Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  private vlan on ex2200?

    Posted 05-03-2022 15:53

    I only found private vlan documentation for ex3300, some commands doesnt work on ex2200.

    I just want to have basic private/port-based vlan on my ex2200, no interswitch vlans, one uplink port (ge-0/0/0 for example) and all other ports communicating only to that uplink port, as simple as possible.

    Any tips?

    Thanks.



    ------------------------------
    Leonardo
    ------------------------------


  • 2.  RE: private vlan on ex2200?

    Posted 05-04-2022 06:05
    Hey Leo,  

    It seems that it is supported or at lets only for layer 2 solution (no-IRB) (see link below); 
    https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFKey=1364&pFName=Private%20VLANs%20(PVLANs) 

    Due to the platform you are working with  (EX2200) legacy/ non-ELS you'll need to follow  the examples details on the 2 links I am sharing here.  
    https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-map/private-vlans.html#id-creating-a-private-vlan-on-a-single-ex-series-switch-cli-procedure 

    https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-map/private-vlans.html#id-creating-a-private-vlan-spanning-multiple-ex-series-switches-cli-procedure-no-els  

    Just keep in mind that communities cannot talk to each other but only within its own sub-broadcast domain and Isolate traffic only with a promiscuous port which is the one connection with a router. 

    cheers! 




  • 3.  RE: private vlan on ex2200?

    Posted 05-05-2022 18:27

    Hi esmontes,

    I followed the instructions and exemples on the links and it didnt work exactly how I expected.

    I created a primary vlan and two communities vlans. I set the ge-0/0/0 as trunk for uplink and ge-0/0/1 and ge-0/0/2 as access​. I plugged a router on port0 and computers at ports 1 and 2.
    Those access ports doesnt see each other (as I wanted) but doesnt see the router either.
    I tried ports 1 and 2 as isolated ports, same result.

    Then I took a guess and created a virtual interface in the router on the same ID as the primary vlan, bingo it worked.

    Is that the expected result?
    I mean, isnt there any way to created simple port-based vlans without tags involved?



    ------------------------------
    Leonardo Porto Lopes
    ------------------------------