Juniper EX4200 VLAN Configuration

Juniper EX4200 VLAN Configuration

http://www.juniper.net/techpubs/en_US/junos11.4/topics/task/configuration/bridging-vlans-ex-series-cli.html

Configuring VLANs for EX Series Switches (CLI Procedure)
EX Series switches use VLANs to make logical groupings of network nodes with their own broadcast domains. VLANs limit the traffic flowing across the entire LAN and reduce collisions and packet retransmissions.
Why Create a VLAN?Create a VLAN Using the Minimum ProcedureCreate a VLAN Using All of the OptionsConfiguration Guidelines for VLANs
Why Create a VLAN?
Some reasons to create VLANs are:
A LAN has more than 200 devices.A LAN has a lot of broadcast traffic.A group of clients requires that a higher-than-average level of security be applied to traffic entering or exiting the group's devices.A group of clients requires that the group's devices receive less broadcast traffic than they are currently receiving, so that data speed across the group is increased.
Create a VLAN Using the Minimum Procedure
Two steps are required to create a VLAN:
Uniquely identify the VLAN. You do this by assigning either a name or an ID (or both) to the VLAN. When you assign just a VLAN name, an ID is generated by Junos OS.Assign at least one switch port interface to the VLAN for communication. All interfaces in a single VLAN are in a single broadcast domain, even if the interfaces are on different switches. You can assign traffic on any switch to a particular VLAN by referencing either the interface sending traffic or the MAC addresses of devices sending traffic.
The following example creates a VLAN using only the two required steps. The VLAN is created with the name employee-vlan. Then, three interfaces are assigned to that VLAN so that the traffic is transmitted among these interfaces.

Note: In this example, you could alternatively assign an ID number to the VLAN. The requirement is that the VLAN have a unique ID.
[edit]
set vlans employee-vlan
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members employee-vlan
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members employee-vlan
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members employee-vlan
In the example, all users connected to the interfaces ge-0/0/1, ge-0/0/2, and ge-0/0/3 can communicate with each other, but not with users on other interfaces in this network. To configure communication between VLANs, you must configure a routed VLAN interface (RVI). See Configuring Routed VLAN Interfaces (CLI Procedure).
Create a VLAN Using All of the Options
To configure a VLAN, follow these steps:
In configuration mode, create the VLAN by setting the unique VLAN name:
[edit]
user@switch# set vlans vlan-nameConfigure the VLAN tag ID or VLAN ID range for the VLAN. (If you assigned a VLAN name, you do not have to do this, because a VLAN ID is assigned automatically, thereby associating the name of the VLAN to an ID number. However, if you want to control the ID numbers, you can assign both a name and an ID.)
[edit]
user@switch# set vlans vlan-name vlan-id vlan-id-number
or
[edit]
user@switch# set vlans vlan-name vlan-range (vlan-id-low) - (vlan-id-high)Assign at least one interface to the VLAN:
[edit]
user@switch# set vlans vlan-name interface interface-name

Note: You can also specify that a trunk interface is a member of all the VLANs that are configured on this switch. When a new VLAN is configured on the switch, this trunk interface automatically becomes a member of the VLAN.(Optional) Create a subnet for the VLAN because all computers that belong to a subnet are addressed with a common, identical, most-significant-bit group in their IP address. This makes it easy to identify VLAN members by their IP addresses. To create the subnet for the VLAN:
[edit interfaces]
user@switch# set vlan unit logical-unit-number family inet address ip-address(Optional) Specify the description of the VLAN:
[edit]
user@switch# set vlans vlan-name description text-description(Optional) To avoid exceeding the maximum number of members allowed in a VLAN, specify the maximum time that an entry can remain in the forwarding table before it ages out:
[edit]
user@switch# set vlans vlan-name mac-table-aging-time time(Optional) For security purposes, specify a VLAN firewall filter to be applied to incoming or outgoing packets:
[edit]
user@switch# set vlans vlan-name filter input-or-output filter-name(Optional) For accounting purposes, enable a counter to track the number of times this VLAN is accessed:
[edit]
user@switch# set vlans vlan-name l3-interface ingress-counting l3-interface-nameConfiguration Guidelines for VLANs
Two steps are required to create a VLAN. You must uniquely identify the VLAN and you must assign at least one switch port interface to the VLAN for communication.
After creating a VLAN, all users all users connected to the interfaces assigned to the VLAN can communicate with each other but not with users on other interfaces in the network. To configure communication between VLANs, you must configure a routed VLAN interface (RVI). See Configuring Routed VLAN Interfaces (CLI Procedure) to create an RVI.
The number of VLANs supported per switch varies for each switch type. Use the command set vlans id vlan-id ? to discover the maximum number of VLANs allowed on a switch. You cannot exceed this VLAN limit because each VLAN is assigned an ID number when it is created. You can, however, exceed the recommended VLAN member maximum . To determine the maximum number of VLAN members allowed on a switch, multiply the VLAN maximum obtained using set vlans id vlan-id ? times 8.
If a switch configuration exceeds the recommended VLAN member maximum, you see a warning message when you commit the configuration. If you ignore the warning and commit such a configuration, the configuration succeeds but you run the risk of crashing the Ethernet switching process (eswd) due to memory allocation failure.
Published: 2011-11-04