Chapter VLANs | Juniper Networks EX2500 guide

EX2500 Ethernet Switch Configuration Guide

	TACACS+ Authentication	14
	How TACACS+ Authentication Works	14
	TACACS+ Authentication Features in the EX2500 Switch	14
	Command Authorization and Logging	16
	Configuring TACACS+ Authentication on the Switch	16
	Secure Shell	17
	Configuring SSH Features on the Switch	17
	SSH Encryption of Management Messages	17
	Generating RSA Host and Server Keys for SSH Access	17
	SSH Integration with RADIUS and TACACS+ Authentication	18
	End User Access Control	18
	Considerations for Configuring End User Accounts	19
	User Access Control	19
	Listing Current Users	20
	Logging In to an End User Account	20
Chapter 2	VLANs	21
	VLAN Overview	21
	VLANs and Port VLAN ID Numbers	22
	VLAN Numbers	22
	PVID Numbers	22
	VLAN Tagging	23
	VLAN Topologies and Design Considerations	26
	VLAN Configuration Rules	26
	Multiple VLANs Configuration Example	27
	Private VLANs	29
	Private VLAN Ports	29
	Private VLAN Configuration Guidelines	30
	Private VLAN Configuration Example	30
Chapter 3	Spanning Tree Protocol	31
	Spanning Tree Overview	31
	Bridge Protocol Data Units (BPDUs)	32
	Determining the Path for Forwarding BPDUs	32
	Bridge Priority	32
	Port Priority	33
	Port Path Cost	33
	Spanning Tree Group Configuration Guidelines	33
	Changing the Spanning Tree Mode	33
	Assigning a VLAN to a Spanning Tree Group	33
	Creating a VLAN	34
	Rules for VLAN Tagged Ports	34
	Adding and Removing Ports from STGs	34
	Rapid Spanning Tree Protocol	35
	Port State Changes	35
	Port Type and Link Type	36
	Edge Port	36
	Link Type	36
	RSTP Configuration Guidelines	36
	RSTP Configuration Example	36
	Per VLAN Rapid Spanning Tree	37
	Default Spanning Tree Configuration	37
	Why Do We Need Multiple Spanning Trees?	37

iv Table of Contents

Image 4

Juniper Networks EX2500 manual Chapter VLANs

Contents

Configuration Guide North Mathilda Avenue Sunnyvale, CA Ii „ Table of Contents Chapter VLANs Chapter Ports and Trunking Rmon Overview Rmon Group 1-Statistics Rmon Group 2-History Appendixes Port Mirroring Overview Configuring Port MirroringIndexes Default Vlan Settings Port-Based Vlan AssignmentPage List of Tables EX2500 Ethernet Switch Configuration Guide „ List of Tables About This Guide ObjectivesAudience Supported Platforms Documentation Conventions Icon Meaning Description Documentation Feedback List of Technical PublicationsRequesting Technical Support Self-Help Online Tools and Resources Opening a Case with Jtac EX2500 Ethernet Switch Applications Page Accessing the Switch Configuring the Management Interface Dynamic Host Configuration Protocol Configure the default gateway. Enable the gateway Using Telnet Using the EX2500 Web Device Manager Configuring EX2500 Web Device Manager Access via Http Configuring EX2500 Web Device Manager Access via Https Using Snmp SNMPv1, SNMPv2 User Configuration Default ConfigurationSNMPv3 Configuring Snmp Trap Hosts SNMPv1 Trap Host ConfigurationSNMPv2 Trap Host Configuration Configure an entry in the notify table Securing Access to the Switch SNMPv3 Trap Host Configuration Radius Authentication and Authorization How Radius Authentication WorksConfiguring Radius on the Switch Configure the Radius secret Radius Authentication Features in the EX2500 Switch Switch User Accounts Radius Attributes for EX2500 User Privileges How TACACS+ Authentication Works TACACS+ AuthenticationTACACS+ Authentication Features in the EX2500 Switch „ starttime „ stoptime „ elapsedtime „ disccause Configuring TACACS+ Authentication on the Switch Command Authorization and LoggingConfigure the TACACS+ secret and second secret Configuring SSH Features on the Switch Generating RSA Host and Server Keys for SSH AccessSecure Shell SSH Encryption of Management Messages End User Access Control SSH Integration with Radius and TACACS+ Authentication Considerations for Configuring End User Accounts User Access Control Listing Current Users Logging In to an End User Account VLANs Vlan Overview „ Port configuration VLANs and Port Vlan ID NumbersVlan Numbers Pvid Numbers Illustrates the default Vlan settings on the switch Vlan Tagging Default Vlan Settings Port-Based Vlan Assignment Vlan Configuration Rules Vlan Topologies and Design Considerations Multiple VLANs Configuration Example Multiple VLANs example in is described in Table Enable tagging on uplink ports that support multiple VLANs Private VLANs Private Vlan Ports Private Vlan Configuration Guidelines Private Vlan Configuration ExampleConfigure a secondary Vlan and map it to the primary Vlan Verify the configuration Spanning Tree Protocol Spanning Tree Overview Determining the Path for Forwarding BPDUs Bridge Protocol Data Units BPDUsBridge Priority Spanning Tree Group Configuration Guidelines Changing the Spanning Tree ModePort Priority Port Path Cost Rules for Vlan Tagged Ports Creating a VlanAdding and Removing Ports from STGs Rapid Spanning Tree Protocol Port State Changes Rstp Configuration Guidelines Rstp Configuration ExamplePort Type and Link Type Edge Port Why Do We Need Multiple Spanning Trees? Default Spanning Tree ConfigurationPer Vlan Rapid Spanning Tree Pvrst Configuration Guidelines Configuring Pvrst Mstp Configuration Guidelines Multiple Spanning Tree ProtocolMstp Region Common Internal Spanning Tree Multiple Spanning Tree Groups Configuration Example Implementing Multiple Spanning Tree Groups Fast Uplink Convergence Vlan Configuration Guidelines Configuring Fast Uplink Convergence Trunking Overview Ports and TrunkingStatistical Load Distribution Before Configuring Static Trunks Built-In Fault ToleranceTrunk Group Configuration Rules Port Trunking Configuration Example Port Trunk Group Configuration Example Follow these steps on the EX2500 switch Define a trunk group Configurable Trunk Hash Algorithm Link Aggregation Control Protocol„ Destination MAC Dmac „ Destination IP DIP 48 „ Link Aggregation Control Protocol Lacp Configuration Guidelines Configuring LacpOptionally Reducing Lacp Timeout Set the Lacp mode Ex2500config-if# lacp timeout short ex2500config-if# exit Quality of Service QoS Overview Using ACL Filters COS MAC Extended ACLs IP Standard ACLsTo delete a MAC Extended ACL To delete an IP Standard ACL IP Extended ACLs To delete an IP Extended ACL Understanding ACL Priority TCP/UDP ACL Configuration Examples Assigning ACLs to a PortViewing ACL Statistics ACL Example 1-Blocking Traffic to a Host ACL Example 3-Blocking Http Traffic Add the ACL to a port ACL Example 4-Blocking All Except Certain Packets Assign the ACLs to a port Configuring Storm Control Using Storm Control FiltersBroadcast Storms Using Dscp Values to Provide QoS Differentiated Services Concepts Per Hop Behavior Assured Forwarding Drop Precedence Class QoS Levels Use the following command to perform Dscp mappingDscp Mapping Using 802.1p Priority to Provide QoS Shows the priority bits in a VLAN-tagged packet Queuing and Scheduling Remote Monitoring Rmon Overview Configure the Rmon statistics on a port Rmon Group 1-Statistics Configuring Rmon History Configure the Rmon History parameters for a portThis configuration enables Rmon History collection on port Rmon Group 2-History Rmon Group 3-Alarms Alarm MIB ObjectsConfiguring Rmon Alarms Configure the Rmon Alarm parameters to track Icmp messages Ex2500config# rmon event 110 type log-only Rmon Group 9-EventsPage Igmp Igmp Snooping FastLeave Igmp Snooping Configuration Example IGMPv3 Snooping Static Multicast Router Ex2500# show ip igmp groups High Availability Through Uplink Failure Detection High Availability Overview Spanning Tree Protocol with UFD UFD Configuration Guidelines Failure Detection Pair UFD Configuration Example Monitoring UFDPage Appendixes EX2500 Ethernet Switch Configuration Guide 80 „ Appendixes „ Port Mirroring Overview on „ Configuring Port Mirroring on Port Mirroring Overview Configuring Port Mirroring Indexes „ Index on EX2500 Ethernet Switch Configuration Guide 84 „ Indexes Index Numerics Management interface, configuring Multi-links between switches, port trunkingPhysical. See switch ports Internet Group Management Protocol. See Igmp Quality of Service. See QoS QoSSecurity Segmentation. See IP subnets Segments. See IP subnets Virtual Local Area Networks. See VLANs Example showing multiple VLANs