Juniper Networks EX2500 manual Port-Based Vlan Assignment

Page 39

Chapter 2: VLANs

Figure 2: Port-Based VLAN Assignment

		PVID = 2
Untagged packet
					4
CRC	Data	SA	DA		Port
CRC	Data	SA	DA

Before

Port 1		Port 2		Port 3			Tagged member
							of VLAN 2
						5
	802.1Q Switch					Port
	802.1Q Switch


Port 6		Port 7		Port 8

Untagged member of VLAN 2

BS45011A

As shown in Figure 3, the untagged packet is marked (tagged) as it leaves the switch through port 5, which is configured as a tagged member of VLAN 2. The untagged packet remains unchanged as it leaves the switch through port 7, which is configured as an untagged member of VLAN 2.

Figure 3: 802.1Q Tagging (after Port-Based VLAN Assignment)

PVID = 2			Port 1		Port 2		Port 3
			Port 1		Port 2		Port 3

	4
	Port			802.1Q Switch
				802.1Q Switch


			Port 6		Port 7		Port 8

	Untagged memeber	CRC
	of VLAN 2	CRC
	of VLAN 2
		Data
	Outgoing	SA
	Outgoing
	untagged packet	DA
	(unchanged)	DA
	(unchanged)

Tagged member of VLAN 2

5

Port

CRC*

Data

Tag

SA

DA

(*Recalculated)

8100

Priority

CFI

VID = 2

16 bits

3 bits

1 bits

12 bits

After

Key

Priority

- User_priority

CFI

- Canonical format indicator

VID

- VLAN identifier

BS45012A

In Figure 4, tagged incoming packets are assigned directly to VLAN 2 because of the tag assignment in the packet. Port 5 is configured as a tagged member of VLAN 2, and port 7 is configured as an untagged member of VLAN 2.

Figure 4: 802.1Q Tag Assignment

Tagged packet

CRC Data Tag

Before

PVID = 2
PVID = 2

			4
SA	DA		Port
SA	DA

Port 1		Port 2		Port 3			Tagged member
							of VLAN 2
						5
	802.1Q Switch					Port
	802.1Q Switch


Port 6		Port 7		Port 8

Untagged member of VLAN 2

BS45013A

VLAN Tagging 25

Image 39

Contents North Mathilda Avenue Sunnyvale, CA Configuration GuideIi „ Table of Contents Chapter VLANs Rmon Overview Rmon Group 1-Statistics Rmon Group 2-History Chapter Ports and TrunkingPort Mirroring Overview Configuring Port Mirroring AppendixesIndexes Port-Based Vlan Assignment Default Vlan SettingsPage List of Tables EX2500 Ethernet Switch Configuration Guide „ List of Tables Supported Platforms About This GuideObjectives AudienceIcon Meaning Description Documentation ConventionsList of Technical Publications Documentation FeedbackRequesting Technical Support Opening a Case with Jtac Self-Help Online Tools and ResourcesEX2500 Ethernet Switch Applications Page Configuring the Management Interface Accessing the SwitchConfigure the default gateway. Enable the gateway Dynamic Host Configuration ProtocolUsing the EX2500 Web Device Manager Using TelnetConfiguring EX2500 Web Device Manager Access via Https Configuring EX2500 Web Device Manager Access via HttpSNMPv1, SNMPv2 Using SnmpDefault Configuration User ConfigurationSNMPv3 Configure an entry in the notify table Configuring Snmp Trap HostsSNMPv1 Trap Host Configuration SNMPv2 Trap Host ConfigurationSNMPv3 Trap Host Configuration Securing Access to the SwitchConfigure the Radius secret Radius Authentication and AuthorizationHow Radius Authentication Works Configuring Radius on the SwitchRadius Authentication Features in the EX2500 Switch Radius Attributes for EX2500 User Privileges Switch User AccountsTACACS+ Authentication How TACACS+ Authentication WorksTACACS+ Authentication Features in the EX2500 Switch „ starttime „ stoptime „ elapsedtime „ disccause Command Authorization and Logging Configuring TACACS+ Authentication on the SwitchConfigure the TACACS+ secret and second secret SSH Encryption of Management Messages Configuring SSH Features on the SwitchGenerating RSA Host and Server Keys for SSH Access Secure ShellSSH Integration with Radius and TACACS+ Authentication End User Access ControlUser Access Control Considerations for Configuring End User AccountsLogging In to an End User Account Listing Current UsersVlan Overview VLANsPvid Numbers „ Port configurationVLANs and Port Vlan ID Numbers Vlan NumbersVlan Tagging Illustrates the default Vlan settings on the switchDefault Vlan Settings Port-Based Vlan Assignment Vlan Topologies and Design Considerations Vlan Configuration RulesMultiple VLANs example in is described in Table Multiple VLANs Configuration ExampleEnable tagging on uplink ports that support multiple VLANs Private Vlan Ports Private VLANsVerify the configuration Private Vlan Configuration GuidelinesPrivate Vlan Configuration Example Configure a secondary Vlan and map it to the primary VlanSpanning Tree Overview Spanning Tree ProtocolBridge Protocol Data Units BPDUs Determining the Path for Forwarding BPDUsBridge Priority Port Path Cost Spanning Tree Group Configuration GuidelinesChanging the Spanning Tree Mode Port PriorityCreating a Vlan Rules for Vlan Tagged PortsAdding and Removing Ports from STGs Port State Changes Rapid Spanning Tree ProtocolEdge Port Rstp Configuration GuidelinesRstp Configuration Example Port Type and Link TypeDefault Spanning Tree Configuration Why Do We Need Multiple Spanning Trees?Per Vlan Rapid Spanning Tree Configuring Pvrst Pvrst Configuration GuidelinesCommon Internal Spanning Tree Mstp Configuration GuidelinesMultiple Spanning Tree Protocol Mstp RegionImplementing Multiple Spanning Tree Groups Multiple Spanning Tree Groups Configuration ExampleVlan Fast Uplink ConvergenceConfiguring Fast Uplink Convergence Configuration GuidelinesPorts and Trunking Trunking OverviewStatistical Load Distribution Built-In Fault Tolerance Before Configuring Static TrunksTrunk Group Configuration Rules Port Trunk Group Configuration Example Port Trunking Configuration ExampleFollow these steps on the EX2500 switch Define a trunk group „ Destination IP DIP Configurable Trunk Hash AlgorithmLink Aggregation Control Protocol „ Destination MAC Dmac48 „ Link Aggregation Control Protocol Set the Lacp mode Lacp Configuration GuidelinesConfiguring Lacp Optionally Reducing Lacp TimeoutEx2500config-if# lacp timeout short ex2500config-if# exit QoS Overview Quality of ServiceCOS Using ACL FiltersTo delete an IP Standard ACL MAC Extended ACLsIP Standard ACLs To delete a MAC Extended ACLTo delete an IP Extended ACL IP Extended ACLsTCP/UDP Understanding ACL PriorityACL Example 1-Blocking Traffic to a Host ACL Configuration ExamplesAssigning ACLs to a Port Viewing ACL StatisticsAdd the ACL to a port ACL Example 3-Blocking Http TrafficAssign the ACLs to a port ACL Example 4-Blocking All Except Certain PacketsUsing Storm Control Filters Configuring Storm ControlBroadcast Storms Differentiated Services Concepts Using Dscp Values to Provide QoSAssured Forwarding Drop Precedence Class Per Hop BehaviorUse the following command to perform Dscp mapping QoS LevelsDscp Mapping Shows the priority bits in a VLAN-tagged packet Using 802.1p Priority to Provide QoSQueuing and Scheduling Rmon Overview Remote MonitoringRmon Group 1-Statistics Configure the Rmon statistics on a portRmon Group 2-History Configuring Rmon HistoryConfigure the Rmon History parameters for a port This configuration enables Rmon History collection on portConfigure the Rmon Alarm parameters to track Icmp messages Rmon Group 3-AlarmsAlarm MIB Objects Configuring Rmon AlarmsRmon Group 9-Events Ex2500config# rmon event 110 type log-onlyPage Igmp Snooping IgmpFastLeave IGMPv3 Snooping Igmp Snooping Configuration ExampleEx2500# show ip igmp groups Static Multicast RouterHigh Availability Overview High Availability Through Uplink Failure DetectionFailure Detection Pair Spanning Tree Protocol with UFD UFD Configuration GuidelinesMonitoring UFD UFD Configuration ExamplePage Appendixes EX2500 Ethernet Switch Configuration Guide 80 „ Appendixes Port Mirroring Overview „ Port Mirroring Overview on „ Configuring Port Mirroring onConfiguring Port Mirroring „ Index on IndexesEX2500 Ethernet Switch Configuration Guide 84 „ Indexes Numerics IndexInternet Group Management Protocol. See Igmp Management interface, configuringMulti-links between switches, port trunking Physical. See switch portsSegmentation. See IP subnets Segments. See IP subnets Quality of Service. See QoSQoS SecurityExample showing multiple VLANs Virtual Local Area Networks. See VLANs