Forwarding vlan'ov through Juniper
I am writing the first post on this resource, therefore I ask you not to drop the bricks very much.
As a preface. I work for an Internet provider of regional scale. Not so long ago, they acquired a wonderful piece of hardware called the Juniper MX80 as a root router. And accordingly, there was a need to forward a certain list of vlans through the router to other managed glands.
As it turned out in JunOS, you can do this in several ways. Because I didn’t come across juniper equipment before, of course, I had to try out the method that the official documentation advises.
www.juniper.net/techpubs/software/junos/junos91/mx-solutions-guide/configuring-basic-mx-series-layer-2-features.html We register
vlana on the interfaces we need.
We do the same thing on the other.
As a result, we get.
After the vlans are registered on the interfaces we need, it is necessary to register the so-called bridge-domain, in which you need to specify which vlan is present on which interface.
Well, on the other.
Well, what do we get.
The first method is over. To apply these settings, we perform “commit” and enjoy the result.
The method, in principle, is not bad, but I honestly did not like it ... And to a greater extent due to the fact that it was necessary to create a separate vlan in a separate unit. Yes, of course it was possible to register vlan-id-list on one unit and list a few, but in this case the scheme generally stopped working if the ae0 LACP interface was used in it. Yes, and I wanted a more tsiskovsky method or something.
Accordingly, as they say "laziness is the engine of progress", I began to look for an easier and more convenient way and of course I found.
As in the first case, we prescribe the necessary vlans on each interface, but now we can list them in one unit.
I want to pay special attention. In the interface settings in this case there is no “encapsulation flexible-ethernet-services” parameter.
Well, we prescribe bridge-domain. Now you do not need to specify interfaces, only vlan numbers will be sufficient.
And what happened.
We make "commit".
If you want to see the mac addresses in a specific vlan, you need to enter the command “show bridge mac-table vlan-id” and the vlan number. Here's what we get.
That's all. I would be very happy if at least a small part of my achievements will be useful to someone.
As a preface. I work for an Internet provider of regional scale. Not so long ago, they acquired a wonderful piece of hardware called the Juniper MX80 as a root router. And accordingly, there was a need to forward a certain list of vlans through the router to other managed glands.
As it turned out in JunOS, you can do this in several ways. Because I didn’t come across juniper equipment before, of course, I had to try out the method that the official documentation advises.
www.juniper.net/techpubs/software/junos/junos91/mx-solutions-guide/configuring-basic-mx-series-layer-2-features.html We register
vlana on the interfaces we need.
#set interface ge1 / 1/9 unit 50 encapsulation vlan-bridge vlan-id
202 #set interface ge1 / 1/9 unit 50 encapsulation vlan-bridge vlan-id 202
We do the same thing on the other.
#set interface ae0 unit 50 encapsulation vlan-bridge vlan-id 50
#set interface ae0 unit 50 encapsulation vlan-bridge vlan-id 202
As a result, we get.
ge-1/1/9 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 50 {
encapsulation vlan-bridge;
vlan-id 50;
unit 202 {
encapsulation vlan-bridge;
vlan-id 202;
}
}
}
ae0 {
vlan-tagging;
encapsulation flexible-ethernet-services;
aggregated-ether-options {
lacp {
active;
}
}
unit 50 {
encapsulation vlan-bridge;
vlan-id 50;
unit 202 {
encapsulation vlan-bridge;
vlan-id 202;
}
}
}
After the vlans are registered on the interfaces we need, it is necessary to register the so-called bridge-domain, in which you need to specify which vlan is present on which interface.
#set bridge-domain vlan50 domain-type bridge interface interface ge-1/1 / 9.50
#set bridge-domain vlan50 domain-type bridge interface interface ae0.50
Well, on the other.
#set bridge-domain vlan202 domain-type bridge interface interface ge-1/1 / 9.202
#set bridge-domain vlan202 domain-type bridge interface interface ae0.202
Well, what do we get.
bridge-domains {
vlan50 {
domain-type bridge;
interface ge-1/1 / 9.50;
interface ae0.50;
}
vlan202 {
domain-type bridge;
interface ge-1/1 / 9.202;
interface ae0.202;
}
}
The first method is over. To apply these settings, we perform “commit” and enjoy the result.
The method, in principle, is not bad, but I honestly did not like it ... And to a greater extent due to the fact that it was necessary to create a separate vlan in a separate unit. Yes, of course it was possible to register vlan-id-list on one unit and list a few, but in this case the scheme generally stopped working if the ae0 LACP interface was used in it. Yes, and I wanted a more tsiskovsky method or something.
Accordingly, as they say "laziness is the engine of progress", I began to look for an easier and more convenient way and of course I found.
As in the first case, we prescribe the necessary vlans on each interface, but now we can list them in one unit.
#set interface ae0 unit 0 family bridge interface-mode trunk vlan-id-list [50 202]
#set interface ae0 unit 0 family bridge interface-mode trunk vlan-id-list [50 202]
ge-1/1/9 {
vlan-tagging;
unit 0 {
description FORWARD_VLANS;
family bridge {
interface-mode trunk;
vlan-id-list [50 202];
}
}
}
ae0 {
vlan-tagging;
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
description FORWARD_VLANS;
family bridge {
interface-mode trunk;
vlan-id-list [50 202];
}
}
}
I want to pay special attention. In the interface settings in this case there is no “encapsulation flexible-ethernet-services” parameter.
Well, we prescribe bridge-domain. Now you do not need to specify interfaces, only vlan numbers will be sufficient.
#set bridge-domain vlan202 vlan-id 202
#set bridge-domain vlan20 vlan-id 50
And what happened.
bridge-domains {
vlan202 {
vlan-id 202;
}
vlan50 {
vlan-id 50;
}
}
We make "commit".
If you want to see the mac addresses in a specific vlan, you need to enter the command “show bridge mac-table vlan-id” and the vlan number. Here's what we get.
> show bridge mac-table vlan-id 50
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
Routing instance: default-switch
Bridging domain: stks.local, VLAN: 50
MAC MAC Logical
address flags interface
00: 07: e9: 0a: 50: 16 D ae0.0
00: 18: f4: 2b: ba: fb D ge-1/1 / 9.0
That's all. I would be very happy if at least a small part of my achievements will be useful to someone.