Switching

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  private vlan on ex2200?

    Posted 05-03-2022 15:53

    I only found private vlan documentation for ex3300, some commands doesnt work on ex2200.

    I just want to have basic private/port-based vlan on my ex2200, no interswitch vlans, one uplink port (ge-0/0/0 for example) and all other ports communicating only to that uplink port, as simple as possible.

    Any tips?

    Thanks.



    ------------------------------
    Leonardo
    ------------------------------


  • 2.  RE: private vlan on ex2200?

    Posted 05-04-2022 06:05
    Hey Leo,  

    It seems that it is supported or at lets only for layer 2 solution (no-IRB) (see link below); 
    https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFKey=1364&pFName=Private%20VLANs%20(PVLANs) 

    Due to the platform you are working with  (EX2200) legacy/ non-ELS you'll need to follow  the examples details on the 2 links I am sharing here.  
    https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-map/private-vlans.html#id-creating-a-private-vlan-on-a-single-ex-series-switch-cli-procedure 

    https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-map/private-vlans.html#id-creating-a-private-vlan-spanning-multiple-ex-series-switches-cli-procedure-no-els  

    Just keep in mind that communities cannot talk to each other but only within its own sub-broadcast domain and Isolate traffic only with a promiscuous port which is the one connection with a router. 

    cheers! 




  • 3.  RE: private vlan on ex2200?

    Posted 05-05-2022 18:27

    Hi esmontes,

    I followed the instructions and exemples on the links and it didnt work exactly how I expected.

    I created a primary vlan and two communities vlans. I set the ge-0/0/0 as trunk for uplink and ge-0/0/1 and ge-0/0/2 as access​. I plugged a router on port0 and computers at ports 1 and 2.
    Those access ports doesnt see each other (as I wanted) but doesnt see the router either.
    I tried ports 1 and 2 as isolated ports, same result.

    Then I took a guess and created a virtual interface in the router on the same ID as the primary vlan, bingo it worked.

    Is that the expected result?
    I mean, isnt there any way to created simple port-based vlans without tags involved?



    ------------------------------
    Leonardo Porto Lopes
    ------------------------------