Hi,
I have such config and seems to work. I say "seems" cause I have done it a minute ago. Interface ae1 was created by ez-lag but it's possible to add something manually as well.
comp@bal2# show interfaces ae1
flexible-vlan-tagging;
native-vlan-id 10;
encapsulation flexible-ethernet-services;
[edit]
comp@bal2# show services
evpn {
global-parameters {
no-irb-address-auto-derive;
}
device-attribute {
peer-id 1;
loopback {
peer1-subnet 111.1.1.1/32;
peer2-subnet 112.1.1.1/32;
}
system-id 10:11:12:13:14:15;
peer-to-peer {
peer-subnet inet 10.1.1.0/31 interface-name [ et-0/0/30 et-0/0/31 ];
}
}
evpn-vxlan {
irb v100 {
vlan-id 100;
subnet-address inet 192.168.100.3/24 virtual-gateway-v4-address 192.168.100.1;
}
irb v200 {
vlan-id 200;
subnet-address inet 192.168.200.3/24 virtual-gateway-v4-address 192.168.200.1;
}
server SERVER_1 {
esi-lag-id 1;
vlan-id-list [ 10 100 200 ];
interface et-0/0/13;
enable-pxe-boot;
}
}
}
comp@bal2# run show ethernet-switching interface
Routing Instance Name : __SERVICES_EVPN_EVPN_VXLAN_MAC_VRF_1
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down,
MMAS - Mac-move action shutdown, AS - Autostate-exclude enabled,
SCTL - shutdown by Storm-control, SL - Secure Learning,
MI - MAC+IP limit hit, LP - Loop Protect Down,
MLAS - Mac limit action shutdown, CISO - Shutdown due to core isolation)
Logical Vlan TAG MAC MAC+IP STP Logical Tagging
interface members limit limit state interface flags
ae1.1 163840 0 tagged
SERVICES_EVPN_EVPN_VXLAN_VLAN_100 100 163840 0 Forwarding tagged
SERVICES_EVPN_EVPN_VXLAN_VLAN_200 200 163840 0 Forwarding tagged
SERVICES_EVPN_EVPN_VXLAN_VLAN_10 10 163840 0 Forwarding untagged
vtep.32770 0 0 tagged
rgrds,
artur
------------------------------
Artur Gmaj
------------------------------
Original Message:
Sent: 08-26-2024 05:43
From: JOZEF KLACKO
Subject: EZ-LAG untagged interface
Hi all,
Is it possible to configure port that is either esi-lag or standalone, but it is untagged/access? Not tagged. I was thinking about using apply-config-groups for interface, but it is not working. Below are two approaches. Neither worked, it cannot be commited. QFX5120-48y, 24.2R1.17
- Common config under "services evpn evpn-vxlan"
- server SERVER1 {
single-home-id 112;
vlan-id-list 16;
interface ge-0/0/12;
apply-config-groups native-vlan-16;
no-lacp;
}
- possibility a) "access"
- groups { native-vlan-16 {
interfaces {
<*> {
unit 0 {
family ethernet-switching {
interface-mode access; ##### ACCESS
}
}
}
}
} - ae1136 {
vlan-tagging;
##
## Warning: native-vlan-id can be specified with flexible-vlan-tagging mode or with interface-mode trunk
## '16' was inherited from group 'native-vlan-16'
##
native-vlan-id 16;
encapsulation flexible-ethernet-services;
unit 1 {
family ethernet-switching {
interface-mode trunk;
vlan {
members 16;
}
}
}
} - {master:0}[edit]
root@SWITCH# commit check
[edit interfaces ae1136 unit 0 family ethernet-switching interface-mode]
'interface-mode access'
interface-mode access is allowed only for untagged interfaces, also not allowed with flexible-vlan-tagging and extended-vlan-bridge
error: configuration check-out failed: (statements constraint check failed)
- possiblity b) via native-vlan-id
- groups { native-vlan-16 {
interfaces {
<*> {
native-vlan-id 16;
}
}
} - ae1136 {
vlan-tagging;
##
## Warning: native-vlan-id can be specified with flexible-vlan-tagging mode or with interface-mode trunk
## '16' was inherited from group 'native-vlan-16'
##
native-vlan-id 16;
encapsulation flexible-ethernet-services;
unit 1 {
family ethernet-switching {
interface-mode trunk;
vlan {
members 16;
}
}
}
} - root@SWITCH# commit check
[edit interfaces ae1136 native-vlan-id]
'native-vlan-id 16'
native-vlan-id can be specified with flexible-vlan-tagging mode or with interface-mode trunk
error: configuration check-out failed: (statements constraint check failed)
Whole evpn config from one switch. I know, vlan is missing and so it is not correct config, but idea is how to configure it and then commit. Should I also change also flexible-ethernet-services to something else in apply-group?
evpn {
device-attribute {
peer-id 1;
loopback {
peer1-subnet 192.168.1.1/32;
peer2-subnet 192.168.2.1/32;
}
system-id 10:14:15:16:17:10;
peer-to-peer {
peer-subnet inet 10.1.1.0/31 interface-name et-0/0/54;
}
}
evpn-vxlan {
irb IRB_10 {
vlan-id 10;
subnet-address inet 10.10.1.1/24;
}
server SERVER1 {
single-home-id 112;
vlan-id-list 16;
interface ge-0/0/12;
apply-config-groups native-vlan-16;
no-lacp;
}
}
}
Thanks
Jozef
------------------------------
JOZEF KLACKO
------------------------------