Switching

 View Only
last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
Expand all | Collapse all

L3 vlan interface help & MTU and vlan tagging not allowed on AE link

  • 1.  L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-20-2011 11:29

    Hello. My name is Eric and I am new to this forum. I come from the Cisco world of routing, switching, and security but I have recently acquired an EX4200-24P running 10.4R1.9 code. 

     

    I am slowly but surely picking up the JunOS. It's different from the cisco IOS and NX-OS, but  at the end of the day, its still routing and switching.

      

    This thread may cross over into the JunOS forum. I have two issues that are beating me up. The first is that I am trying to connect to a NAS storage device via an LACP aggregated link. My physical ports are set as an access vlan with the MTU nailed up for jumbo frames.

     

    When I try to add the physical ports to the ae0 interface (build the bundle), i get the following error when attempting to commit my changes:

     

    "ae child device mtu setting and vlan tagging is not allowed"

     

    It seems that jumbo frames and assigning a vlan is not allowed on an aggregated ethernet interface... seems strange for a 4200..??  Could I be wrong in presuming that this is a supported feature?

     

    The other problem that I'm having involves connecting the jun switch to a cisco 3550 switch. The 3550 uses vlan 1 for mgmt.  I set up a L3 interface tied to vlan1 (on the juniper). I want to be able to use that VLAN1 ip address for switch mgmt and console access. This is where my cisco experience may be getting to the best of me. I set up the uplink port connecting to the cisco 3550 as a trunk port and i am allowing over the mgmt vlan and one other vlan that I am using.

     

    The vlan.0 L3 inteface is up/up, but I cannot reach my juniper L3 interface IP address from the cisco 3550, or obviously anywhere else on vlan1.

     

    The ports connected to the nas are Ge-0/0/12 and  Ge-0/0/13.

    The trunk uplink connected to the cisco 3550 is port Ge-0/0/1.

     

    Pleae see the txt attachment for my config. Any help would be greatly appreciated. Thank you!


    #ge
    #Jun
    #AE
    #LACP
    #mtu


  • 2.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-20-2011 11:30

    version 10.4R1.9;
    system {
        root-authentication {
            encrypted-password "$1$vwovrIO4$dosq1g/OVXPPYBYvNpqZf/"; ## SECRET-DATA
        }
        services {
            ssh {
                root-login allow;
            }
            telnet;
        }
        syslog {
            user * {
                any emergency;
            }
            file messages {
                any notice;
                authorization info;
            }
            file interactive-commands {
                interactive-commands any;
            }
        }
    }
    interfaces {
        ge-0/0/0 {
            unit 0 {
                family ethernet-switching {
                    port-mode trunk;
                    vlan {
                        members all;
                    }
                }
            }
        }
        ge-0/0/1 {
            unit 0 {
                family ethernet-switching {
                    port-mode trunk;
                    vlan {
                        members all;
                    }
                }
            }
        }
        ge-0/0/2 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/3 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/4 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/5 {
            unit 0 {
                family ethernet-switching;
            }
        }

      ge-0/0/6 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/7 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/8 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/9 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/10 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/11 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/12 {
            mtu 9216;
            ether-options {
                flow-control;
            }
            unit 0 {
                family ethernet-switching {
                    port-mode access;
                    vlan {
                        members VLAN6;
                    }
                }
            }
        }
        ge-0/0/13 {
            mtu 9216;
            ether-options {
                flow-control;
            }
            unit 0 {
                family ethernet-switching {
                    port-mode access;
                    vlan {
                        members VLAN6;
                    }
                }
            }
        }
        ge-0/0/14 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/15 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/16 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/17 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/18 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/19 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/20 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/21 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/22 {
            mtu 9216;
            ether-options {
                flow-control;
            }
            unit 0 {
                family ethernet-switching {
                    port-mode access;
                    vlan {
                        members VLAN6;
                    }
                }
            }
        }
        ge-0/0/23 {
            mtu 9216;
            ether-options {
                flow-control;
            }
            unit 0 {
                family ethernet-switching {
                    port-mode access;
                    vlan {
                        members VLAN6;
                    }
                }
            }
        }
        ge-0/1/0 {
            unit 0 {
                family ethernet-switching;
            }
        }
        xe-0/1/0 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/1/1 {
            unit 0 {
                family ethernet-switching;
            }
        }
        xe-0/1/1 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/1/2 {
            unit 0 {
                family ethernet-switching;
            }
        }
        xe-0/1/2 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/1/3 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ae0 {
            mtu 9216;
            aggregated-ether-options {
                lacp {
                    active;
                }
            }
            unit 0 {
                family ethernet-switching {
                    port-mode access;
                    vlan {
                        members VLAN6;
                    }
                }
            }
        }
        vlan {
            unit 0 {
                family inet {
                    address 172.16.1.15/24 {
                        primary;
                    }
                }
            }
        }
    }
    protocols {
        igmp-snooping {
            vlan all;
        }
        rstp;
        lldp {
            interface all;
        }
        lldp-med {
            interface all;
        }
    }
    ethernet-switching-options {
        storm-control {
            interface all;
        }
    }
    vlans {
        MGMT {
            vlan-id 1;
            interface {
                ge-0/0/0.0;
            }
            l3-interface vlan.0;
        }
        VLAN6 {
            vlan-id 6;
        }
    }
    poe {
        interface all {
            disable;
        }
    }

                       {master:0}[edit]

     

     



  • 3.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-20-2011 11:31

     

    cli show interfaces terse
    Interface               Admin Link Proto    Local                 Remote
    ge-0/0/0                up    up
    ge-0/0/0.0              up    up   eth-switch
    ge-0/0/1                up    down
    ge-0/0/1.0              up    down eth-switch
    ge-0/0/2                up    down
    ge-0/0/2.0              up    down eth-switch
    ge-0/0/3                up    down
    ge-0/0/3.0              up    down eth-switch
    ge-0/0/4                up    down
    ge-0/0/4.0              up    down eth-switch
    ge-0/0/5                up    down
    ge-0/0/5.0              up    down eth-switch
    ge-0/0/6                up    down
    ge-0/0/6.0              up    down eth-switch
    ge-0/0/7                up    down
    ge-0/0/7.0              up    down eth-switch
    ge-0/0/8                up    down
    ge-0/0/8.0              up    down eth-switch
    ge-0/0/9                up    down
    ge-0/0/9.0              up    down eth-switch
    ge-0/0/10               up    down
    ge-0/0/10.0             up    down eth-switch
    ge-0/0/11               up    down
    ge-0/0/11.0             up    down eth-switch
    ge-0/0/12               up    up
    ge-0/0/12.0             up    up   eth-switch
    ge-0/0/13               up    up
    ge-0/0/13.0             up    up   eth-switch
    ge-0/0/14               up    down
    ge-0/0/14.0             up    down eth-switch
    ge-0/0/15               up    down
    ge-0/0/15.0             up    down eth-switch
    ge-0/0/16               up    down
    ge-0/0/16.0             up    down eth-switch
    ge-0/0/17               up    down
    ge-0/0/17.0             up    down eth-switch
    ge-0/0/18               up    down
    ge-0/0/18.0             up    down eth-switch
    ge-0/0/19               up    down
    ge-0/0/19.0             up    down eth-switch
    ge-0/0/20               up    down
    ge-0/0/20.0             up    down eth-switch
    ge-0/0/21               up    down
    ge-0/0/21.0             up    down eth-switch
    ge-0/0/22               up    up
    ge-0/0/22.0             up    up   eth-switch
    ge-0/0/23               up    up
    ge-0/0/23.0             up    up   eth-switch
    vcp-0                   up    down
    vcp-0.32768             up    down
    vcp-1                   up    down
    vcp-1.32768             up    down
    bme0                    up    up
    bme0.32768              up    up   inet     128.0.0.1/2
                                                128.0.0.16/2
                                                128.0.0.32/2
                                       tnp      0x10
    dsc                     up    up
    gre                     up    up
    ipip                    up    up
    jsrv                    up    up
    jsrv.1                  up    up   inet     128.0.0.127/2
    lo0                     up    up
    lsi                     up    up
    me0                     up    down
    me0.0                   up    down eth-switch
    mtun                    up    up
    pimd                    up    up
    pime                    up    up
    tap                     up    up
    vlan                    up    up
    vlan.0                  up    up   inet     172.16.1.15/24
    vme                     up    down

     

     

     

     



  • 4.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-20-2011 15:24

    Two comments on aggregated ethernet interfaces -

    1- It looks like you are missing the command that will actually build the AE interface. You should have this in your config:

    user@host# set aggregated-devices ethernet device-count "X" <where "X" equals the number of AE I/F's you want to use>

     

    2- You say you can't assign the child I/F's - you are trying to assign MTU values, etc.... to the child. They are just assigned to the AE I/F itself as you show in your config - the child I/F is simply linked and assumes all values from the parent AE.

     

    user@host# set interfaces ge-0/0/12 ether-options 802.3ad ae0 <and nothing else>



  • 5.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-20-2011 15:57

    Thank you for the reply. I did notice that command (user@host# set aggregated-devices ethernet device-count x) in documentation, but I don't seem to have it available in my JunOS:

     

    root@NOC-4200# set ?
    Possible completions:
    > access               Network access configuration
    > access-profile       Access profile for this instance
    > accounting-options   Accounting data configuration
    + apply-groups         Groups from which to inherit configuration data
    > chassis              Chassis configuration
    > class-of-service     Class-of-service configuration
    > ethernet-switching-options  Ethernet-switching configuration options

    etc.

     

    After reading your email where you use the parent/child terminology, I think I'm starting to understand the concept. The error that I was receiving was: "ae child device mtu setting and vlan-tagging is not allowed". I presume that this means that I cannot apply the MTU and vlan member tag to the physical port, and just apply them to the ae... which makes perfect sense...



  • 6.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link
    Best Answer

    Posted 07-20-2011 16:04

    Sorry - typing all this from memory as I am not in front of a switch - the  syntax is actually:

     

    user@host# set chassis aggregated..... <spelling counts 🙂 >

     

    And your presumption is 100% correct!



  • 7.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-20-2011 17:30

    Thank you again for the responses. I was able to set up the aggregated link after playing around with it for a little bit. My NAS device did not like it when I initiated the LACP packers.

     

     

    You're right about VLAN1 being cisco's default native vlan. I need to find out ASAP whether or not the connecting device uses VLAN1 as it's native VLAN. That might be the problem. Would I see some kind of log somwhere in the console if there is a native-vlan mismatch?

     

     

    I'm wondering if my logic in doing this is correct.  I'm setting this up like I would set up a cisco switch. I want to add the juniper switch to my layer-2 MGMT vlan (hang it off the cisco switch via 802.1Q port), and mangement the Juniper via an IP address on the MGMT network... I should need a default gateway. I'm going to try that now.

     


  • 8.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-20-2011 17:52

    Adding a default route to the device upstream did not help. I changed the config around a little bit. I tried to add vlan-id 1 to my uplink port (ge-0/0/0), but i received a msg stating that the unit 0 vlan tag had to be 0.. I need to research what a "unit" means in juniper..  That is certainly contributing to my confusion...

     

    root@NOC-4200# show
    ## Last changed: 2011-01-16 22:08:51 UTC
    version 10.4R1.9;
    system {
        root-authentication {
            encrypted-password "$1$vwovrIO4$dosq1g/OVXPPYBYvNpqZf/"; ## SECRET-DATA
        }
        services {
            ssh {
                root-login allow;
            }
            telnet;
        }
        syslog {
            user * {
                any emergency;
            }
            file messages {
                any notice;
                authorization info;
            }
            file interactive-commands {
                interactive-commands any;
            }
        }
    }
    chassis {
        aggregated-devices {
            ethernet {
                device-count 3;
            }
        }
    }
    interfaces {
        ge-0/0/0 {
            vlan-tagging;
            unit 0 {
                vlan-id 0;
            }
        }
        ge-0/0/1 {
            unit 0 {
                family ethernet-switching {
                    port-mode trunk;
                    vlan {
                        members all;
                    }
                }
            }
        }
        ge-0/0/2 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/3 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/4 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/5 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/6 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/7 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/8 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/9 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/10 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/11 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/12 {
            ether-options {
                802.3ad ae0;
            }
        }
        ge-0/0/13 {
            ether-options {
                802.3ad ae0;
            }
        }
        ge-0/0/14 {
            unit 0 {
                family ethernet-switching;
     

           }
        }
        ge-0/0/15 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/16 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/17 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/18 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/19 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/20 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/21 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/0/22 {
            mtu 9216;
            ether-options {
                flow-control;
            }
            unit 0 {
                family ethernet-switching {
                    port-mode access;
                    vlan {
                        members VLAN6;
                    }
                }
            }
        }
        ge-0/0/23 {
            mtu 9216;
            ether-options {
                flow-control;
            }
            unit 0 {
                family ethernet-switching {
                    port-mode access;
                    vlan {
                        members VLAN6;
                    }
                }
            }
        }
        ge-0/1/0 {
            unit 0 {
                family ethernet-switching;
            }
        }
        xe-0/1/0 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/1/1 {
            unit 0 {
                family ethernet-switching;
            }
        }
        xe-0/1/1 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/1/2 {
            unit 0 {
                family ethernet-switching;
            }
        }
        xe-0/1/2 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ge-0/1/3 {
            unit 0 {
                family ethernet-switching;
            }
        }
        ae0 {
            mtu 9216;
            aggregated-ether-options {
                lacp {
                    passive;
                }
            }
            unit 0 {
                family ethernet-switching {
                    port-mode access;
                    vlan {
                        members VLAN6;
                    }
                }
            }
        }
        vlan {
            unit 0 {
                family inet {
                    address 172.16.1.15/24 {
                        primary;
                    }
                }
            }
        }
    }
    routing-options {
        static {
            route 0.0.0.0/32 next-hop 172.16.1.1;
        }
    }
    protocols {
        rstp;
        lldp {
            interface all;
        }
        lldp-med {
            interface all;
        }
    }
    ethernet-switching-options {
        storm-control {
            interface all;
        }
    }
    vlans {
        MGMT {
            vlan-id 1;
            l3-interface vlan.0;
        }
        VLAN6 {
            vlan-id 6;
        }
    }
    poe {
        interface all {
            disable;
        }
    }

              {master:0}[edit]
    root@NOC-4200#

     



  • 9.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-21-2011 13:11

    An interface in JUNOS can have multiple logical interfaces.

     

    Physical interface ge-0/0/0 can look like this:

     

    ge-0/0/0.0 - unit 0 aka logical interface 0

    ge-0/0/0.100 - unit 100 aka logical interface 100

     

    The unit just denotes the logical interface that you are using when assigning an IP address, etc.

    A good practice is to make your unit the same number as your VLAN-ID.

     

    We are in the process of phasing out HP ProCurve switches in favor of EX switches so we had do some work on handling the native VLAN on an EX.

     

    We can say the following about JUNOS and the native VLAN:

     

    • By default each JUNOS EX device includes a common default VLAN named 'default'
    • The default VLAN is untagged and does not have a VLAN ID associated with it
    • EX trunk ports do not accept untagged traffic

     

    You can tell JUNOS to handle default VLAN traffic over a trunk port like this.

     

    Assume that port ge-0/0/49 is an uplink/trunk interface:

     

    [edit]

    root@sriracha edit interfaces

     

    [edit interfaces]

    root@sriracha# set ge-0/0/049 unit 0 family ethernet-switching native-vlan-id default

     

    [edit interfaces]

    root@sriracha# up

     

    [edit]

    root@sriracha# commit comment "Added native VLAN to trunk port ge-0/0/49"

     

    If you run 'show vlans detail' from operational mode you will see that the default VLAN is shown on the trunk port(s) in an untagged state.

     

    You can associate a VLAN ID to the default VLAN like this:

     

    [edit interfaces]

    root@sriracha# set vlans default vlan-id 1

     

    [edit interfaces]

    root@sriracha# up

     

    [edit]

    root@sriracha# commit comment "Added VLAN ID 1 to default VLAN"

     



  • 10.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-21-2011 18:32

    this is where some confusion can come in from how an MX configures VLANs (and port membership to a VLAN), vs how an EX configures it.

     

    for an EX, a switchport must always be Unit 0 -- ie set interfaces ge-0/0/0 unit 0 family ethernet-switching

     

     

    if you need to add a vlan to an interface, it is not a separate  unit, but is just defining it with the 'vlan members' option under the 'family ethernet-switching' hierarchy

     

    in your case with an AE interface would be something like this:

     

    set interfaces ae0 unit 0 family ethernet-switching port-mode trunk

    set interfaces ae0 unit 0 family ethernet-switching members [ VLAN100 VLAN200 VLAN300 ]

     

    if your NAS device does not support LACP, you can configure the AE group as a static LAG without LACP (just leave out the lacp options under the AE config)

     

    hope this helps...

     

    -Will

     

     

     



  • 11.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-25-2011 08:31

    I was able to get everything working properly after all of your feedback. Thank you all very much. The help is greatly appreciated!

     

     

     

    -Eric



  • 12.  RE: L3 vlan interface help & MTU and vlan tagging not allowed on AE link

    Posted 07-20-2011 16:07

    I don't do Cisco very often - but isn't VLAN1 on Cisco the untagged NATIVE VLAN? And as such if I recall it is NOT tagged on the Cisco side? Again, working from memory which is always very risky....