Juniper Networks EX2500 manual Vlan Tagging, Illustrates the default Vlan settings on the switch

Page 37

Chapter 2: VLANs

VLAN Tagging

EX2500 software supports 802.1Q VLAN tagging, providing standards-based VLAN support for Ethernet systems.

Tagging places the VLAN identifier in the frame header of a packet, allowing each port to belong to multiple VLANs. When you add a port to multiple VLANs, you also must enable tagging on that port.

Since tagging fundamentally changes the format of frames transmitted on a tagged port, you must carefully plan network designs to prevent tagged frames from being transmitted to devices that do not support 802.1Q VLAN tags, or devices where tagging is not enabled.

The following important terms are used with the 802.1Q tagging feature:

„VLAN identifier (VID)—The 12-bit portion of the VLAN tag in the frame header that identifies an explicit VLAN.

„Port VLAN identifier (PVID)—A classification mechanism that associates a port with a specific VLAN. For example, a port with a PVID of 3 (PVID = 3) assigns all untagged frames received on this port to VLAN 3. Any untagged frames received by the switch are classified with the PVID of the receiving port.

„Tagged frame—A frame that carries VLAN tagging information in the header. This VLAN tagging information is a 32-bit field (VLAN tag) in the frame header that identifies the frame as belonging to a specific VLAN. Untagged frames are marked (tagged) with this classification as they leave the switch through a port that is configured as a tagged port.

„Untagged frame— A frame that does not carry any VLAN tagging information in the frame header.

„Untagged member—A port that has been configured as an untagged member of a specific VLAN. When an untagged frame exits the switch through an untagged member port, the frame header remains unchanged. When a tagged frame exits the switch through an untagged member port, the tag is stripped and the tagged frame is changed to an untagged frame.

„Tagged member—A port that has been configured as a tagged member of a specific VLAN. When an untagged frame exits the switch through a tagged member port, the frame header is modified to include the 32-bit tag associated with the PVID. When a tagged frame exits the switch through a tagged member port, the frame header remains unchanged (original VID remains).

NOTE: If an 802.1Q tagged frame is received by a port that has VLAN tagging disabled and the port VLAN ID (PVID) is different from the VLAN ID of the packet, then the frame is dropped at the ingress port.

Figure 1 illustrates the default VLAN settings on the switch.

VLAN Tagging „ 23

Page 36 Page 38
Image 37
Page 36 Page 38
Contents North Mathilda Avenue Sunnyvale, CA Configuration GuideIi „ Table of Contents Chapter VLANs Rmon Overview Rmon Group 1-Statistics Rmon Group 2-History Chapter Ports and TrunkingAppendixes Port Mirroring Overview Configuring Port MirroringIndexes Port-Based Vlan Assignment Default Vlan SettingsPage List of Tables EX2500 Ethernet Switch Configuration Guide „ List of Tables Objectives About This GuideAudience Supported PlatformsIcon Meaning Description Documentation ConventionsDocumentation Feedback List of Technical PublicationsRequesting Technical Support Opening a Case with Jtac Self-Help Online Tools and ResourcesEX2500 Ethernet Switch Applications Page Configuring the Management Interface Accessing the SwitchConfigure the default gateway. Enable the gateway Dynamic Host Configuration ProtocolUsing the EX2500 Web Device Manager Using TelnetConfiguring EX2500 Web Device Manager Access via Https Configuring EX2500 Web Device Manager Access via HttpSNMPv1, SNMPv2 Using SnmpUser Configuration Default ConfigurationSNMPv3 SNMPv1 Trap Host Configuration Configuring Snmp Trap HostsSNMPv2 Trap Host Configuration Configure an entry in the notify tableSNMPv3 Trap Host Configuration Securing Access to the SwitchHow Radius Authentication Works Radius Authentication and AuthorizationConfiguring Radius on the Switch Configure the Radius secretRadius Authentication Features in the EX2500 Switch Radius Attributes for EX2500 User Privileges Switch User AccountsHow TACACS+ Authentication Works TACACS+ AuthenticationTACACS+ Authentication Features in the EX2500 Switch „ starttime „ stoptime „ elapsedtime „ disccause Configuring TACACS+ Authentication on the Switch Command Authorization and LoggingConfigure the TACACS+ secret and second secret Generating RSA Host and Server Keys for SSH Access Configuring SSH Features on the SwitchSecure Shell SSH Encryption of Management MessagesSSH Integration with Radius and TACACS+ Authentication End User Access ControlUser Access Control Considerations for Configuring End User AccountsLogging In to an End User Account Listing Current UsersVlan Overview VLANsVLANs and Port Vlan ID Numbers „ Port configurationVlan Numbers Pvid NumbersVlan Tagging Illustrates the default Vlan settings on the switchDefault Vlan Settings Port-Based Vlan Assignment Vlan Topologies and Design Considerations Vlan Configuration RulesMultiple VLANs example in is described in Table Multiple VLANs Configuration ExampleEnable tagging on uplink ports that support multiple VLANs Private Vlan Ports Private VLANsPrivate Vlan Configuration Example Private Vlan Configuration GuidelinesConfigure a secondary Vlan and map it to the primary Vlan Verify the configurationSpanning Tree Overview Spanning Tree ProtocolDetermining the Path for Forwarding BPDUs Bridge Protocol Data Units BPDUsBridge Priority Changing the Spanning Tree Mode Spanning Tree Group Configuration GuidelinesPort Priority Port Path CostRules for Vlan Tagged Ports Creating a VlanAdding and Removing Ports from STGs Port State Changes Rapid Spanning Tree ProtocolRstp Configuration Example Rstp Configuration GuidelinesPort Type and Link Type Edge PortWhy Do We Need Multiple Spanning Trees? Default Spanning Tree ConfigurationPer Vlan Rapid Spanning Tree Configuring Pvrst Pvrst Configuration GuidelinesMultiple Spanning Tree Protocol Mstp Configuration GuidelinesMstp Region Common Internal Spanning TreeImplementing Multiple Spanning Tree Groups Multiple Spanning Tree Groups Configuration ExampleVlan Fast Uplink ConvergenceConfiguring Fast Uplink Convergence Configuration GuidelinesTrunking Overview Ports and TrunkingStatistical Load Distribution Before Configuring Static Trunks Built-In Fault ToleranceTrunk Group Configuration Rules Port Trunk Group Configuration Example Port Trunking Configuration ExampleFollow these steps on the EX2500 switch Define a trunk group Link Aggregation Control Protocol Configurable Trunk Hash Algorithm„ Destination MAC Dmac „ Destination IP DIP48 „ Link Aggregation Control Protocol Configuring Lacp Lacp Configuration GuidelinesOptionally Reducing Lacp Timeout Set the Lacp modeEx2500config-if# lacp timeout short ex2500config-if# exit QoS Overview Quality of ServiceCOS Using ACL FiltersIP Standard ACLs MAC Extended ACLsTo delete a MAC Extended ACL To delete an IP Standard ACLTo delete an IP Extended ACL IP Extended ACLsTCP/UDP Understanding ACL PriorityAssigning ACLs to a Port ACL Configuration ExamplesViewing ACL Statistics ACL Example 1-Blocking Traffic to a HostAdd the ACL to a port ACL Example 3-Blocking Http TrafficAssign the ACLs to a port ACL Example 4-Blocking All Except Certain PacketsConfiguring Storm Control Using Storm Control FiltersBroadcast Storms Differentiated Services Concepts Using Dscp Values to Provide QoSAssured Forwarding Drop Precedence Class Per Hop BehaviorQoS Levels Use the following command to perform Dscp mappingDscp Mapping Shows the priority bits in a VLAN-tagged packet Using 802.1p Priority to Provide QoSQueuing and Scheduling Rmon Overview Remote MonitoringRmon Group 1-Statistics Configure the Rmon statistics on a portConfigure the Rmon History parameters for a port Configuring Rmon HistoryThis configuration enables Rmon History collection on port Rmon Group 2-HistoryAlarm MIB Objects Rmon Group 3-AlarmsConfiguring Rmon Alarms Configure the Rmon Alarm parameters to track Icmp messagesRmon Group 9-Events Ex2500config# rmon event 110 type log-onlyPage Igmp Snooping IgmpFastLeave IGMPv3 Snooping Igmp Snooping Configuration ExampleEx2500# show ip igmp groups Static Multicast RouterHigh Availability Overview High Availability Through Uplink Failure DetectionFailure Detection Pair Spanning Tree Protocol with UFD UFD Configuration GuidelinesMonitoring UFD UFD Configuration ExamplePage Appendixes EX2500 Ethernet Switch Configuration Guide 80 „ Appendixes Port Mirroring Overview „ Port Mirroring Overview on „ Configuring Port Mirroring onConfiguring Port Mirroring „ Index on IndexesEX2500 Ethernet Switch Configuration Guide 84 „ Indexes Numerics IndexMulti-links between switches, port trunking Management interface, configuringPhysical. See switch ports Internet Group Management Protocol. See IgmpQoS Quality of Service. See QoSSecurity Segmentation. See IP subnets Segments. See IP subnetsExample showing multiple VLANs Virtual Local Area Networks. See VLANs
Top Page Image Contents