Junos OS

First off, if I'm in the wrong area, please forgive me as I'm new to the community.   I've spent the last several days researching this topic and I don't think I've been able to find what I'm looking for, which makes me believe that what I'm trying to do isn't possible.

Here's what I have:  I have multiple buildings with effectively the same setup.  We have several EX2300-48p's set up in a virtual chassis, and then 20+ Ruckus Wireless AP's as our wireless access points that most of our staff/students connect to.  From the EX2300, I have a uplink to our internet connection.  We have multiple hardline connections, mostly VOIP phones but several outlets that are connected to the switch, but unused in the rooms.

What I would LIKE to do is set up multiple VLAN's.  I've seen several tutorials on how to configure specific VLAN's per port, but I have several concerns with this approach.  First off, my wireless AP's allow me to set up different VLAN's depending on which SSID (I can have 7, I believe).  I can understand a specific VLAN per port for the hardline connections, but even then I'm concerned with what happens if someone unplugs something or plugs a laptop into a port set up for a VOIP phone.

Ideally, the VLAN setup I would like is one for Staff, one for our IT Staff (With access to management interfaces), Students, IoT devices, VOIP phones, and Guest Wireless.

I've seen some general info on VLAN tagging, but have not found any in depth info that helps me determine if this is really the best route for what I'm wanting to do.  I do need several VLANS coming off of our Wireless AP's.  Each one of the AP's could have several different VLANS coming in based on the SSID, one for Staff, one for Students, one Guest, and another for IoT devices.

I kinda get the idea that the solution for the AP's would be to set those ports up as Trunk ports, but even then I'm not sure I'm understanding that correctly.

Any advice on how to proceed would be much appreciated.

See my config below.  Hopefully this will get you going in the right direction.

With voip configured this way, only phones will pick up vlan 340.  

 interfaces {
    interface-range Wireless {
        member ge-2/0/0;
        native-vlan-id 320;
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ data-mobile-vlan data-fixed-vlan wireless-management guest ];
                }
                storm-control wireless;
            }
        }
    }
    interface-range Desktop-Phone-Staff {
        member ge-2/0/1;
        unit 0 {
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members data-fixed-vlan;
                }
                storm-control desktop-phone;
            }
        }
    }

switch-options {
    voip {
        interface Desktop-Phone-Staff {
            vlan voice-340;
            forwarding-class expedited-forwarding;
        }
    }
}

vlans {
    data-fixed-vlan {
        vlan-id 250;
     }
    data-mobile-vlan {
        vlan-id 370;
     }
    guest {
        vlan-id 390;
     }   
    voice-340 {
        vlan-id 340;
      }
    wireless-management {
        vlan-id 320;
     }
}

------------------------------
PAUL PETERSON

Original Message:
Sent: 06-14-2023 15:03
From: ROGER SMALL
Subject: VLAN Suggestions

First off, if I'm in the wrong area, please forgive me as I'm new to the community.   I've spent the last several days researching this topic and I don't think I've been able to find what I'm looking for, which makes me believe that what I'm trying to do isn't possible.

Here's what I have:  I have multiple buildings with effectively the same setup.  We have several EX2300-48p's set up in a virtual chassis, and then 20+ Ruckus Wireless AP's as our wireless access points that most of our staff/students connect to.  From the EX2300, I have a uplink to our internet connection.  We have multiple hardline connections, mostly VOIP phones but several outlets that are connected to the switch, but unused in the rooms.

What I would LIKE to do is set up multiple VLAN's.  I've seen several tutorials on how to configure specific VLAN's per port, but I have several concerns with this approach.  First off, my wireless AP's allow me to set up different VLAN's depending on which SSID (I can have 7, I believe).  I can understand a specific VLAN per port for the hardline connections, but even then I'm concerned with what happens if someone unplugs something or plugs a laptop into a port set up for a VOIP phone.

Ideally, the VLAN setup I would like is one for Staff, one for our IT Staff (With access to management interfaces), Students, IoT devices, VOIP phones, and Guest Wireless.

I've seen some general info on VLAN tagging, but have not found any in depth info that helps me determine if this is really the best route for what I'm wanting to do.  I do need several VLANS coming off of our Wireless AP's.  Each one of the AP's could have several different VLANS coming in based on the SSID, one for Staff, one for Students, one Guest, and another for IoT devices.

I kinda get the idea that the solution for the AP's would be to set those ports up as Trunk ports, but even then I'm not sure I'm understanding that correctly.

Any advice on how to proceed would be much appreciated.

Thank you for your time and input.  And I apologize, cause I know I'm having a hard time grasping the concept, but my Ruckus AP's allow me to assign a VLAN ID to each separate SSID.  My goal is to separate our scholars from our staff, from our IT staff, and our guest network.  Once they connect to the AP, they will all cross over the same physical wire, so I'll have port (let's just say ge-1/0/0 but there could be 4 or 5 different VLAN ID's coming through the same connection.  Or is that what the " interface-mode trunk;" is about?  Is that what will allow multiple VLAN's to go in and out of that single connection?

Another question is, if I assign a physical port to the VLAN for the VOIP VLAN, what happens if someone plugs a laptop into that outlet?  Does the laptop (or printer or whatever else) then end up on the VLAN for the VOIP phone?

See my config below.  Hopefully this will get you going in the right direction.

With voip configured this way, only phones will pick up vlan 340.  

 interfaces {
    interface-range Wireless {
        member ge-2/0/0;
        native-vlan-id 320;
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ data-mobile-vlan data-fixed-vlan wireless-management guest ];
                }
                storm-control wireless;
            }
        }
    }
    interface-range Desktop-Phone-Staff {
        member ge-2/0/1;
        unit 0 {
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members data-fixed-vlan;
                }
                storm-control desktop-phone;
            }
        }
    }

switch-options {
    voip {
        interface Desktop-Phone-Staff {
            vlan voice-340;
            forwarding-class expedited-forwarding;
        }
    }
}

vlans {
    data-fixed-vlan {
        vlan-id 250;
     }
    data-mobile-vlan {
        vlan-id 370;
     }
    guest {
        vlan-id 390;
     }   
    voice-340 {
        vlan-id 340;
      }
    wireless-management {
        vlan-id 320;
     }
}

------------------------------
PAUL PETERSON

Original Message:
Sent: 06-14-2023 15:03
From: ROGER SMALL
Subject: VLAN Suggestions

First off, if I'm in the wrong area, please forgive me as I'm new to the community.   I've spent the last several days researching this topic and I don't think I've been able to find what I'm looking for, which makes me believe that what I'm trying to do isn't possible.

Here's what I have:  I have multiple buildings with effectively the same setup.  We have several EX2300-48p's set up in a virtual chassis, and then 20+ Ruckus Wireless AP's as our wireless access points that most of our staff/students connect to.  From the EX2300, I have a uplink to our internet connection.  We have multiple hardline connections, mostly VOIP phones but several outlets that are connected to the switch, but unused in the rooms.

What I would LIKE to do is set up multiple VLAN's.  I've seen several tutorials on how to configure specific VLAN's per port, but I have several concerns with this approach.  First off, my wireless AP's allow me to set up different VLAN's depending on which SSID (I can have 7, I believe).  I can understand a specific VLAN per port for the hardline connections, but even then I'm concerned with what happens if someone unplugs something or plugs a laptop into a port set up for a VOIP phone.

Ideally, the VLAN setup I would like is one for Staff, one for our IT Staff (With access to management interfaces), Students, IoT devices, VOIP phones, and Guest Wireless.

I've seen some general info on VLAN tagging, but have not found any in depth info that helps me determine if this is really the best route for what I'm wanting to do.  I do need several VLANS coming off of our Wireless AP's.  Each one of the AP's could have several different VLANS coming in based on the SSID, one for Staff, one for Students, one Guest, and another for IoT devices.

I kinda get the idea that the solution for the AP's would be to set those ports up as Trunk ports, but even then I'm not sure I'm understanding that correctly.

Any advice on how to proceed would be much appreciated.

See my config below.  Hopefully this will get you going in the right direction.

With voip configured this way, only phones will pick up vlan 340.  

 interfaces {
    interface-range Wireless {
        member ge-2/0/0;
        native-vlan-id 320;
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ data-mobile-vlan data-fixed-vlan wireless-management guest ];
                }
                storm-control wireless;
            }
        }
    }
    interface-range Desktop-Phone-Staff {
        member ge-2/0/1;
        unit 0 {
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members data-fixed-vlan;
                }
                storm-control desktop-phone;
            }
        }
    }

switch-options {
    voip {
        interface Desktop-Phone-Staff {
            vlan voice-340;
            forwarding-class expedited-forwarding;
        }
    }
}

vlans {
    data-fixed-vlan {
        vlan-id 250;
     }
    data-mobile-vlan {
        vlan-id 370;
     }
    guest {
        vlan-id 390;
     }   
    voice-340 {
        vlan-id 340;
      }
    wireless-management {
        vlan-id 320;
     }
}

First off, if I'm in the wrong area, please forgive me as I'm new to the community.   I've spent the last several days researching this topic and I don't think I've been able to find what I'm looking for, which makes me believe that what I'm trying to do isn't possible.

Here's what I have:  I have multiple buildings with effectively the same setup.  We have several EX2300-48p's set up in a virtual chassis, and then 20+ Ruckus Wireless AP's as our wireless access points that most of our staff/students connect to.  From the EX2300, I have a uplink to our internet connection.  We have multiple hardline connections, mostly VOIP phones but several outlets that are connected to the switch, but unused in the rooms.

What I would LIKE to do is set up multiple VLAN's.  I've seen several tutorials on how to configure specific VLAN's per port, but I have several concerns with this approach.  First off, my wireless AP's allow me to set up different VLAN's depending on which SSID (I can have 7, I believe).  I can understand a specific VLAN per port for the hardline connections, but even then I'm concerned with what happens if someone unplugs something or plugs a laptop into a port set up for a VOIP phone.

Ideally, the VLAN setup I would like is one for Staff, one for our IT Staff (With access to management interfaces), Students, IoT devices, VOIP phones, and Guest Wireless.

I've seen some general info on VLAN tagging, but have not found any in depth info that helps me determine if this is really the best route for what I'm wanting to do.  I do need several VLANS coming off of our Wireless AP's.  Each one of the AP's could have several different VLANS coming in based on the SSID, one for Staff, one for Students, one Guest, and another for IoT devices.

I kinda get the idea that the solution for the AP's would be to set those ports up as Trunk ports, but even then I'm not sure I'm understanding that correctly.

Any advice on how to proceed would be much appreciated.