Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  MAC-based VLANs

    Posted 03-23-2023 06:28

    Hi,

    I can see this feature in Feature Explorer, but I can not find and references in the documentation. Can you  help me?

    "MAC-based VLANs
    MAC-based VLANs use a device's MAC address to assign packets to a VLAN. "

    https://apps.juniper.net/feature-explorer/feature-info.html?fKey=1151&fn=MAC-based%20VLANs



    ------------------------------
    Kind regards,
    Pawel Mazurkiewicz
    ------------------------------


  • 2.  RE: MAC-based VLANs

    Posted 03-23-2023 07:53

    Maybe what your looking for ?

    https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/ref/statement/mac-edit-ethernet-switching-options-static.html




  • 3.  RE: MAC-based VLANs

    Posted 03-28-2023 04:16

    I don't think it would allow to "use a device's MAC address to assign packets to a VLAN".  Would it?



    ------------------------------
    Pawel Mazurkiewicz
    ------------------------------



  • 4.  RE: MAC-based VLANs

    Posted 03-29-2023 04:23

    RADIUS and dot1x configurations can assign VLANs based on the MAC addresses. One sample example configuration is shown below (static MAC configuration, but this should ideally be done by a RADIUS NAC).

    jcluser@vqfx-re# show interfaces xe-0/0/2 
    unit 0 {
        family ethernet-switching {
            interface-mode access;
            vlan {
                members default;
            }
        }
    }
    
    {master:0}[edit]
    jcluser@vqfx-re# show protocols dot1x 
    authenticator {
        static {
            52:54:00:78:45:9e/48 {
                vlan-assignment vlan2;
            }
        }
        interface {
            xe-0/0/2.0 {
                supplicant multiple;
            }
        }
    }
    
    jcluser@vqfx-re# run show ethernet-switching table 
    
    MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static, C - Control MAC
               SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
    
    
    Ethernet switching table : 1 entries, 1 learned
    Routing instance : default-switch
        Vlan                MAC                 MAC         Age    Logical                NH        RTR 
        name                address             flags              interface              Index     ID
        vlan2               52:54:00:78:45:9e   D             -   xe-0/0/2.0             0         0    

    If in the authenticator configuration, the vlan is changed to vlan11, the ethernet switching table updates accordingly

    jcluser@vqfx-re# show protocols dot1x                
    authenticator {
        static {
            52:54:00:78:45:9e/48 {
                vlan-assignment vlan11;
            }
        }
        interface {
            xe-0/0/2.0 {
                supplicant multiple;
            }
        }
    }
    
    jcluser@vqfx-re# run show ethernet-switching table 
    
    MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static, C - Control MAC
               SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
    
    
    Ethernet switching table : 1 entries, 1 learned
    Routing instance : default-switch
        Vlan                MAC                 MAC         Age    Logical                NH        RTR 
        name                address             flags              interface              Index     ID
        vlan11              52:54:00:78:45:9e   D             -   xe-0/0/2.0             0         0  

    You can have multiple vlan-assigments defined, as shown below. If multiple-macs are learnt on the interface xe-0/0/2.0, then different VLANs will be assigned based on the MAC addresses.

    jcluser@vqfx-re# show protocols dot1x 
    authenticator {
        static {
            52:54:00:78:45:9e/48 {
                vlan-assignment vlan11;
            }
            52:54:00:65:99:8f/48 {
                vlan-assignment vlan2;
            }
            52:54:00:e0:41:b2/48 {
                vlan-assignment vlan3;
            }
        }
        interface {
            xe-0/0/2.0 {
                supplicant multiple;
            }
        }
    }


    ------------------------------
    Sheetanshu Shekhar
    ------------------------------