software upgrade, copy the configuration from the ELS Translator Tool onto your switch. See Uploading a Configuration File.
- Commit the new configuration.
| Note: It is possible a script might not translate correctly, so review translated scripts carefully before loading the converted configuration on your switch or other device. |
Configuring a VLAN
You can configure one or more VLANs to perform Layer 2 bridging. The Layer 2 bridging functions include integrated routing and bridging (IRB) for support for Layer 2 bridging and Layer 3 IP routing on the same interface. EX Series and QFX Series switches can function as Layer 2 switches, each with multiple bridging, or broadcast, domains that participate in the same Layer 2 network. You can also configure Layer 3 routing support for a VLAN.
To configure a VLAN:
- Create the VLAN by setting the unique VLAN name and configuring
the VLAN ID:
[edit]
user@host# set vlans vlan-name vlan-id vlan-id-number - Assign at least one interface to the VLAN:
[edit]
user@host# set interface interface-name family ethernet-switching vlan members vlan-name
Configuring the Native VLAN Identifier
EX Series and QFX Series switches support receiving and forwarding routed or bridged Ethernet frames with 802.1Q VLAN tags. Typically, trunk ports, which connect switches to each other, accept untagged control packets but do not accept untagged data packets. You can enable a trunk port to accept untagged data packets by configuring a native VLAN ID on the interface on which you want the untagged data packets to be received.
To configure the native VLAN ID:
- On the interface on which you want untagged data packets
to be received, set the interface mode to trunk, which specifies that
the interface is in multiple VLANs and can multiplex traffic between
different VLANs.
[edit interfaces]
user@host# set interface-name unit logical-unit-number family ethernet-switching interface-mode trunk - Configure the native VLAN ID:
[edit interfaces]
user@host# set interface-name native-vlan-id number - Assign the interface to the native VLAN ID:
[edit interfaces]
user@host# set interface-name unit logical-unit-number family ethernet-switching vlan members native-vlan-id-number
Configuring Layer 2 Interfaces
To ensure that your high-traffic network is tuned for optimal performance, explicitly configure some settings on the switch's network interfaces.
To configure a Gigabit Ethernet interface or 10-Gigabit Ethernet interface for trunk interface mode:
[edit]
user@host# set interfaces interface-name unit logical-unit-number family ethernet-switching interface-mode trunkTo configure a Gigabit Ethernet interface or 10-Gigabit Ethernet interface for access interface mode:
[edit]
user@host# set interfaces interface-name unit logical-unit-number family ethernet-switching interface-mode accessConfiguring Layer 3 Interfaces
To configure a Layer 3 interface, you must assign an IP address to the interface. You assign an address to an interface by specifying the address when configuring the protocol family. For the inet or inet6 family, configure the interface IP address.
You can configure interfaces with a 32-bit IP version 4 (IPv4) address and optionally with a destination prefix, sometimes called a subnet mask. An IPv4 address utilizes a 4-octet dotted decimal address syntax (for example, 192.16.1.1). An IPv4 address with destination prefix utilizes a 4-octet dotted decimal address syntax with a destination prefix appended (for example, 192.16.1.1/30).
To specify an IP address for the logical unit using IPv4:
[edit]
user@host# set interfaces interface-name unit logical-unit-number family inet address ip-addressYou represent IP version 6 (IPv6) addresses in hexadecimal notation using a colon-separated list of 16-bit values. You assign a 128-bit IPv6 address to an interface.
To specify an IP address for the logical unit using IPv6:
[edit]
user@host# set interfaces interface-name unit logical-unit-number family inet6 address ip-addressConfiguring an IRB Interface
Integrated routing and bridging (IRB) provides support for Layer 2 bridging and Layer 3 IP routing on the same interface. IRB enables you to route packets to another routed interface or to another VLAN that has a Layer 3 protocol configured. IRBs allow the device to recognize packets that are being sent to local addresses so that they are bridged (switched) whenever possible and are routed only when necessary. Whenever packets can be switched instead of routed, several layers of processing are eliminated. An interface named irb functions as a logical router on which you can configure a Layer 3 logical interface for VLAN. For redundancy, you can combine an IRB interface with implementations of the Virtual Router Redundancy Protocol (VRRP) in both bridging and virtual private LAN service (VPLS) environments.
To configure an IRB interface:
- Create a Layer 2 VLAN by assigning it a name and a VLAN
ID:
[edit]
user@host# set vlans vlan-name vlan-id vlan-id - Create an IRB logical interface:
[edit]
user@host# set interface irb unit logical-unit-number family inet address ip-address - Associate the IRB interface with the VLAN:
[edit]
user@host# set vlans vlan-name l3-interface irb.logical-unit-number
Configuring an Aggregated Ethernet Interface and Configuring LACP on That Interface
Use the link aggregation feature to aggregate one or more links to form a virtual link or link aggregation group (LAG). The MAC client can treat this virtual link as if it were a single link to increase bandwidth, provide graceful degradation as failure occurs, and increase availability.
To configure an aggregated Ethernet interface:
- Specify the number of aggregated Ethernet interfaces to
be created:
[edit chassis]
user@host# set aggregated-devices ethernet device-count number - Specify the name of the link aggregation group interface:
[edit interfaces]
user@host# set interfaces aex - Specify the minimum number of links for the aggregated
Ethernet interface (aex), that is, the defined bundle, to be labeled
“up”:
[edit interfaces]
user@host# set aex aggregated-ether-options minimum-links number - Specify the link speed for the aggregated Ethernet bundle:
[edit interfaces]
user@host# set aex aggregated-ether-options link-speed link-speed - Specify the members to be included within the aggregated
Ethernet bundle:
[edit interfaces]
user@host# set interface-name ether-options 802.3ad aex
user@host# set interface-name ether-options 802.3ad aex - Specify an interface family for the aggregated Ethernet
bundle:
[edit interfaces]
user@host# set aex unit 0 family inet address ip-address
For aggregated Ethernet interfaces on the device, you can configure the Link Aggregation Control Protocol (LACP). LACP bundles several physical interfaces to form one logical interface. You can configure aggregated Ethernet with or without LACP enabled.
When LACP is enabled, the local and remote sides of the aggregated Ethernet links exchange protocol data units (PDUs), containing information about the state of the link. You can configure Ethernet links to actively transmit PDUs, or you can configure the links to passively transmit them, sending out LACP PDUs only when they receive them from another link. One side of the link must be configured as active for the link to be up.
To configure LACP:
- Enable one side of the aggregated Ethernet link as active:
[edit interfaces]
user@host# set aex aggregated-ether-options lacp active - Specify the interval at which the interfaces send LACP
packets:
[edit interfaces]
user@host# set aex aggregated-ether-options lacp periodic interval
Enhanced Layer 2 CLI Configuration Statement and Command Changes
The enhanced Layer 2 Command Line Interface (CLI) feature is introduced in Junos OS Release 12.3R2. The enhanced Layer 2 CLI feature changes the CLI for some Layer 2 features on EX Series switches. This enhanced CLI will be used to configure Layer 2 features on future EX Series hardware platforms, and also to configure Layer 2 features on other Juniper Networks products.
| Note: When configuring xSTP on EX4300 and EX4600 switches, you must add all the interfaces in the applied VLANs in configurations. For MSTP , configure all interfaces in all VLANs at the [ edit protocols mstp interface] hierarchy level. |
The following tables provide a list of existing commands that were moved to new hierarchies or changed on EX Series switches as part of this CLI enhancement effort. The table is provided as a high-level reference only. For detailed information about these commands, use the links to the configuration statements provided in the table or see the technical documentation.
Table 2: Enhanced Layer 2 CLI Changes
Original Hierarchy | Changed Hierarchy | Change Description |
|---|---|---|
Statements moved to different hierarchy. | ||
ethernet-switching-options {authentication-whitelist {...}} | switch-options {...authentication-whitelist {...}} | Hierarchy renamed. |
protocols { layer2-control {bpdu-block {...}}} | Statement moved to different hierarchy. | |
interfaces interface-name {aggregated-ether-options {ethernet-switch-profile {tag-protocol-id [tpids];}}} | Statement replaced with new statement and moved to different hierarchy. | |
Hierarchy renamed. | ||
— | Statements deleted. | |
Statement replaced with new statement and moved to different hierarchy. | ||
protocols {layer2-control {nonstop-bridging {}}} | Statement moved to different hierarchy. | |
Statement replaced with a new statement. | ||
ethernet-switching-options {redundant-trunk-group {group name {description;interface interface-name {primary;}preempt-cutover-timer seconds;...}}} | switch-options {redundant-trunk-group {group name {description;interface interface-name {primary;}preempt-cutover-timer seconds;...}}} | Hierarchy renamed. |
ethernet-switching-options { secure-access-port { interface (all | interface-name) {(dhcp-trusted | no-dhcp-trusted ); static-ip ip-address { mac mac-address; vlan vlan-name;}} vlan (all | vlan-name) {(arp-inspection | no-arp-inspection ); dhcp-option82 {disable; circuit-id { prefix hostname; use-interface-description; use-vlan-id;} remote-id { prefix (hostname | mac | none); use-interface-description; use-string string;} vendor-id [string];}(examine-dhcp | no-examine-dhcp);}(ip-source-guard | no-ip-source-guard);}} | vlans vlan-name forwarding-options{dhcp-security {arp-inspection; group group-name {interfaceiinterface-name {static-ip ip-address {mac mac-address;}}overrides {no-option-82; trusted; }}ip-source-guard; no-dhcp-snooping; option-82 {circuit-id {prefix {host-name; routing-instance-name;}use-interface-description (device | logical); use-vlan-id; }remote-id {host-name; use-interface-description (device | logical); use-string string;}vendor-id {use-string string;}}} | Statements moved to different hierarchy. Note: The statement examine-dhcp does not exist in the changed hierarchy. Instead, DHCP snooping is enabled automatically when other DHCP security features are enabled on a VLAN. See Configuring Port Security (CLI Procedure) for additional information. |
ethernet-switching-options { secure-access-port {dhcp-snooping-file {location local_pathname | remote_URL;timeout seconds;write-interval seconds;} | system [processes [dhcp-servicedhcp-snooping-file local_pathname | remote_URL;write-interval interval;}} | Statement moved to different hierarchy. |
ethernet-switching-options { secure-access-port vlan (all | vlan-name{mac-move-limit} | Statement moved to different hierarchy. | |
Statement replaced with new statement and moved to different hierarchy. | ||
forwarding-options {storm-control-profiles profile-name {(...)}} interfaces interface-name unit number family ethernet-switching {storm-control storm-control-profile;} | Storm control configuration is done in two steps. The first step is to create a storm control profile at the [edit forwarding-options] hierarchy, and the second step is to bind the profile to a logical interface at the [edit interfaces] hierarchy. See Example: Configuring Storm Control to Prevent Network Outages on EX Series Switches for additional information. | |
ethernet-switching-options { traceoptions {file filename <files number> <no-stamp> <replace> <size size> <world-readable | no-world-readable>;flag flag <disable>;...}} | — | Statements removed. |
Hierarchy renamed. | ||
ethernet-switching-options { voip { interface (all | [interface-name | access-ports]) { forwarding-class (assured-forwarding | best-effort | expedited-forwarding | network-control); vlan vlan-name;...}}} | switch-options { voip { interface (all | [interface-name | access-ports]) { forwarding-class (assured-forwarding | best-effort | expedited-forwarding | network-control); vlan vlan-name;...}}} | Hierarchy renamed. |
Statements moved to different hierarchy. | ||
interfaces interface-name {unit logical-unit-number {family ethernet-switching {native-vlan-id vlan-id }}} | Statement moved to different hierarchy. | |
interfaces interface-name {unit logical-unit-number {family ethernet-switching {interface-mode mode }}} | Statement replaced with a new statement. | |
interfaces vlan | interfaces irb | Statement replaced with a new statement. |
protocols {igmp-snooping {traceoptions {file filename <files number> <no-stamp> <replace> <size maximum-file-size> <world-readable | no-world-readable>;flag flag <flag-modifier> <disable>;}vlan (all | vlan-identifier) {disable;data-forwarding {receiver {install;source-vlans vlan-name;}source {groups ip-address;}}immediate-leave;interface (all | interface-name) {multicast-router-interface;static {group multicast-ip-address;}}proxy {source-address ip-address;}robust-count number;}}} | protocols {igmp-snooping {vlan vlan-name {immediate-leave;interface interface-name {group-limit <1..65535>host-only-interfacemulticast-router-interface;immediate-leave;static {group multicast-ip-address {source <>}}}}l2-querier {source-address ip-address;}proxy {source-address ip-address;}query-interval number;query-last-member-interval number;query-response-interval number;robust-count number;traceoptions {file filename <files number> <no-stamp> <replace> <size maximum-file-size> <world-readable | no-world-readable>;flag flag <flag-modifier>;}}}} | IGMP snooping is configured on a VLAN. |
vlans {vlan-name {dot1q-tunneling {customer-vlans (id | native | range);layer2-protocol-tunneling all | protocol-name {drop-threshold number;shutdown-threshold number;...}}}} | interface interface-name {encapsulation extended-vlan-bridge; flexible-vlan-tagging; native-vlan-id number; unit logical-unit-number {input-vlan-map action; output-vlan-map action;vlan-id number;vlan-id-list [vlan-id vlan-id–vlan-id];}} | Statements replaced with new statements and moved to different hierarchy |
Statements moved to different hierarchy. | ||
vlans {vlan-name {interface interface-name { egress;ingress;mapping (native (push | swap) | policy | tag (push | swap));pvlan-trunk;...}}} | — | Statements removed. You can assign interfaces to a VLAN using the [edit interfaces interface-name unit logical-unit-number family ethernet-switching vlan members vlan-name] hierarchy. |
— | Statement removed. | |
Syntax changed. | ||
— | Statement removed. Ingress traffic is automatically tracked. | |
vlans {vlan-name {switch-options {interface interface-name {interface-mac-limit limit {packet-action action;...}}}}} | Statements moved to different hierarchies and renamed. | |
Statement moved to different hierarchy and renamed. | ||
— | Statement removed. | |
Statement moved to different hierarchy. | ||
— | Statement removed. | |
— | Statement removed. | |
Statement replaced with new statement. |
