ADMINISTRATION PORTAL
Help Center User GuideGetting StartedFAQsRelease Notes
 
X
User Guide
Getting Started
FAQs
Release Notes
Contents  

Creating and Managing VLAN Profiles

You can create and manage VLAN profiles on switches, wireless LAN controllers, and QFX Series devices by using the Manage VLAN Profiles window. Each VLAN profile is specific to a device family. After you create a VLAN profile, you can assign the profile at port level, switch level, or controller level. You can also assign VLAN profiles to controller managed access points and cluster managed access points.

Use the Manage VLAN Profiles page to create new VLAN profiles and to manage existing VLAN profiles.

This topic describes:

Managing VLAN Profiles

From the Manage VLAN Profiles page, you can:

Table 104 describes the fields in the Manage VLAN Profiles page. This page lists all VLAN profiles defined for your network.

Table 104: Manage VLAN Profile Fields

Field

Description

Profile Name

Name given to the profile when the profile was created.

VLAN Name

Name given to the VLAN when the VLAN profile was created.

Family Type

The device family; an EX Series switch, wireless LAN controller (WLC), Campus Switching ELS, or Data Center Switching.

VLAN ID

VLAN ID assigned when the profile was created.

VLAN Range

Range of VLAN IDs assigned when the profile was created.

Tip: If a VLAN ID is displayed, VLAN range will be null. Also, Campus Switching ELS supports a VLAN ID range only as part of a VLAN ID list.

VLAN ID List

VLAN IDs can be either individually listed (with a space to separate each ID), an inclusive list separating the starting VLAN ID and ending VLAN ID with a hyphen, or a combination of both.

Tip: If a VLAN ID is displayed, VLAN range will be null. Also, this column will never have a value for EX Switching because it is not available.

Description

Description of the VLAN profile entered when the profile was created.

Assignment State

Displays the assignment state of the profile. A profile can be:

  • Unassigned—When the profile is not assigned to any object.
  • Deployed—When the profile is assigned and is deployed from Deploy mode.
  • Pending Deployment—When the profile is assigned, but not yet deployed in the network.

Creation Time

Date and time when the profile was created.

Last Updated Time

Date and time when the profile was last modified.

User Name

The username of the person who created or modified the profile.

Note: All columns might not be displayed. To show or hide fields listed in the Manage Authorization Profiles table, click the down arrow on the field header, select Columns, and select or clear the check box adjacent to the field that you want to show or hide.

Creating a VLAN Profile

To create a VLAN profile, at minimum, you must specify the VLAN name and the IEEE 802.1Q VLAN tag for the profile. You also must indicate a device family for the VLAN: EX Series Switches, Wireless (WLC), Campus Switching ELS, or Data Center Switching.

In the VLAN, you can specify additional VLAN profile configuration such as:

Procedure

To create a VLAN profile:

  1. Under Views, select one of these options: Logical View, Location View, Device View or Custom Group View.

    Note: Do not select Dashboard View, Datacenter View, or Topology View.

  2. Click in the Network Director banner.
  3. From the Tasks pane, select the type of network (Wired or Wireless), the appropriate functional area, and then select the name of the profile that you want to create. For example, to create a RADIUS profile for a wireless device, click Wireless > Profiles > RADIUS. The appropriate Manage Profile page opens.
  4. Click Add to add a new profile.

    Procedure

    If you chose to create a profile for the wired network, Network Director opens the Device Family Chooser window.

    1. From the Device Family Chooser, select the device family for which you want to create a profile. The available device families are Switching (EX), Campus Switching ELS (Enhanced Layer 2 Software), Data Center Switching Non-ELS and Data Center Switching ELS.
    2. Click OK.

      The Create VLAN Profile page for the selected device family is displayed. It consists of three sections, Basic Settings, Advanced Settings, and Review.

    If you chose to create a profile for the wireless network, Network Director opens the Create VLAN Profile for Wireless page.

  5. Specify the basic VLAN settings by using the appropriate directions:
  6. When you have completed the basic settings, click Next or click Advanced Settings at the top of the wizard window.
  7. Specify the advanced settings. Complete the Advanced Settings options as described in the online help:
  8. When you have completed the advanced settings, click Next or click Review at the top of the wizard window.
  9. You can make changes to your profile from the Review page. Click Save > Finish to save the profile. For directions, see Reviewing and Saving the VLAN Profile Configuration.
  10. Click Finish.

    The system saves the VLAN profile and displays the Manage VLAN Profiles page. Your new or modified VLAN profile is listed in the table of VLAN profiles.

Specifying Basic EX Switching VLAN Settings

To configure the basic settings for an EX Switching VLAN profile, enter the settings described in Table 105. Required settings are indicated by a red asterisk (*) that appears next to the field label.

Table 105: VLAN Profile Basic Settings for EX Switching

Field

Action

Profile Name

Type a name for the profile.

You can use up to 32 characters for profiles created for wireless devices. Profile name must not contain special characters or spaces. Note that profiles that are automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

VLAN Name

Type the name of VLAN. The profile name and the VLAN name can be the same or different.

Description

Type a description to identify the group or function the VLAN will be part of. The character limit is 256 characters.

VLAN ID

You can indicate a single VLAN ID or a VLAN Range for EX Switching.

Single VLAN ID

To specify a single VLAN ID, type the single unique IEEE 802.1Q identifier for the VLAN (VLAN tag). The range for VLAN IDs is 1 through 4094.

Range of VLAN IDs

To indicate a range of VLAN IDs for EX Series switches, follow these steps:

Procedure

  1. Select Range instead of Single in the VLAN ID section.
  2. Provide the first and last VLAN IDs in the range.

    Tip: For example, if you enter 10 and 12, when you deploy the profile on a device, three VLANs are created with VLAN IDs 10, 11, and 12. The names of the VLANs are created from the name you specified by adding the VLAN ID as a suffix to the name, for example vlanname_10.

Click Next or click Advanced Settings at the top of the wizard window to configure advanced VLAN EX Switching profile settings. Advanced Settings are described in Specifying Advanced VLAN Profile Settings for EX Series Switches.

Specifying Basic Wireless VLAN Settings

To configure the basic settings for a wireless VLAN profile, enter the settings described in Table 106. Required settings are indicated by a red asterisk (*) that appears next to the field label.

Table 106: VLAN Wireless Profile Basic Settings

Field

Action

Profile Name

Type a unique name that identifies the profile.

Use up to 32 characters for wireless profile names. Profile names must not contain special characters or spaces. Note that profiles automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

VLAN Name

Type the name of VLAN. The profile name and the VLAN name can be the same or different.

Description

Type a description to identify the group or function the VLAN will be part of. The character limit is 256 characters.

VLAN ID

Single VLAN ID

Type a single unique IEEE 802.1Q identifier for the VLAN (VLAN tag). The range for VLAN IDs is 1 through 4094.

Click Next or click Advanced Settings at the top of the wizard window to configure advanced wireless VLAN profile settings. Wireless Advanced Settings are described in Specifying Advanced VLAN Profile Settings for Wireless VLANs.

Specifying Basic Campus Switching ELS VLAN Settings

To configure the basic settings for a Campus Switching ELS VLAN profile, enter the settings described in Table 107. Required settings are indicated by a red asterisk (*) that appears next to the field label.

Table 107: VLAN Profile Basic Settings for Campus Switching ELS

Field

Action

Profile Name

Type a unique name that identifies the profile.

You can use up to 32 characters for profiles created for wireless devices. Profile name must not contain special characters or spaces. Note that profiles that are automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

VLAN Name

Type the name of VLAN. The profile name and the VLAN name can be the same or be different.

Description

Type a description to identify the group or function of the VLAN. The character limit is 256 characters.

VLAN ID

Note: Campus Switching ELS supports a VLAN ID range only as part of a VLAN ID list. Follow the directions for adding a list of VLAN IDs if you are adding a VLAN range.

Single VLAN ID

To specify a single VLAN ID (default), type the single unique IEEE 802.1Q identifier for the VLAN—the VLAN tag. The range for VLAN IDs is 1 through 4094.

List of VLAN IDs

To create a list of VLAN IDs for switches, follow these steps:

Procedure

  1. Select List instead of Single in the VLAN ID section.
  2. Click Add under VLAN IDs.

    The Add VLAN Details window opens.

  3. To add a single VLAN ID to the list, type the VLAN ID and then click either Add which closes this window or Add More which allows you to continue adding to the list.
  4. To add a range of VLAN IDs to this list:

    Procedure

    1. In the Add VLAN Details window, select Range to add VLAN IDs in the range format 1 - 3.
    2. In the Add VLAN Details window, provide the first and last VLAN IDs in the range.

      Tip: For example, if you enter 10 and 12, when you deploy the profile on a device, three VLANs are created with VLAN IDs 10, 11, and 12. The names of the VLANs are created from the name you specified by adding the VLAN ID as a suffix to the name, for example vlanname_10.

    3. Click either Add to close this window, or Add More to allow you to continue adding to the list.
  5. When you are finished creating the list, close the window (if it is still open).

    All VLAN IDs you added appear in the VLAN IDs list.

Ethernet VLAN and FCoE VLAN
(applies to Data Center Switching only)

Select the type of VLAN, either Ethernet or Fibre Channel Over Ethernet (FCoE).

Click Next or click Advanced Settings at the top of the wizard window to configure advanced Campus Switching ELS VLAN profile settings. Advanced settings are described in Specifying Advanced VLAN Settings for Campus Switching ELS.

Specifying Basic VLAN Settings for Data Center Switching Non-ELS

To configure the basic settings for a data center switching non-ELS VLAN profile, enter the settings described in Table 108. Required settings are indicated by a red asterisk (*) that appears next to the field label.

Table 108: Data Center Switching Non-ELS VLAN Profile Basic Settings

Field

Action

Profile Name

Type a unique name that identifies the profile.

You can use up to 32 characters for profiles created for wireless devices. Profile name must not contain special characters or spaces. Note that profiles that are automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

VLAN Name

Type the name of VLAN. The profile name and the VLAN name can be the same or different.

Description

Type a description to identify the group or function the VLAN will be part of. The character limit is 256 characters.

VLAN Type

Select the type of VLAN, either Ethernet or Fibre Channel Over Ethernet (FCoE).

VLAN ID

You can always indicate a single VLAN ID. You can specify a VLAN List or VLAN Range for some products. The VLAN List or VLAN Range options are listed when they apply to the VLAN profile.

Single VLAN ID

To specify a single VLAN ID, type the single unique IEEE 802.1Q identifier for the VLAN (VLAN tag). The range for VLAN IDs is 1 through 4094.

Range of VLAN IDs

To indicate a range of VLAN IDs for switches, follow these steps:

Procedure

  1. Select List instead of Single in the VLAN ID section.
  2. Click Add under VLAN IDs.

    The Add VLAN Details window opens.

  3. In the Add VLAN Details window, select Range instead of Single.
  4. In the Add VLAN Details window, provide the first and last VLAN IDs in the range.

    Tip: For example, if you enter 10 and 12, when you deploy the profile on a device, three VLANs are created with VLAN IDs 10, 11, and 12. The names of the VLANs are created from the name you specified by adding the VLAN ID as a suffix to the name, for example vlanname_10.

  5. In the Add VLAN Details window, click Add.

    The Add VLAN Details window closes and the VLANs are added to the VLAN IDs list.

Click Next or click Advanced Settings at the top of the wizard window to configure advanced Data Center Non-ELS VLAN profile settings. Advanced Settings are described in Specifying Advanced VLAN Profile Settings for Data Center Switching Non-ELS.

Specifying Basic VLAN Settings for Data Center Switching ELS

To configure the basic settings for a Data Center Switching ELS VLAN profile, enter the settings described in Table 109. Required settings are indicated by a red asterisk (*) that appears next to the field label.

Table 109: VLAN Profile Basic Settings for Data Center Switching ELS

Field

Action

Profile Name

Type a unique name that identifies the profile.

You can use up to 32 characters for profiles created for wireless devices. Profile name must not contain special characters or spaces. Note that profiles that are automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

VLAN Name

Type the name of VLAN. The profile name and the VLAN name can be the same or be different.

Description

Type a description to identify the group or function of the VLAN. The character limit is 256 characters.

VLAN ID

Note: Data Center Switching ELS supports a VLAN ID range only as part of a VLAN ID list. Follow the directions for adding a list of VLAN IDs if you are adding a VLAN range.

Single VLAN ID

To specify a single VLAN ID (default), type the single unique IEEE 802.1Q identifier for the VLAN—the VLAN tag. The range for VLAN IDs is 1 through 4094.

List of VLAN IDs

To create a list of VLAN IDs for switches, follow these steps:

Procedure

  1. Select List instead of Single in the VLAN ID section.
  2. Click Add under VLAN IDs.

    The Add VLAN Details window opens.

  3. To add a single VLAN ID to the list, type the VLAN ID and then click either Add which closes this window or Add More which allows you to continue adding to the list.
  4. To add a range of VLAN IDs to this list:

    Procedure

    1. In the Add VLAN Details window, select Range to add VLAN IDs in the range format 1 - 3.
    2. In the Add VLAN Details window, provide the first and last VLAN IDs in the range.

      Tip: For example, if you enter 10 and 12, when you deploy the profile on a device, three VLANs are created with VLAN IDs 10, 11, and 12. The names of the VLANs are created from the name you specified by adding the VLAN ID as a suffix to the name, for example vlanname_10.

    3. Click either Add to close this window, or Add More to allow you to continue adding to the list.
  5. When you are finished creating the list, close the window (if it is still open).

    All VLAN IDs you added appear in the VLAN IDs list.

Click Next or click Advanced Settings at the top of the wizard window to configure advanced Data Center Switching ELS VLAN profile settings. Advanced Settings are described in Specifying Advanced VLAN Settings for Data Center Switching ELS.

Specifying Advanced VLAN Profile Settings for EX Series Switches

To configure the EX Switching advanced settings for the VLAN profile, enter the MAC parameters and Layer 2 filters described in Table 110 for EX Series switching. All settings are optional.

Table 110: VLAN Profile Advanced Settings for an EX Series Switch

EX Switching MAC Parameters

MAC Limit

Type the number of dynamic MAC addresses that can be learned on the VLAN. If this number is exceeded, packets containing new MAC addresses are dropped and an alarm is raised.

Setting a limit on the number of dynamic MAC addresses protects against an Ethernet switching table overflow attack.

MAC Aging Time (ms)

Indicate the number of milliseconds that unused dynamic MAC addresses remain in the MAC forwarding table before being deleted. If you specify the time as unlimited, entries are never removed from the table. Generally, use this setting only if the switch or the VLAN has a fairly static number of end devices—otherwise the table will eventually fill up. You can use this setting to minimize traffic loss and flooding that might occur when traffic arrives for MAC addresses that have been removed from the table.

The range is from 60 through 1,000,000.

EX Switching L2 Filters

L2 Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter Profile window and click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove the selected Filter profile, click Clear.

L2 Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove the selected Filter profile, click Clear.

EX Switching L3 Routing Filters

If you indicated a single VLAN ID under the Basic Settings, you can specify one or more routing parameters (Layer 3 filters) for the profile.

L3 Ingress Filter

L3 IPv6 Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove the selected Filter profile, click Clear.

L3 Egress Filter

L3 IPv6 Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove the selected Filter profile, click Clear.

VLAN Security Settings

Optionally, select VLAN Security Settings to display the security options DHCP, ARP inspection, and MAC movement limit for VLAN profiles for EX switching.

Enable DHCP Snooping

Check to apply a series of security techniques to the DHCP infrastructure.

Enable ARP Inspection

The Address Resolution Protocol (ARP), which provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address, has security issues. Select this option to apply inspection to untrusted interfaces.

MAC Movement Limit

Indicate the number of times a MAC address entry can be moved in the MAC address table without consequences.

MAC Movement Action

When a MAC Movement Limit is specified, select an action to be applied to MAC addresses that exceed the MAC Movement Limit: None, Log, Drop, Shut Down, or Drop and Log.

VRRP Settings

Select the VRRP profile for the interface from a list of existing profiles by clicking Select. Select one of the listed profiles, and then click OK.

Click Next or click Review to see the Review page of the wizard. For review directions, see Reviewing and Saving the VLAN Profile Configuration.

Specifying Advanced VLAN Profile Settings for Wireless VLANs

To configure the advanced settings for the wireless VLAN profile, enter the settings described in Table 111 for a wireless LAN controller. All fields are optional.

Table 111: VLAN Profile Advanced Settings for a Wireless LAN Controller

Field

Action

Filter

Task: Add a Filter to the VLAN

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and click OK. The filter configuration contained in the profile is applied to ingress traffic or egress traffic or both based on the selected direction.

To remove the selected Filter profile, click Clear.

Direction: If you added a filter, select the direction of the traffic towards which the filter will be applied. The options are:

  • In—to apply the filter to ingress traffic only.
  • Out—to apply the filter to egress traffic only.
  • Both—to apply the filter for both ingress and egress traffic.
  • None—if you do not want to apply the filter to either ingress or egress traffic.

The default value is Both, which means the filter is applied for both ingress and egress traffic.

Note: The direction None is applicable only when no Filter profile is selected.

Enable DHCP
(Disabled by default)

Enable DHCP client for the VLAN. By selecting the check box, you enable VLAN to obtain the Layer 3 interface IP address from the DHCP server.

IGMP Settings

Optionally, expand the IGMP Settings section and modify the default settings. Internet Group Management Protocol (IGMP) snooping controls multicast traffic on a controller by forwarding packets for a multicast group only on the ports that are connected to members of the group. The controller listens for multicast packets and maintains a table of multicast groups, as well as their sources and receivers, based on the traffic.

IGMP Enabled

IGMP is enabled by default. You can disable it by removing the check mark.

Version
(default is Version 2)

Select the IGMP version, Version 1 or Version 2, from the list.

Querier Enabled
(default is disabled)

Select the check box to enable pseudo-query.

Tip: The IGMP querier enables IGMP snooping to operate in a VLAN without a multicast router to send IGMP general queries to clients.

Juniper Networks recommends that you enable the querier only when the VLAN contains local multicast traffic sources and no multicast router is supporting the subnet.

Query Interval
(default is 125 seconds)

Enter or select the number of seconds that elapse between general queries sent by the controller to advertise multicast groups.

You can specify a value from 1 through 65,535. The default is 125 seconds.

Other Querier Present Interval
(default is 255 seconds)

Enter or select the number of seconds that the controller waits for a general query to arrive from another querier before becoming the querier.

You can specify a value from 1 through 65,535. The default is 255 seconds.

Query Response Interval
(default is 1 second)

Enter or select the number of seconds, in tenths, that the controller waits for a receiver to respond to a group-specific query message before removing the receiver from the group receiver list.

You can specify a value from 1 through 255 tenths of a second. The default is 100 tenths of a second (10 seconds).

Tip: The query interval, other-querier-present interval, and query response interval are applicable only when the controller is the querier for the subnet. For the controller to become the querier, the querier feature must be enabled on the controller and the controller must have the lowest IP address among all the devices eligible to become a querier.

Last Member Query Interval
(default is 1 second)

Enter or select the number of tenths of a second that the controller waits for a response to a group-specific query after receiving a leave message for that group, before removing the receiver that sent the leave message from the list of receivers for the group. If there are no more receivers for the group, the controller also sends a leave message for the group to multicast routers.

You can specify a value from 1 through 255 tenths of a second. The default is 10 tenths of a second (1 second).

Robustness Value
(default is 2)

Enter or select a number used as a multiplier to adjust the IGMP timers to the amount of traffic loss that occurs on the network. Set a higher value to adjust for more traffic loss.

You can specify a value from 2 through 255. The default is 2.

Proxy Request
(default is enabled)

Enable or disable proxy request. Proxy request is enabled by default.

Proxy request reduces multicast overhead by sending only one request for each active group to the multicast routers, instead of sending a separate request from each multicast receiver.

Multicast Router Solicitation
(default is disabled)

Enable or disable multicast router solicitation. Router solicitation is disabled by default.

A controller can search for multicast routers by sending multicast router solicitation messages. This message invites multicast routers receiving the message and support router solicitation to immediately advertise themselves to the controller.

Solicitation Interval
(default is 30 seconds)

If you enabled Multicast Router Solicitation, enter or select the multicast router solicitation interval in seconds. You can specify a value from 1 through 65,535 seconds.

The default multicast router solicitation interval is 30 seconds.

Spanning Tree Protocol Settings

Optionally, expand Spanning Tree Protocol Settings to enable and configure STP on this VLAN.

Enabled
(default is disabled)

Select the check box to enable the Spanning Tree Protocol (STP) on the VLAN profile.

Instance Number

The VLAN ID you indicated under basic settings is reflected here. You cannot change this number.

Bridge Priority
(default is 32768)

Enter or select a bridge priority number from 0 through 65,535. The default bridge priority for all devices is 32,768.

The bridge priority determines the controllers eligibility to become the root bridge. You can set this parameter globally or on individual VLANs.

The root bridge is elected on the basis of the bridge priority of each device in the spanning tree. The device with the highest bridge priority is elected to be the root bridge for the spanning tree.

The bridge priority is a numeric value from 0 through 65,535. Lower numeric values represent higher priorities. The highest priority is 0, and the lowest priority is 65,535.

If more than one device has the highest bridge priority (lowest numeric value), the device with the lowest MAC address becomes the root bridge. If the root bridge fails, STP elects a new root bridge on the basis of the bridge priorities of the remaining bridges.

Protocol
(default is PVST)

Enter the protocol for the VLAN.

Network Director supports 802.1D and Per-VLAN Spanning Tree plus (PVST+).

Max Age
(default is 20 seconds)

Enter or select an age from 6 through 40 seconds. The default is 20 seconds.

The period of time that a controller acting as a designated bridge waits for a new hello packet from the root bridge before determining that the root bridge is no longer available and is initiating a topology change. You can specify a range from 6 through 40 seconds. The default is 20 seconds.

Hello Time
(default is 2 seconds)

Enter or select an interval from 1 through 10 seconds. The default is 2 seconds.

The interval between configuration messages sent by a controller when the controller is acting as the root bridge. You can specify an interval from 1 through 10 seconds. The default is 2 seconds.

Forward Delay
(default is 15 seconds)

Enter or a select a time delay from 4 through 30 seconds. The default is 15 seconds.

The period of time a bridge other than the root bridge waits after receiving a topology change notification to begin forwarding data packets. You can specify a delay from 4 through 30 seconds. The default is 15 seconds. (The root bridge always forwards traffic.)

mDNS Settings

mDNS is a simple way to enable Apple TV, Internet Printing, and/or iTunes on this VLAN profile. For more information, see Understanding Bonjour.

Tip: You must have an existing mDNS Profile to add to a VLAN Profile. To create an mDNS Profile, see Creating and Managing mDNS Profiles.

mDNS Profile

Add an existing mDNS Profile to the VLAN Profile by clicking Select, selecting one of the listed mDNS Profiles, and then clicking OK. The profile name is now listed in the mDNS Profile field.

Location Service

Procedure

To specify the mDNS services for this VLAN Profile (Apple TV, Internet Printing, iTunes):

  1. Provide a unique name for the service at this VLAN Profile.
  2. Add one or more of the available mDNS services to this VLAN by clicking Add under Location Service.

    The phrase Enter service here appears in the list of services.

  3. Select the phrase Enter service here.

    A list box replaces the phrase.

  4. From the list of services, select one of the following:
    • _airplay._tcp—Apple TV
    • _ipp._tcp—Internet printer
    • _daap._tcp—Digital Auto Access Protocol (iTunes)
    • All

    The selected services are listed under Services.

Restrict L2 Traffic

Optionally, check Restrict L2 Traffic to display the list of restricted MAC addresses. You can also add or delete MAC addresses.

Task: Add a MAC address to the list

To add a MAC address, click Add, double-click Enter MAC address here..., and then type the MAC address in the format 12:ae:53:ef:56:76.

Task: Remove a MAC address from the list

To remove a MAC address, select one of the MAC addresses from the list and then click Delete.

Click Next or click Review to see the Review page of the wizard. For review directions, see Reviewing and Saving the VLAN Profile Configuration.

Specifying Advanced VLAN Settings for Campus Switching ELS

To configure the advanced settings for a Campus Switching ELS VLAN profile, specify the parameters described in Table 112 for Campus Switching ELS. All settings are optional.

Table 112: VLAN Profile Advanced Settings for Campus Switching ELS

Field

Action

Campus Switching ELS MAC Parameters

Interface MAC Limit

Indicate the number of dynamic MAC addresses that can be learned on the VLAN. If this number is exceeded, packets containing new MAC addresses are dropped and an alarm is raised.

Setting a limit on the number of dynamic MAC addresses protects against an Ethernet switching table overflow attack.

Packet Action

Indicate the packet action for MAC addresses that exceed the Interface MAC Limit, by selecting None, Log, Drop, Shut Down, or Drop and Log.

MAC Table Size

If you indicated an Interface MAC limit, provide a table size here by using the up and down arrows. The MAC table must allow for at least 16 entries—you can increase this limit with the arrow.

L2 Filters

Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter Profile window and then click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Routing

If you selected a single VLAN ID under Basic Settings, you can specify Layer 3 filter routing parameters for the VLAN profile.

Note: If an IP address is configured for a VLAN on some devices, then the configured IP address will be retained and a DHCP client will not be enabled on those devices. Also, if you indicated a VLAN range for basic ELS switching configuration, this option is not available.

Routing L3 Filters

Ingress Filter

IPv6 Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Egress Filter

IPv6 Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

VLAN Security Settings

Optionally, enable VLAN Security Settings to display the security options DHCP, ARP inspection, and MAC movement limit for VLAN profiles for ELS switching.

Enable DHCP Snooping

When checked (default), this option applies a series of security techniques to the DHCP infrastructure.

Enable ARP Inspection

The Address Resolution Protocol (ARP), which provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address, has security issues. Select this option to apply inspection to untrusted interfaces.

MAC Movement Limit

Indicate the number of times a MAC address entry can be moved in the MAC address table without consequences.

MAC Movement Action

When a MAC Movement Limit is specified, select an action to be applied to MAC addresses that exceed the MAC Movement Limit: None, Log, Drop, Shut Down, or Drop and Log.

Click Next or click Review to see the Review page of the wizard. For review directions, see Reviewing and Saving the VLAN Profile Configuration.

Specifying Advanced VLAN Profile Settings for Data Center Switching Non-ELS

Procedure

To configure the advanced settings for a data center switching non-ELS VLAN profile:

  1. Enter advanced settings for the profile on the Advanced Setting page.

    The settings that are available depend on which types of VLAN you are configuring—Ethernet or FCoE. Settings for Ethernet VLANs are described in both the online help and in Table 113. Settings for FCoE VLANs are described in both the online help and in Table 114. All settings are optional.

    Table 113: VLAN Profile Advanced Settings for a Data Center Switching Non-ELS Ethernet VLAN

    Field

    Action

    Switching

    Specify the switching parameters (MAC parameters and Layer 2 filters) for the profile.

    MAC Parameters

    MAC Limit

    Type the number of dynamic MAC addresses that can be learned on the VLAN. If this number is exceeded, packets containing new MAC addresses are dropped and an alarm is raised.

    Setting a limit on the number of dynamic MAC addresses protects against an Ethernet switching table overflow attack.

    MAC Aging Time (ms)

    Indicate the number of milliseconds unused dynamic MAC addresses remain in the MAC forwarding table before being deleted. If you specify the time as unlimited, entries are never removed from the table. Generally, use this setting only if the switch or the VLAN has a fairly static number of end devices—otherwise the table will eventually fill up. You can use this setting to minimize traffic loss and flooding that might occur when traffic arrives for MAC addresses that have been removed from the table.

    The range is from 60 through 1,000,000 ms.

    L2 Filters

    Ingress Filter

    Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter Profile window and click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

    To remove the selected Filter profile, click Clear.

    Egress Filter

    Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

    To remove the selected Filter profile, click Clear.

    Routing

    If you selected a single VLAN ID under Basic Settings, you can specify Layer 3 filter routing parameters for the VLAN profile.

    Note: If an IP address is configured for a VLAN on some devices, then the configured IP address will be retained and a DHCP client will not be enabled on those devices. Also, if you indicated a VLAN range for basic ELS switching configuration, this option is not available.

    Routing L3 Filters

    Ingress Filter

    IPv6 Ingress Filter

    Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

    To remove a selected Filter profile, click Clear.

    Egress Filter

    IPv6 Egress Filter

    Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

    To remove a selected Filter profile, click Clear.

    VLAN Security Settings

    Enable DHCP Snooping

    When checked (default), this option applies a series of security techniques to the DHCP infrastructure.

    Enable ARP Inspection

    The Address Resolution Protocol (ARP), which provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address, has security issues. Select this option to apply inspection to untrusted interfaces.

    MAC Movement Limit

    Indicate the number of times a MAC address entry can be moved in the MAC address table without consequences.

    Fabric Limit

    Specify the maximum number of times a MAC address can move in a QFabric system. If no fabric limit is specified then the value given for the mac-move-limit applies to the QFabric system.

    MAC Movement Action

    When a MAC Movement Limit is specified, select an action to be applied to MAC addresses that exceed the MAC Movement Limit. The options are: None, Log, Drop, Shut Down, and Drop and Log.

    FIP Snooping Settings

    Enable V2V2N Snooping

    Select to enable VN_Port to VN_Port (VN2VN) FIP snooping on the VLAN.

    Beacon Period (ms)

    Set the interval between periodic beacons, in milliseconds. Beacons perform virtual link maintenance for VN_Ports in a way that is similar to FIP keepalive advertisements.

    Range: 250 through 90000 milliseconds. Default: 8000 milliseconds.

    FC Map

    Set the FCoE mapped address prefix (FC-MAP) value for the FCoE VLAN to match the FC switch (or FCoE forwarder) FC-MAP value for the FC fabric. The FC-MAP value is a unique MAC address prefix an FC switch uses to identify FCoE traffic for a given FC fabric (traffic on a particular FCoE VLAN).

    Range: 0x0EFC00 through 0x0EFCFF. Default: 0xEFC00

    Table 114 describes the advanced settings for a Data Center Switching Non-ELS FCoE VLAN.

    Table 114: VLAN Profile Advanced Settings for a Data Center Switching Non-ELS FCoE VLAN

    Field

    Action

    Switching

    Specify the switching parameters (MAC parameters and Layer 2 filters) for the profile.

    MAC Parameters

    MAC Limit

    Type the number of dynamic MAC addresses that can be learned on the VLAN. If this number is exceeded, packets containing new MAC addresses are dropped and an alarm is raised.

    Setting a limit on the number of dynamic MAC addresses protects against an Ethernet switching table overflow attack.

    MAC Aging Time (ms)

    Indicate the number of milliseconds unused dynamic MAC addresses remain in the MAC forwarding table before being deleted. If you specify the time as unlimited, entries are never removed from the table. Generally, use this setting only if the switch or the VLAN has a fairly static number of end devices—otherwise the table will eventually fill up. You can use this setting to minimize traffic loss and flooding that might occur when traffic arrives for MAC addresses that have been removed from the table.

    The range is from 60 through 1,000,000.

    L2 Filters

    Ingress Filter

    Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter Profile window and click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

    To remove the selected Filter profile, click Clear.

    Egress Filter

    Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

    To remove the selected Filter profile, click Clear.

    VLAN Security Settings

    Enable DHCP Snooping

    Select the check box to enable DHCP snooping.

    Enable ARP Inspection

    Select the check box to enable ARP Inspection.

    MAC Movement Limit

    Enter the MAC movement limit.

    Fabric Limit

    Specify the maximum number of times a MAC address can move in a QFabric system. If no fabric limit is specified then the value given for the mac-move-limit applies to the QFabric system.

    MAC Movement Action

    Select one of the options. The options are: None, Log, Drop, and Shutdown.

    FIP Snooping Settings

    Selecting the FIP Snooping check box enables FIP snooping with the default FC-Map. This stops access for all traffic other than FCoE traffic.

    Enable VN2VN Snooping

    Select to enable VN_Port to VN_Port (VN2VN) FIP snooping on the VLAN.

    Beacon Period (ms)

    Set the interval between periodic beacons, in milliseconds. Beacons perform virtual link maintenance for VN_Ports in a way that is similar to FIP keepalive advertisements.

    Range: 250 through 90000 milliseconds. Default: 8000 milliseconds.

    FC Map

    Set the FCoE mapped address prefix (FC-MAP) value for the FCoE VLAN to match the FC switch (or FCoE forwarder) FC-MAP value for the FC fabric. The FC-MAP value is a unique MAC address prefix an FC switch uses to identify FCoE traffic for a given FC fabric (traffic on a particular FCoE VLAN).

    Range: 0x0EFC00 through 0x0EFCFF. Default: 0xEFC00.

  2. Click Next or click Review to see the Review page of the wizard. For review directions, see Reviewing and Saving the VLAN Profile Configuration.

    You can either save your profile or make changes to your profile from the Review page.

Specifying Advanced VLAN Settings for Data Center Switching ELS

To configure the advanced settings for a Data Center Switching ELS VLAN profile, specify the parameters described in Table 115 for an Ethernet VLAN profile. All settings are optional.

Table 115: VLAN Profile Advanced Settings for Data Center Switching ELS Ethernet VLAN

Field

Action

Data Center Switching ELS MAC Parameters

Interface MAC Limit

Indicate the number of dynamic MAC addresses that can be learned on the VLAN. If this number is exceeded, packets containing new MAC addresses are dropped and an alarm is raised.

Setting a limit on the number of dynamic MAC addresses protects against an Ethernet switching table overflow attack.

Packet Action

Indicate the packet action for MAC addresses that exceed the Interface MAC Limit. The options are: None, Log, Drop, Shut Down, and Drop and Log.

MAC Table Size

If you indicated an Interface MAC limit, provide a table size here by using the up and down arrows. The MAC table must allow for at least 16 entries—you can increase this limit by using the arrow.

L2 Filters

Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter Profile window and then click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Routing

If you selected a single VLAN ID under Basic Settings, you can specify Layer 3 filter routing parameters for the VLAN profile.

Note: If an IP address is configured for a VLAN on some devices, then the configured IP address will be retained and a DHCP client will not be enabled on those devices. Also, if you indicated a VLAN range for basic ELS switching configuration, this option is not available.

Routing L3 Filters

Ingress Filter

IPv6 Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Egress Filter

IPv6 Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

VLAN Security Settings

Optionally, enable VLAN Security Settings to display the security options DHCP, ARP inspection, and MAC movement limit for VLAN profiles for ELS switching.

Enable DHCP Snooping

When checked (default), this option applies a series of security techniques to the DHCP infrastructure.

Enable ARP Inspection

The Address Resolution Protocol (ARP), which provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address, has security issues. Select this option to apply inspection to untrusted interfaces.

MAC Movement Limit

Indicate the number of times a MAC address entry can be moved in the MAC address table without consequences.

MAC Movement Action

When a MAC Movement Limit is specified, select an action to be applied to MAC addresses that exceed the MAC Movement Limit. The options are: None, Log, Drop, Shut Down, and Drop and Log.

FIP Snooping Settings

Enable VN2VN Snooping

Select to enable VN_Port to VN_Port (VN2VN) FIP snooping on the VLAN.

Beacon Period (ms)

Set the interval between periodic beacons, in milliseconds. Beacons perform virtual link maintenance for VN_Ports in a way that is similar to FIP keepalive advertisements.

Range: 250 through 90000 milliseconds. Default: 8000 milliseconds.

FC Map

Set the FCoE mapped address prefix (FC-MAP) value for the FCoE VLAN to match the FC switch (or FCoE forwarder) FC-MAP value for the FC fabric. The FC-MAP value is a unique MAC address prefix an FC switch uses to identify FCoE traffic for a given FC fabric (traffic on a particular FCoE VLAN).

Range: 0x0EFC00 through 0x0EFCFF. Default: 0xEFC00.

Click Next or click Review to see the Review page of the wizard. For review directions, see Reviewing and Saving the VLAN Profile Configuration.

Reviewing and Saving the VLAN Profile Configuration

From this page, you can either save the VLAN profile or make changes to the VLAN profile:

What to Do Next

Once the VLAN profile is created, you must assign the VLAN profile from the Assign VLAN Profile page to the required ports, switches, or controllers. You can also assign VLAN profiles to controller managed access points and cluster managed access points. To assign a VLAN profile, see Assigning a VLAN Profile to Devices or Ports. After you assign a VLAN profile to a port, switch, access point, or controller, you must deploy the profile configuration from the Deploy mode. For directions on deploying your configurations, see Deploying Configuration to Devices.

FCoE VLANs are assigned to Fabric profiles, where they define the FCoE VLAN for a gateway FC fabric.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit