Junos Basics – Creating VLAN’s

By | July 19, 2013

This is the first in a series of blog posts covering some of the basics of Junos. In this post I’ll be covering the process of creating VLAN’s on a Juniper switch and assigning interfaces to them. The model of switch I am using is an EX2200-C, running Junos 11.4R1.6.

Creating the VLANs’s is very simple. In this example we’ll create 2 VLAN’s, SALES and IT with VLAN ID’s 100 and 200 respectively.

In configuration mode:

set vlans SALES vlan-id 100
set vlans IT vlan-id 200

After committing the configuration we can now view our list of VLAN’s:

rich@EX2200C# show vlans
IT {
    vlan-id 200;
}
SALES {
    vlan-id 100;
}

Next we’ll assign an interface to each VLAN. There are two methods of doing this – you can configure the interface to be a member of a VLAN or you can configure a VLAN to have an interface as a member.

Method 1 – configure the interface:

set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members SALES

This assigns the interface to the VLAN SALES which can be seen from the interface configuration:

rich@EX2200C> show configuration interfaces ge-0/0/0
unit 0 {
    family ethernet-switching {
        vlan {
            members SALES;
        }
    }
}

Method 2 – Configure the VLAN:

set vlans IT interface ge-0/0/1.0

This method is much quicker and simpler than method 1 and the end result is the same. The difference is that the VLAN membership is not apparent when you view the configuration of the interface:

rich@EX2200C> show configuration interfaces ge-0/0/1
unit 0 {
    family ethernet-switching;
}

Instead, to verify our configuration we need to view the list of VLAN’s again:

rich@EX2200C> show vlans 
Name           Tag     Interfaces
IT             200
                       ge-0/0/1.0
SALES          100
                       ge-0/0/0.0
default
                       ge-0/0/2.0, ge-0/0/3.0, ge-0/0/4.0, ge-0/0/5.0,
                       ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0,
                       ge-0/0/10.0, ge-0/0/11.0, ge-0/1/0.0, ge-0/1/1.0

Another verification option is the “show ethernet-switching interfaces” command:

rich@EX2200C> show ethernet-switching interfaces
Interface    State  VLAN members        Tag   Tagging  Blocking
ge-0/0/0.0   down   SALES               100   untagged blocked by STP
ge-0/0/1.0   down   IT                  200   untagged blocked by STP
ge-0/0/2.0   down   default                   untagged blocked by STP
ge-0/0/3.0   down   default                   untagged blocked by STP
ge-0/0/4.0   down   default                   untagged blocked by STP
ge-0/0/5.0   down   default                   untagged blocked by STP
.
.

Note also that now we have assigned some interfaces to VLAN’s, all the other interfaces appear as members of the “default” VLAN.

In my next post I’ll cover routing between the VLANS’s we’ve created here.

I hope this has been a useful explanation.  Thanks for reading.

Rich

Follow Rich on Twitter

10 thoughts on “Junos Basics – Creating VLAN’s

  1. A R Afsar

    Hi Rich,
    I saw your three posts on Vlan, Inter Vlan and Vlan Trunking, really it is very useful for me and I want to say thanks regarding this useful information, can we set up virtual Network Environment like GNS on Windows 7, if any process is there please send me on my email id.
    Thanks,
    Afsar

    Reply
  2. A R Afsar

    Hi Rich,
    Thanks for the link, I am Reviewing it and will update you here.
    Regards,
    Afsar

    Reply
  3. rob

    Hi Rich,
    On a ex2200 I have attached a management module of a server (for remote control and such which has a dedicated IP address). I would like to give only myself access to that IP (on port ge 0/0/1). If at all possible I could do this by using IP addresses (I have several of course, not to lock myself out) or via MAC addresses.
    ps: I do not know if I need to add the IP from the -to be managed- server as well?
    Also note, access may be via a local port (hard wired when I am at the data center, for instance ge 0/0/5) or via glass fibre (ge-0/1/1 I think).
    Suppose the mgm module has ip 1.2.3.4 and I have 5.6.7.8 or 6.7.8.9 then I want those two ip addresses of mine to have access to 1.2.3.4. Note: ip 1.2.3.4 should have normal access to the internet to be able to send out emails.
    Can this be done?
    I am not smart enough (I guess) to do this.

    Reply
    1. rob

      ps: you may mail me about this as well, I am not sure if anybody is looking for this specific solution (although I could not find a fitting answer).

      Reply
  4. rob

    I am still here 😉
    After reading and reading I think I should create a vlan. All I need to do is tag traffic from specific ip addresses and prevent other ip adrresses to have access to the vlan. I would not need to consider about the actual port. But thinking out loud is one. Getting this translated to a solution is two. And I am not sure if creating a vlan this way does actually prevent other ip addresses to access the ip I am trying to secure?
    Could you please mail me on this issue and delete my messages on this forum (if you think it does not help other people having the same situation?)

    Reply
  5. Pingback: Junos Basics – Inter VLAN Routing – PingvinHund

  6. Pingback: Junos Basics – Inter VLAN Routing | Mariusgate Leaks

  7. kbaba

    Hey Rich,

    Appreciate your time to write this Information. i find it very informative as am new to Juniper. searching for more info. Thank you
    K

    Reply

Leave a Reply to Rich Bibby Cancel reply

Your email address will not be published. Required fields are marked *