Juniper Networks EX2500 manual Enable tagging on uplink ports that support multiple VLANs

Page 42

EX2500 Ethernet Switch Configuration Guide

Table 8: Components of Sample Network with Multiple VLANs (2 of 2)

Component	Description

Server 5	A member of VLAN 1 and VLAN 2, this server can communicate only with Server 1, Server 2, and
	Server 3.
	The associated switch port has tagging enabled.

Enterprise	These switches must have all three VLANs (VLAN 1, 2, 3) configured. They can communicate with
Routing switches	Server 1, Server 2, and Server 5 via VLAN 1. They can communicate with Server 3 and Server 5 via
	VLAN 2. They can communicate with Server 4 via VLAN 3.
	Tagging on switch ports is enabled.

NOTE: VLAN tagging is required only on ports that are connected to other switches or on ports that connect to tag-capable end-stations, such as servers with VLAN-tagging adapters.

Use the following procedure to configure the sample network shown in Figure 6.

1. Enable VLAN tagging on server ports that support multiple VLANs.

ex2500(config)# interface port 5 ex2500(config-if)# tagging ex2500(config-if)# exit

2. Enable tagging on uplink ports that support multiple VLANs.

ex2500(config)# interface port 19 ex2500(config-if)# tagging ex2500(config-if)# exit ex2500(config)# interface port 20 ex2500(config-if)# tagging ex2500(config-if)# exit

3. Configure the VLANs and their member ports.

By default, all ports are members of VLAN 1, so configure only those ports that belong to other VLANs.

ex2500(config)# vlan 2 ex2500(config-vlan)# enable ex2500(config-vlan)# member 3 ex2500(config-vlan)# member 5 ex2500(config-vlan)# member 19 ex2500(config-vlan)# member 20 ex2500(config-vlan)# exit ex2500(config)# vlan 3 ex2500(config-vlan)# enable ex2500(config-vlan)# member 4,19,20 ex2500(config-vlan)# exit

28 VLAN Topologies and Design Considerations

Image 42

Contents Configuration Guide North Mathilda Avenue Sunnyvale, CAIi „ Table of Contents Chapter VLANs Chapter Ports and Trunking Rmon Overview Rmon Group 1-Statistics Rmon Group 2-HistoryPort Mirroring Overview Configuring Port Mirroring AppendixesIndexes Default Vlan Settings Port-Based Vlan AssignmentPage List of Tables EX2500 Ethernet Switch Configuration Guide „ List of Tables Audience About This GuideObjectives Supported PlatformsDocumentation Conventions Icon Meaning DescriptionList of Technical Publications Documentation FeedbackRequesting Technical Support Self-Help Online Tools and Resources Opening a Case with JtacEX2500 Ethernet Switch Applications Page Accessing the Switch Configuring the Management InterfaceDynamic Host Configuration Protocol Configure the default gateway. Enable the gatewayUsing Telnet Using the EX2500 Web Device ManagerConfiguring EX2500 Web Device Manager Access via Http Configuring EX2500 Web Device Manager Access via HttpsUsing Snmp SNMPv1, SNMPv2Default Configuration User ConfigurationSNMPv3 SNMPv2 Trap Host Configuration Configuring Snmp Trap HostsSNMPv1 Trap Host Configuration Configure an entry in the notify tableSecuring Access to the Switch SNMPv3 Trap Host ConfigurationConfiguring Radius on the Switch Radius Authentication and AuthorizationHow Radius Authentication Works Configure the Radius secretRadius Authentication Features in the EX2500 Switch Switch User Accounts Radius Attributes for EX2500 User PrivilegesTACACS+ Authentication How TACACS+ Authentication WorksTACACS+ Authentication Features in the EX2500 Switch „ starttime „ stoptime „ elapsedtime „ disccause Command Authorization and Logging Configuring TACACS+ Authentication on the SwitchConfigure the TACACS+ secret and second secret Secure Shell Configuring SSH Features on the SwitchGenerating RSA Host and Server Keys for SSH Access SSH Encryption of Management MessagesEnd User Access Control SSH Integration with Radius and TACACS+ AuthenticationConsiderations for Configuring End User Accounts User Access ControlListing Current Users Logging In to an End User AccountVLANs Vlan OverviewVlan Numbers „ Port configurationVLANs and Port Vlan ID Numbers Pvid NumbersIllustrates the default Vlan settings on the switch Vlan TaggingDefault Vlan Settings Port-Based Vlan Assignment Vlan Configuration Rules Vlan Topologies and Design ConsiderationsMultiple VLANs Configuration Example Multiple VLANs example in is described in TableEnable tagging on uplink ports that support multiple VLANs Private VLANs Private Vlan PortsConfigure a secondary Vlan and map it to the primary Vlan Private Vlan Configuration GuidelinesPrivate Vlan Configuration Example Verify the configurationSpanning Tree Protocol Spanning Tree OverviewBridge Protocol Data Units BPDUs Determining the Path for Forwarding BPDUsBridge Priority Port Priority Spanning Tree Group Configuration GuidelinesChanging the Spanning Tree Mode Port Path CostCreating a Vlan Rules for Vlan Tagged PortsAdding and Removing Ports from STGs Rapid Spanning Tree Protocol Port State ChangesPort Type and Link Type Rstp Configuration GuidelinesRstp Configuration Example Edge PortDefault Spanning Tree Configuration Why Do We Need Multiple Spanning Trees?Per Vlan Rapid Spanning Tree Pvrst Configuration Guidelines Configuring PvrstMstp Region Mstp Configuration GuidelinesMultiple Spanning Tree Protocol Common Internal Spanning TreeMultiple Spanning Tree Groups Configuration Example Implementing Multiple Spanning Tree GroupsFast Uplink Convergence VlanConfiguration Guidelines Configuring Fast Uplink ConvergencePorts and Trunking Trunking OverviewStatistical Load Distribution Built-In Fault Tolerance Before Configuring Static TrunksTrunk Group Configuration Rules Port Trunking Configuration Example Port Trunk Group Configuration ExampleFollow these steps on the EX2500 switch Define a trunk group „ Destination MAC Dmac Configurable Trunk Hash AlgorithmLink Aggregation Control Protocol „ Destination IP DIP48 „ Link Aggregation Control Protocol Optionally Reducing Lacp Timeout Lacp Configuration GuidelinesConfiguring Lacp Set the Lacp modeEx2500config-if# lacp timeout short ex2500config-if# exit Quality of Service QoS OverviewUsing ACL Filters COSTo delete a MAC Extended ACL MAC Extended ACLsIP Standard ACLs To delete an IP Standard ACLIP Extended ACLs To delete an IP Extended ACLUnderstanding ACL Priority TCP/UDPViewing ACL Statistics ACL Configuration ExamplesAssigning ACLs to a Port ACL Example 1-Blocking Traffic to a HostACL Example 3-Blocking Http Traffic Add the ACL to a portACL Example 4-Blocking All Except Certain Packets Assign the ACLs to a portUsing Storm Control Filters Configuring Storm ControlBroadcast Storms Using Dscp Values to Provide QoS Differentiated Services ConceptsPer Hop Behavior Assured Forwarding Drop Precedence ClassUse the following command to perform Dscp mapping QoS LevelsDscp Mapping Using 802.1p Priority to Provide QoS Shows the priority bits in a VLAN-tagged packetQueuing and Scheduling Remote Monitoring Rmon OverviewConfigure the Rmon statistics on a port Rmon Group 1-StatisticsThis configuration enables Rmon History collection on port Configuring Rmon HistoryConfigure the Rmon History parameters for a port Rmon Group 2-HistoryConfiguring Rmon Alarms Rmon Group 3-AlarmsAlarm MIB Objects Configure the Rmon Alarm parameters to track Icmp messagesEx2500config# rmon event 110 type log-only Rmon Group 9-EventsPage Igmp Igmp SnoopingFastLeave Igmp Snooping Configuration Example IGMPv3 SnoopingStatic Multicast Router Ex2500# show ip igmp groupsHigh Availability Through Uplink Failure Detection High Availability OverviewSpanning Tree Protocol with UFD UFD Configuration Guidelines Failure Detection PairUFD Configuration Example Monitoring UFDPage Appendixes EX2500 Ethernet Switch Configuration Guide 80 „ Appendixes „ Port Mirroring Overview on „ Configuring Port Mirroring on Port Mirroring OverviewConfiguring Port Mirroring Indexes „ Index onEX2500 Ethernet Switch Configuration Guide 84 „ Indexes Index NumericsPhysical. See switch ports Management interface, configuringMulti-links between switches, port trunking Internet Group Management Protocol. See IgmpSecurity Quality of Service. See QoSQoS Segmentation. See IP subnets Segments. See IP subnetsVirtual Local Area Networks. See VLANs Example showing multiple VLANs