VLANs, Vlan Overview | Juniper Networks EX2500 manual

Chapter 2

VLANs

This chapter describes network design and topology considerations for using Virtual Local Area Networks (VLANs). VLANs commonly are used to split up groups of network users into manageable broadcast domains, to create logical segmentation of workgroups, and to enforce security policies among logical segments. The following topics are discussed in this chapter:

VLAN Overview on page 21

VLANs and Port VLAN ID Numbers on page 22

VLAN Tagging on page 23

VLAN Topologies and Design Considerations on page 26

Private VLANs on page 29

NOTE: VLANs can be configured from the CLI. See the information on VLAN configuration and port configuration in the EX2500 Ethernet Switch Command Reference.

VLAN Overview

Setting up virtual LANs (VLANs) is a way to segment networks to increase network flexibility without changing the physical network topology. With network segmentation, each switch port connects to a segment that is a single broadcast domain. When a switch port is configured to be a member of a VLAN, it is added to a group of ports (workgroup) that belong to one broadcast domain.

You group ports into broadcast domains by assigning them to the same VLAN. Frames received in one VLAN can be forwarded only within that VLAN, and multicast, broadcast, and unknown unicast frames are flooded only to ports in the same VLAN. The EX2500 switch supports jumbo frames, up to 9,216 bytes.

VLAN Overview 21

Image 35

Juniper Networks EX2500 manual VLANs, Vlan Overview

Contents

North Mathilda Avenue Sunnyvale, CA Configuration Guide Ii „ Table of Contents Chapter VLANs Rmon Overview Rmon Group 1-Statistics Rmon Group 2-History Chapter Ports and Trunking Indexes Port Mirroring Overview Configuring Port MirroringAppendixes Port-Based Vlan Assignment Default Vlan SettingsPage List of Tables EX2500 Ethernet Switch Configuration Guide „ List of Tables Supported Platforms About This GuideObjectives Audience Icon Meaning Description Documentation Conventions Requesting Technical Support List of Technical PublicationsDocumentation Feedback Opening a Case with Jtac Self-Help Online Tools and Resources EX2500 Ethernet Switch Applications Page Configuring the Management Interface Accessing the Switch Configure the default gateway. Enable the gateway Dynamic Host Configuration Protocol Using the EX2500 Web Device Manager Using Telnet Configuring EX2500 Web Device Manager Access via Https Configuring EX2500 Web Device Manager Access via Http SNMPv1, SNMPv2 Using Snmp SNMPv3 Default ConfigurationUser Configuration Configure an entry in the notify table Configuring Snmp Trap HostsSNMPv1 Trap Host Configuration SNMPv2 Trap Host Configuration SNMPv3 Trap Host Configuration Securing Access to the Switch Configure the Radius secret Radius Authentication and AuthorizationHow Radius Authentication Works Configuring Radius on the Switch Radius Authentication Features in the EX2500 Switch Radius Attributes for EX2500 User Privileges Switch User Accounts TACACS+ Authentication Features in the EX2500 Switch TACACS+ AuthenticationHow TACACS+ Authentication Works „ starttime „ stoptime „ elapsedtime „ disccause Configure the TACACS+ secret and second secret Command Authorization and LoggingConfiguring TACACS+ Authentication on the Switch SSH Encryption of Management Messages Configuring SSH Features on the SwitchGenerating RSA Host and Server Keys for SSH Access Secure Shell SSH Integration with Radius and TACACS+ Authentication End User Access Control User Access Control Considerations for Configuring End User Accounts Logging In to an End User Account Listing Current Users Vlan Overview VLANs Pvid Numbers „ Port configurationVLANs and Port Vlan ID Numbers Vlan Numbers Vlan Tagging Illustrates the default Vlan settings on the switch Default Vlan Settings Port-Based Vlan Assignment Vlan Topologies and Design Considerations Vlan Configuration Rules Multiple VLANs example in is described in Table Multiple VLANs Configuration Example Enable tagging on uplink ports that support multiple VLANs Private Vlan Ports Private VLANs Verify the configuration Private Vlan Configuration GuidelinesPrivate Vlan Configuration Example Configure a secondary Vlan and map it to the primary Vlan Spanning Tree Overview Spanning Tree Protocol Bridge Priority Bridge Protocol Data Units BPDUsDetermining the Path for Forwarding BPDUs Port Path Cost Spanning Tree Group Configuration GuidelinesChanging the Spanning Tree Mode Port Priority Adding and Removing Ports from STGs Creating a VlanRules for Vlan Tagged Ports Port State Changes Rapid Spanning Tree Protocol Edge Port Rstp Configuration GuidelinesRstp Configuration Example Port Type and Link Type Per Vlan Rapid Spanning Tree Default Spanning Tree ConfigurationWhy Do We Need Multiple Spanning Trees? Configuring Pvrst Pvrst Configuration Guidelines Common Internal Spanning Tree Mstp Configuration GuidelinesMultiple Spanning Tree Protocol Mstp Region Implementing Multiple Spanning Tree Groups Multiple Spanning Tree Groups Configuration Example Vlan Fast Uplink Convergence Configuring Fast Uplink Convergence Configuration Guidelines Statistical Load Distribution Ports and TrunkingTrunking Overview Trunk Group Configuration Rules Built-In Fault ToleranceBefore Configuring Static Trunks Port Trunk Group Configuration Example Port Trunking Configuration Example Follow these steps on the EX2500 switch Define a trunk group „ Destination IP DIP Configurable Trunk Hash AlgorithmLink Aggregation Control Protocol „ Destination MAC Dmac 48 „ Link Aggregation Control Protocol Set the Lacp mode Lacp Configuration GuidelinesConfiguring Lacp Optionally Reducing Lacp Timeout Ex2500config-if# lacp timeout short ex2500config-if# exit QoS Overview Quality of Service COS Using ACL Filters To delete an IP Standard ACL MAC Extended ACLsIP Standard ACLs To delete a MAC Extended ACL To delete an IP Extended ACL IP Extended ACLs TCP/UDP Understanding ACL Priority ACL Example 1-Blocking Traffic to a Host ACL Configuration ExamplesAssigning ACLs to a Port Viewing ACL Statistics Add the ACL to a port ACL Example 3-Blocking Http Traffic Assign the ACLs to a port ACL Example 4-Blocking All Except Certain Packets Broadcast Storms Using Storm Control FiltersConfiguring Storm Control Differentiated Services Concepts Using Dscp Values to Provide QoS Assured Forwarding Drop Precedence Class Per Hop Behavior Dscp Mapping Use the following command to perform Dscp mappingQoS Levels Shows the priority bits in a VLAN-tagged packet Using 802.1p Priority to Provide QoS Queuing and Scheduling Rmon Overview Remote Monitoring Rmon Group 1-Statistics Configure the Rmon statistics on a port Rmon Group 2-History Configuring Rmon HistoryConfigure the Rmon History parameters for a port This configuration enables Rmon History collection on port Configure the Rmon Alarm parameters to track Icmp messages Rmon Group 3-AlarmsAlarm MIB Objects Configuring Rmon Alarms Rmon Group 9-Events Ex2500config# rmon event 110 type log-onlyPage Igmp Snooping Igmp FastLeave IGMPv3 Snooping Igmp Snooping Configuration Example Ex2500# show ip igmp groups Static Multicast Router High Availability Overview High Availability Through Uplink Failure Detection Failure Detection Pair Spanning Tree Protocol with UFD UFD Configuration Guidelines Monitoring UFD UFD Configuration ExamplePage Appendixes EX2500 Ethernet Switch Configuration Guide 80 „ Appendixes Port Mirroring Overview „ Port Mirroring Overview on „ Configuring Port Mirroring on Configuring Port Mirroring „ Index on Indexes EX2500 Ethernet Switch Configuration Guide 84 „ Indexes Numerics Index Internet Group Management Protocol. See Igmp Management interface, configuringMulti-links between switches, port trunking Physical. See switch ports Segmentation. See IP subnets Segments. See IP subnets Quality of Service. See QoSQoS Security Example showing multiple VLANs Virtual Local Area Networks. See VLANs