vlans
Syntax (QFX-Serie, QFabric, NFX-Serie und EX4600)
vlans {
vlan-name {
description text-description;
dot1q-tunneling {
customer-vlans (id | range);
}
filter input filter-name;
filter output filter-name;
interface interface-name {
isolated;
mapping (policy | tag push | native push);
promiscuous;
}
isolation-vlan-id;
l3-interface vlan.logical-interface-number;
mac-limit number;
no-local-switching;
no-mac-learning;
primary-vlan vlan-name;
pvlan extend-secondary-vlan-id vlan-id;
vlan-id number;
vlan-range vlan-id-low-vlan-id-high;
}
}
Syntax (QFX-Serie, NFX-Serie und EX4600)
vlans {
vlan-name {
description text-description;
domain-type bridge;
forwarding-options {
dhcp-security {
arp-inspection;
group group-name {
interface interface-name {
static-ip ip-address {
mac mac-address;
}
}
overrides {
no-option82;
trusted;
untrusted;
}
}
ip-source-guard;
no-dhcp-snooping;
option-82 {
circuit-id {
prefix {
host-name;
logical-system-name;
routing-instance-name;
}
use-interface-description (device | logical);
use-vlan-id;
}
remote-id {
host-name hostname;
use-interface-description (device | logical);
use-string string;
}
vendor-id {
use-string string;
}
}
}
fip-security {
examine-vn2vf;
examine-vn2vn {
beacon-period milliseconds;
}
fc-map fc-map-value;
interface interface-name {
(fcoe-trusted | no-fcoe-trusted;)
}
}
}
l3-interface irb.logical-unit-number;
multicast-snooping-options {
flood-groups [group-names];
forwarding-cache {
threshold {
reuse threshold;
suppress threshold;
}
}
graceful-restart {
disable;
restart-duration duration;
}
host-outbound-traffic {
dot1p bits;
forwarding-class forwarding-class;
}
multichassis-lag-replicate-state;
nexthop-hold-time time;
options {
syslog {
level level;
mark interval;
upto level;
}
}
traceoptions {
file filename {
files number;
no-world-readable;
size file-size;
world-readable;
}
flag flag {
disable;
}
}
}
switch-options {
interface interface-name {
interface-mac-limit limit {
packet-action action;
}
static-mac mac-address;
}
interface-mac-limit limit {
packet-action action;
}
mac-move-limit limit {
packet-action action;
}
mac-table-size limit {
packet-action drop;
}
no-mac-learning;
}
}
vlan-id number;
vlan-id-list [vlan-id | vlan-id–vlan-id];
vlan-tags
inner value;
outer value;
}
vxlan {
ingress-node-replication
ovsdb-managed
}
}
}
}
Syntax (SRX-Serie und EX-Serie)
vlans {
vlan-name {
description text-description;
dot1q-tunneling {
customer-vlans (id | range)
layer2-protocol-tunneling all | protocol-name {
drop-threshold number;
shutdown-threshold number;
}
}
filter input filter-name;
filter output filter-name;
interface interface-name {
egress;
ingress;
mapping (native (push | swap) | policy | tag (push | swap));
pvlan-trunk;
}
isolation-id id-number;
l3-interface l3-interface-name.logical-interface-number;
l3-interface-ingress-counting layer-3-interface-name;
mac-limit limit action action;
mac-table-aging-time seconds;
no-local-switching;
no-mac-learning;
primary-vlan vlan-name;
vlan-id number;
vlan-prune;
vlan-range vlan-id-low-vlan-id-high;
}
}
Syntax (SRX-Serie)
vlans {
vlan name {
(vlan-id (1..3967) | vlan-id-list [ vlan-id-numbers]);
description;
forwarding-options {
dhcp-security {
arp-inspection;
dhcpv6-options {
option-16 {
use-string use-string;
}
option-18 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
option-37 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
}
group group-name {
interface interface-name {
static-ip {
ip-address {
mac-address;
}
}
static-ipv6 {
ip-address {
mac-address;
}
}
}
overrides {
no-dhcpv6-options;
no-option16;
no-option18;
no-option37;
no-option82;
trusted;
untrusted;
}
}
ip-source-guard;
ipv6-source-guard;
neighbor-discovery-inspection;
no-dhcp-snooping;
no-dhcpv6-snooping;
option-82 {
circuit-id {
prefix {
host-name;
logical-system-name;
routing-instance-name;
}
use-interface-description (device | logical);
use-vlan-id;
}
remote-id {
host-name;
mac;
use-interface-description (device | logical);
use-string use-string;
}
vendor-id {
use-string use-string;
}
}
}
filter {
input filter-name;
}
flood {
input filter-name;
}
}
interface interface-name;
l3-interface l3-interface-name;
mcae-mac-flush;
mcae-mac-synchronize;
service-id service-id;
switch-options {
interface name {
action-priority action-priority;
encapsulation-type (ethernet | ethernet-vlan);
ignore-encapsulation-mismatch;
interface-mac-limit {
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
no-mac-learning;
pseudowire-status-tlv;
static-mac mac-address {
vlan-id value;
}
}
interface-mac-limit {
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
mac-table-aging-time seconds;
mac-table-size {
limit;
packet-action {
drop;
}
}
no-mac-learning;
static-rvtep-mac {
mac mac_addr {
remote-vtep;
}
}
}
}
}
Syntax (vSRX)
vlans {
vlan name {
(vlan-id (all | none | number) | vlan-id-list [ vlan-id-numbers] | vlan-tags <inner number> outer number);
description;
forwarding-options {
dhcp-security {
arp-inspection;
dhcpv6-options {
option-16 {
use-string use-string;
}
option-18 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
option-37 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
}
group group-name {
interface interface-name {
static-ip {
ip-address;
}
static-ipv6 {
ip-address;
}
}
overrides {
no-dhcpv6-options;
no-option16;
no-option18;
no-option37;
no-option82;
trusted;
untrusted;
}
}
ip-source-guard;
ipv6-source-guard;
light-weight-dhcpv6-relay;
neighbor-discovery-inspection;
no-dhcp-snooping;
no-dhcpv6-snooping;
option-82 {
circuit-id {
prefix {
host-name;
logical-system-name;
routing-instance-name;
}
use-interface-description (device | logical);
use-vlan-id;
}
remote-id {
host-name;
mac;
use-interface-description (device | logical);
use-string use-string;
}
vendor-id {
use-string use-string;
}
}
}
filter {
input filter-name;
}
flood {
input filter-name;
}
}
interface interface-name;
l3-interface l3-interface-name;
mcae-mac-synchronize;
no-irb-layer-2-copy;
service-id service-id;
switch-options {
interface name {
action-priority action-priority;
encapsulation-type (ethernet | ethernet-vlan);
ignore-encapsulation-mismatch;
interface-mac-limit {
disable;
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
mac-pinning;
no-mac-learning;
pseudowire-status-tlv;
static-mac mac-address {
vlan-id value;
}
}
interface-mac-limit {
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
mac-statistics;
mac-table-aging-time seconds;
mac-table-size {
limit;
packet-action {
drop;
}
}
no-mac-learning;
static-rvtep-mac {
mac mac_addr {
remote-vtep;
}
}
}
}
}
Hierarchieebene
[edit]
[edit routing-instances routing-instance-name]
Beschreibung
Konfigurieren Sie VLAN-Eigenschaften.
Auf Switches der EX-Serie und Geräten der SRX-Serie (einschließlich vSRX) gelten die folgenden Konfigurationsrichtlinien:
Nur private VLAN-Firewall-Filter (PVLAN) können verwendet werden, wenn das VLAN für Q-in-Q-Tunneling aktiviert ist.
Ein S-VLAN-Tag wird dem Paket hinzugefügt, wenn das VLAN Q-in-Q-tunneled ist und das Paket von einer Zugangsschnittstelle ankommt.
Sie können einen Firewall-Filter nicht verwenden, um einem VLAN eine integrierte Routing- und Bridging -Schnittstelle (IRB) oder eine Routing-VLAN-Schnittstelle (RVI) zuzuweisen.
VLAN-Zuweisungen, die über einen Firewall-Filter durchgeführt werden, setzen alle anderen VLAN-Zuweisungen außer Kraft.
Standard
Wenn Sie die standardmäßige Werkskonfiguration verwenden, werden alle Switch-Schnittstellen Teil des VLANs default.
Optionen
vlan-name— Name des VLANs Der Name kann Buchstaben, Zahlen, Bindestriche (-) und Perioden (.) enthalten und kann bis zu 255 Zeichen umfassen.
Die übrigen Aussagen werden separat erläutert. Siehe CLI-Explorer.
Die übrigen Aussagen werden separat beschrieben.
Erforderliche Berechtigungsstufe
Routing: Diese Anweisung wird in der Konfiguration angezeigt.
routing–control: So fügen Sie diese Anweisung zur Konfiguration hinzu.
System: Diese Anweisung wird in der Konfiguration angezeigt.
Systemsteuerung– So fügen Sie diese Anweisung zur Konfiguration hinzu.
Versionsinformationen
Erklärung eingeführt in Junos OS Version 9.0.
Anweisungen für private VLANs und Q-in-Q-Tunneling, die in Junos OS Version 12.1 für die QFX-Serie eingeführt wurden.