Forwarding vlan'ov through Juniper
I am writing the first post on this resource, therefore I ask you not to throw bricks much.
As a preface. I work for a regional Internet provider. Not so long ago, you got a wonderful piece of iron called the Juniper MX80 as a root router. And accordingly, it became necessary to forward a list of vlans through the router to other managed pieces of hardware.
As it turned out in JunOS, you can do this in several ways. Since Previously, I didn’t come across a juniper equipment. Of course, I tried a method that official documentation advises.
www.juniper.net/techpubs/software/junos/junos91/mx-solutions-guide/configuring-basic-mx-series-layer-2-features.html
We register vlana on the interfaces necessary to us.
')
Do the same thing on the other.
As a result, we get.
After the vlans are registered on the interfaces we need, it is necessary to register the so-called bridge-domain, in which you need to specify which vlan is present on which interface.
Well, on the other.
So what we get.
On it the first method is finished. To apply these settings, we perform “commit” and enjoy the result.
The method is not bad in principle, but I honestly didn’t like it ... And mostly due to the fact that it was necessary to create a separate vlan into a separate unit. Yes, of course, it was possible to register one vlan-id-list on one unit and list several, but in this case the scheme stopped working at all if the ae0 LACP interface was involved in it. Yes, and I wanted a more tsiskovsky method or something.
Accordingly, as they say "laziness is the engine of progress," I began to look for an easier and more convenient way and of course I found it.
As in the first case, we register the necessary drivers on each interface, but now we can list them in one unit.
I want to pay special attention. In the interface settings, in this case, the “encapsulation flexible-ethernet-services” parameter is missing.
Well, we register the bridge-domain. Now it is not necessary to specify interfaces, only the numbers of the vlan will be sufficient.
And what happened.
Make a “commit”.
If you want to see mac addresses in a specific vlan, then you need to enter the command “show bridge mac-table vlan-id” and the number of the vlan. That's what we get.
That's all. I would be very happy if even a small part of my work would be useful to someone.
As a preface. I work for a regional Internet provider. Not so long ago, you got a wonderful piece of iron called the Juniper MX80 as a root router. And accordingly, it became necessary to forward a list of vlans through the router to other managed pieces of hardware.
As it turned out in JunOS, you can do this in several ways. Since Previously, I didn’t come across a juniper equipment. Of course, I tried a method that official documentation advises.
www.juniper.net/techpubs/software/junos/junos91/mx-solutions-guide/configuring-basic-mx-series-layer-2-features.html
We register vlana on the interfaces necessary to us.
')
#set interface ge1 / 1/9 unit 50 encapsulation vlan-bridge vlan-id 50
#set interface ge1 / 1/9 unit 202 encapsulation vlan-bridge vlan-id 202
Do the same thing on the other.
#set interface ae0 unit 50 encapsulation vlan-bridge vlan-id 50
#set interface ae0 unit 202 encapsulation vlan-bridge vlan-id 202
As a result, we get.
ge-1/1/9 {
vlan tagging;
encapsulation flexible-ethernet-services;
unit 50 {
encapsulation vlan-bridge;
vlan-id 50;
unit 202 {
encapsulation vlan-bridge;
vlan-id 202;
}
}
}
ae0 {
vlan tagging;
encapsulation flexible-ethernet-services;
aggregated-ether-options {
lacp {
active;
}
}
unit 50 {
encapsulation vlan-bridge;
vlan-id 50;
unit 202 {
encapsulation vlan-bridge;
vlan-id 202;
}
}
}
After the vlans are registered on the interfaces we need, it is necessary to register the so-called bridge-domain, in which you need to specify which vlan is present on which interface.
#set bridge-domain vlan50 domain-type bridge interface interface ge-1/1 / 9.50
#set bridge-domain vlan50 domain-type bridge interface interface ae0.50
Well, on the other.
#set bridge-domain vlan202 domain-type bridge interface interface ge-1/1 / 9.202
#set bridge-domain vlan202 domain-type bridge interface interface ae0.202
So what we get.
bridge-domains {
vlan50 {
domain-type bridge;
interface ge-1/1 / 9.50;
interface ae0.50;
}
vlan202 {
domain-type bridge;
interface ge-1/1 / 9.202;
interface ae0.202;
}
}
On it the first method is finished. To apply these settings, we perform “commit” and enjoy the result.
The method is not bad in principle, but I honestly didn’t like it ... And mostly due to the fact that it was necessary to create a separate vlan into a separate unit. Yes, of course, it was possible to register one vlan-id-list on one unit and list several, but in this case the scheme stopped working at all if the ae0 LACP interface was involved in it. Yes, and I wanted a more tsiskovsky method or something.
Accordingly, as they say "laziness is the engine of progress," I began to look for an easier and more convenient way and of course I found it.
As in the first case, we register the necessary drivers on each interface, but now we can list them in one unit.
#set interface ge-1/1/9 unit 0 family bridge interface-mode trunk vlan-id-list [50 202]
#set interface ae0 unit 0 family bridge interface-mode trunk vlan-id-list [50 202]
ge-1/1/9 {
vlan tagging;
unit 0 {
description FORWARD_VLANS;
family bridge {
interface-mode trunk;
vlan-id-list [50 202];
}
}
}
ae0 {
vlan tagging;
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
description FORWARD_VLANS;
family bridge {
interface-mode trunk;
vlan-id-list [50 202];
}
}
}
I want to pay special attention. In the interface settings, in this case, the “encapsulation flexible-ethernet-services” parameter is missing.
Well, we register the bridge-domain. Now it is not necessary to specify interfaces, only the numbers of the vlan will be sufficient.
#set bridge-domain vlan202 vlan-id 202
#set bridge domain vlan50 vlan-id 50
And what happened.
bridge-domains {
vlan202 {
vlan-id 202;
}
vlan50 {
vlan-id 50;
}
}
Make a “commit”.
If you want to see mac addresses in a specific vlan, then you need to enter the command “show bridge mac-table vlan-id” and the number of the vlan. That's what we get.
> show bridge mac-table vlan-id 50
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
Routing instance: default-switch
Bridging domain: stks.local, VLAN: 50
MAC MAC Logical
address flags interface
00: 07: e9: 0a: 50: 16 D ae0.0
00: 18: f4: 2b: ba: fb D ge-1/1 / 9.0
That's all. I would be very happy if even a small part of my work would be useful to someone.
Source: https://habr.com/ru/post/167375/
All Articles