Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Creating and Managing VLAN Profiles

 

You can create and manage VLAN profiles on switches and QFX Series devices by using the Manage VLAN Profiles window. Each VLAN profile is specific to a device family. After you create a VLAN profile, you can assign the profile at port level, or switch level.

Use the Manage VLAN Profiles page to create new VLAN profiles and to manage existing VLAN profiles.

This topic describes:

Managing VLAN Profiles

From the Manage VLAN Profiles page, you can:

  • Create a new profile by clicking Add. For directions, see Creating a VLAN Profile.

  • Modify an existing profile by selecting the profile and clicking Edit.

  • Assign a profile to a port or a switch, by selecting the profile and clicking Assign. For directions, see Assigning a VLAN Profile to Devices or Ports.

  • Modify an existing assignment of a profile by selecting the profile and clicking Edit Assignment.

  • View information about a VLAN profile, including the interfaces it is associated with, by either clicking the profile name or by selecting the profile and clicking Details.

  • Delete profiles by selecting the profiles and clicking Delete.

    Tip

    You cannot delete profiles that are in use—that is, assigned to objects or being used by other profiles. To see the current assignments for a profile, select the profile, click Details, and then click the Assigned Objects Tab in the Details window.

  • Clone a VLAN profile by selecting the profile and clicking Clone.

Table 1 describes the fields in the Manage VLAN Profiles page. This page lists all VLAN profiles defined for your network.

Table 1: Manage VLAN Profile Fields

Field

Description

Profile Name

Name given to the profile when the profile was created.

VLAN Name

Name given to the VLAN when the VLAN profile was created.

Family Type

The device family; an EX Series switch or Campus Switching ELS.

VLAN ID

VLAN ID assigned when the profile was created.

VLAN Range

Range of VLAN IDs assigned when the profile was created.

Tip: If a VLAN ID is displayed, VLAN range will be null. Also, Campus Switching ELS supports a VLAN ID range only as part of a VLAN ID list.

VLAN ID List

VLAN IDs can be either individually listed (with a space to separate each ID), an inclusive list separating the starting VLAN ID and ending VLAN ID with a hyphen, or a combination of both.

Tip: If a VLAN ID is displayed, VLAN range will be null. Also, this column will never have a value for EX Switching because it is not available.

Description

Description of the VLAN profile entered when the profile was created.

Assignment State

Displays the assignment state of the profile. A profile can be:

  • Unassigned—When the profile is not assigned to any object.

  • Deployed—When the profile is assigned and is deployed from Deploy mode.

  • Pending Deployment—When the profile is assigned, but not yet deployed in the network.

Creation Time

Date and time when the profile was created.

Last Updated Time

Date and time when the profile was last modified.

User Name

The username of the person who created or modified the profile.

Tip

All columns might not be displayed. To show or hide fields listed in the Manage Authorization Profiles table, click the down arrow on the field header, select Columns, and select or clear the check box adjacent to the field that you want to show or hide.

Creating a VLAN Profile

To create a VLAN profile, at minimum, you must specify the VLAN name and the IEEE 802.1Q VLAN tag for the profile. You also must indicate a device family for the VLAN: EX Series Switches, Campus Switching ELS.

In the VLAN, you can specify additional VLAN profile configuration such as:

  • Ingress or egress filters to be used on the VLAN

  • Parameters for handling the MAC forwarding table

To create a VLAN profile:

  1. Under Views, select one of these options: Logical View, Location View, Device View or Custom Group View.Tip

    Do not select Dashboard View, Datacenter View, or Topology View.

  2. Click in the Network Director banner.
  3. From the Tasks pane, select the type of network (Wired), the appropriate functional area, and then select the name of the profile that you want to create. For example, to create a PORT profile for a wired device, click Wired > Profiles > PORT. The appropriate Manage Profile page opens.
  4. Click Add to add a new profile.

    If you chose to create a profile for the wired network, Network Director opens the Device Family Chooser window.

    1. From the Device Family Chooser, select the device family for which you want to create a profile. The available device families are Switching (EX), Campus Switching ELS (Enhanced Layer 2 Software), and Data Center Switching ELS.
    2. Click OK.

      The Create VLAN Profile page for the selected device family is displayed. It consists of three sections, Basic Settings, Advanced Settings, and Review.

  5. Specify the basic VLAN settings by using the appropriate directions:
  6. When you have completed the basic settings, click Next or click Advanced Settings at the top of the wizard window.
  7. Specify the advanced settings. Complete the Advanced Settings options as described in the online help:
  8. When you have completed the advanced settings, click Next or click Review at the top of the wizard window.
  9. You can make changes to your profile from the Review page. Click Save > Finish to save the profile. For directions, see Reviewing and Saving the VLAN Profile Configuration.
  10. Click Finish.

    The system saves the VLAN profile and displays the Manage VLAN Profiles page. Your new or modified VLAN profile is listed in the table of VLAN profiles.

Specifying Basic EX Switching VLAN Settings

To configure the basic settings for an EX Switching VLAN profile, enter the settings described in Table 2. Required settings are indicated by a red asterisk (*) that appears next to the field label.

Table 2: VLAN Profile Basic Settings for EX Switching

Field

Action

Profile Name

Type a name for the profile.

Profile name must not contain special characters or spaces. Note that profiles that are automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

VLAN Name

Type the name of VLAN. The profile name and the VLAN name can be the same or different.

Description

Type a description to identify the group or function the VLAN will be part of. The character limit is 256 characters.

VLAN ID

You can indicate a single VLAN ID or a VLAN Range for EX Switching.

Single VLAN ID

To specify a single VLAN ID, type the single unique IEEE 802.1Q identifier for the VLAN (VLAN tag). The range for VLAN IDs is 1 through 4094.

Range of VLAN IDs

To indicate a range of VLAN IDs for EX Series switches, follow these steps:

  1. Select Range instead of Single in the VLAN ID section.
  2. Provide the first and last VLAN IDs in the range.

    Tip: For example, if you enter 10 and 12, when you deploy the profile on a device, three VLANs are created with VLAN IDs 10, 11, and 12. The names of the VLANs are created from the name you specified by adding the VLAN ID as a suffix to the name, for example vlanname_10.

Click Next or click Advanced Settings at the top of the wizard window to configure advanced VLAN EX Switching profile settings. Advanced Settings are described in Specifying Advanced VLAN Profile Settings for EX Series Switches.

Specifying Basic Campus Switching ELS VLAN Settings

To configure the basic settings for a Campus Switching ELS VLAN profile, enter the settings described in Table 3. Required settings are indicated by a red asterisk (*) that appears next to the field label.

Table 3: VLAN Profile Basic Settings for Campus Switching ELS

Field

Action

Profile Name

Type a unique name that identifies the profile.

Profile name must not contain special characters or spaces. Note that profiles that are automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

VLAN Name

Type the name of VLAN. The profile name and the VLAN name can be the same or be different.

Description

Type a description to identify the group or function of the VLAN. The character limit is 256 characters.

VLAN ID

Note: Campus Switching ELS supports a VLAN ID range only as part of a VLAN ID list. Follow the directions for adding a list of VLAN IDs if you are adding a VLAN range.

Single VLAN ID

To specify a single VLAN ID (default), type the single unique IEEE 802.1Q identifier for the VLAN—the VLAN tag. The range for VLAN IDs is 1 through 4094.

List of VLAN IDs

To create a list of VLAN IDs for switches, follow these steps:

  1. Select List instead of Single in the VLAN ID section.
  2. Click Add under VLAN IDs.

    The Add VLAN Details window opens.

  3. To add a single VLAN ID to the list, type the VLAN ID and then click either Add which closes this window or Add More which allows you to continue adding to the list.
  4. To add a range of VLAN IDs to this list:
    1. In the Add VLAN Details window, select Range to add VLAN IDs in the range format 1 - 3.
    2. In the Add VLAN Details window, provide the first and last VLAN IDs in the range.

      Tip: For example, if you enter 10 and 12, when you deploy the profile on a device, three VLANs are created with VLAN IDs 10, 11, and 12. The names of the VLANs are created from the name you specified by adding the VLAN ID as a suffix to the name, for example vlanname_10.

    3. Click either Add to close this window, or Add More to allow you to continue adding to the list.
  5. When you are finished creating the list, close the window (if it is still open).

    All VLAN IDs you added appear in the VLAN IDs list.

Click Next or click Advanced Settings at the top of the wizard window to configure advanced Campus Switching ELS VLAN profile settings. Advanced settings are described in Specifying Advanced VLAN Settings for Campus Switching ELS.

Specifying Basic VLAN Settings for Data Center Switching ELS

To configure the basic settings for a Data Center Switching ELS VLAN profile, specify the parameters described in Table 4 for an Ethernet VLAN profile. All settings are optional.

Table 4: VLAN Profile Basic Settings for Data Center Switching ELS

Field

Action

Data Center Switching ELS MAC Parameters

Profile Name

Type a unique name that identifies the profile.

Profile name must not contain special characters or spaces. Note that profiles that are automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

VLAN Name

Type the name of VLAN. The profile name and the VLAN name can be the same or be different.

Description

Type a description to identify the group or function of the VLAN. The character limit is 256 characters.

VLAN ID

Note: Data Center Switching ELS supports a VLAN ID range only as part of a VLAN ID list. Follow the directions for adding a list of VLAN IDs if you are adding a VLAN range.

Single VLAN ID

To specify a single VLAN ID (default), type the single unique IEEE 802.1Q identifier for the VLAN—the VLAN tag. The range for VLAN IDs is 1 through 4094.

List of VLAN IDs

To create a list of VLAN IDs for switches, follow these steps:

  1. Select List instead of Single in the VLAN ID section.

  2. Click Add under VLAN IDs.

    The Add VLAN Details window opens.

  3. To add a single VLAN ID to the list, type the VLAN ID and then click either Add which closes this window or Add More which allows you to continue adding to the list.

  4. To add a range of VLAN IDs to this list:

    1. In the Add VLAN Details window, select Range to add VLAN IDs in the range format 1 - 3.

    2. In the Add VLAN Details window, provide the first and last VLAN IDs in the range.

      Tip: For example, if you enter 10 and 12, when you deploy the profile on a device, three VLANs are created with VLAN IDs 10, 11, and 12. The names of the VLANs are created from the name you specified by adding the VLAN ID as a suffix to the name, for example vlanname_10.

    3. Click either Add to close this window, or Add More to allow you to continue adding to the list.

  5. When you are finished creating the list, close the window (if it is still open).

    All VLAN IDs you added appear in the VLAN IDs list.

Click Next or click Advanced Settings at the top of the wizard window to configure advanced Data Center Switching ELS VLAN profile settings. Advanced Settings are described in Specifying Advanced VLAN Settings for Campus Switching ELS.

Specifying Advanced VLAN Profile Settings for EX Series Switches

To configure the EX Switching advanced settings for the VLAN profile, enter the MAC parameters and Layer 2 filters described in Table 5 for EX Series switching. All settings are optional.

Table 5: VLAN Profile Advanced Settings for an EX Series Switch

EX Switching MAC Parameters

MAC Limit

Type the number of dynamic MAC addresses that can be learned on the VLAN. If this number is exceeded, packets containing new MAC addresses are dropped and an alarm is raised.

Setting a limit on the number of dynamic MAC addresses protects against an Ethernet switching table overflow attack.

MAC Aging Time (ms)

Indicate the number of milliseconds that unused dynamic MAC addresses remain in the MAC forwarding table before being deleted. If you specify the time as unlimited, entries are never removed from the table. Generally, use this setting only if the switch or the VLAN has a fairly static number of end devices—otherwise the table will eventually fill up. You can use this setting to minimize traffic loss and flooding that might occur when traffic arrives for MAC addresses that have been removed from the table.

The range is from 60 through 1,000,000.

EX Switching L2 Filters

L2 Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter Profile window and click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove the selected Filter profile, click Clear.

L2 Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove the selected Filter profile, click Clear.

EX Switching L3 Routing Filters

If you indicated a single VLAN ID under the Basic Settings, you can specify one or more routing parameters (Layer 3 filters) for the profile.

L3 Ingress Filter

L3 IPv6 Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove the selected Filter profile, click Clear.

L3 Egress Filter

L3 IPv6 Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove the selected Filter profile, click Clear.

VLAN Security Settings

Optionally, select VLAN Security Settings to display the security options DHCP, ARP inspection, and MAC movement limit for VLAN profiles for EX switching.

Enable DHCP Snooping

Check to apply a series of security techniques to the DHCP infrastructure.

Enable ARP Inspection

The Address Resolution Protocol (ARP), which provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address, has security issues. Select this option to apply inspection to untrusted interfaces.

MAC Movement Limit

Indicate the number of times a MAC address entry can be moved in the MAC address table without consequences.

MAC Movement Action

When a MAC Movement Limit is specified, select an action to be applied to MAC addresses that exceed the MAC Movement Limit: None, Log, Drop, Shut Down, or Drop and Log.

VRRP Settings

Select the VRRP profile for the interface from a list of existing profiles by clicking Select. Select one of the listed profiles, and then click OK.

Click Next or click Review to see the Review page of the wizard. For review directions, see Reviewing and Saving the VLAN Profile Configuration.

Specifying Advanced VLAN Settings for Campus Switching ELS

To configure the advanced settings for a Campus Switching ELS VLAN profile, specify the parameters described in Table 6 for Campus Switching ELS. All settings are optional.

Table 6: VLAN Profile Advanced Settings for Campus Switching ELS

Field

Action

Campus Switching ELS MAC Parameters

Interface MAC Limit

Indicate the number of dynamic MAC addresses that can be learned on the VLAN. If this number is exceeded, packets containing new MAC addresses are dropped and an alarm is raised.

Setting a limit on the number of dynamic MAC addresses protects against an Ethernet switching table overflow attack.

Packet Action

Indicate the packet action for MAC addresses that exceed the Interface MAC Limit, by selecting None, Log, Drop, Shut Down, or Drop and Log.

MAC Table Size

If you indicated an Interface MAC limit, provide a table size here by using the up and down arrows. The MAC table must allow for at least 16 entries—you can increase this limit with the arrow.

L2 Filters

Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter Profile window and then click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Routing

If you selected a single VLAN ID under Basic Settings, you can specify Layer 3 filter routing parameters for the VLAN profile.

Note: If an IP address is configured for a VLAN on some devices, then the configured IP address will be retained and a DHCP client will not be enabled on those devices. Also, if you indicated a VLAN range for basic ELS switching configuration, this option is not available.

Routing L3 Filters

Ingress Filter

IPv6 Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Egress Filter

IPv6 Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

VLAN Security Settings

Optionally, enable VLAN Security Settings to display the security options DHCP, ARP inspection, and MAC movement limit for VLAN profiles for ELS switching.

Enable DHCP Snooping

When checked (default), this option applies a series of security techniques to the DHCP infrastructure.

Enable ARP Inspection

The Address Resolution Protocol (ARP), which provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address, has security issues. Select this option to apply inspection to untrusted interfaces.

MAC Movement Limit

Indicate the number of times a MAC address entry can be moved in the MAC address table without consequences.

MAC Movement Action

When a MAC Movement Limit is specified, select an action to be applied to MAC addresses that exceed the MAC Movement Limit: None, Log, Drop, Shut Down, or Drop and Log.

Click Next or click Review to see the Review page of the wizard. For review directions, see Reviewing and Saving the VLAN Profile Configuration.

Specifying Advanced VLAN Settings for Data Center Switching ELS

To configure the advanced settings for a Data Center Switching ELS VLAN profile, specify the parameters described in Table 7 for an Ethernet VLAN profile. All settings are optional.

Table 7: VLAN Profile Advanced Settings for Data Center Switching ELS Ethernet VLAN

Field

Action

Data Center Switching ELS MAC Parameters

Interface MAC Limit

Indicate the number of dynamic MAC addresses that can be learned on the VLAN. If this number is exceeded, packets containing new MAC addresses are dropped and an alarm is raised.

Setting a limit on the number of dynamic MAC addresses protects against an Ethernet switching table overflow attack.

Packet Action

Indicate the packet action for MAC addresses that exceed the Interface MAC Limit. The options are: None, Log, Drop, Shut Down, and Drop and Log.

MAC Table Size

If you indicated an Interface MAC limit, provide a table size here by using the up and down arrows. The MAC table must allow for at least 16 entries—you can increase this limit by using the arrow.

L2 Filters

Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter Profile window and then click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Routing

If you selected a single VLAN ID under Basic Settings, you can specify Layer 3 filter routing parameters for the VLAN profile.

Note: If an IP address is configured for a VLAN on some devices, then the configured IP address will be retained and a DHCP client will not be enabled on those devices. Also, if you indicated a VLAN range for basic ELS switching configuration, this option is not available.

Routing L3 Filters

Ingress Filter

IPv6 Ingress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to ingress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

Egress Filter

IPv6 Egress Filter

Click Select to choose from existing Filter profiles. Select a profile from the Choose Filter profile window and then click OK. The filter configuration contained in the profile is applied to egress traffic on the VLAN.

To remove a selected Filter profile, click Clear.

VLAN Security Settings

Optionally, enable VLAN Security Settings to display the security options DHCP, ARP inspection, and MAC movement limit for VLAN profiles for ELS switching.

Enable DHCP Snooping

When checked (default), this option applies a series of security techniques to the DHCP infrastructure.

Enable ARP Inspection

The Address Resolution Protocol (ARP), which provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address, has security issues. Select this option to apply inspection to untrusted interfaces.

MAC Movement Limit

Indicate the number of times a MAC address entry can be moved in the MAC address table without consequences.

MAC Movement Action

When a MAC Movement Limit is specified, select an action to be applied to MAC addresses that exceed the MAC Movement Limit. The options are: None, Log, Drop, Shut Down, and Drop and Log.

FIP Snooping Settings

Enable VN2VN Snooping

Select to enable VN_Port to VN_Port (VN2VN) FIP snooping on the VLAN.

Beacon Period (ms)

Set the interval between periodic beacons, in milliseconds. Beacons perform virtual link maintenance for VN_Ports in a way that is similar to FIP keepalive advertisements.

Range: 250 through 90000 milliseconds. Default: 8000 milliseconds.

FC Map

Set the FCoE mapped address prefix (FC-MAP) value for the FCoE VLAN to match the FC switch (or FCoE forwarder) FC-MAP value for the FC fabric. The FC-MAP value is a unique MAC address prefix an FC switch uses to identify FCoE traffic for a given FC fabric (traffic on a particular FCoE VLAN).

Range: 0x0EFC00 through 0x0EFCFF. Default: 0xEFC00.

Click Next or click Review to see the Review page of the wizard. For review directions, see Reviewing and Saving the VLAN Profile Configuration.

Reviewing and Saving the VLAN Profile Configuration

From this page, you can either save the VLAN profile or make changes to the VLAN profile:

  • To make changes to the profile, click the Edit associated with the configuration you want to change.

    Alternatively, you can click Basic Settings or Advanced Settings from the wizard workflow at the top of the page and make changes there.

    When you are finished with your modifications, click Review to return to this page.

  • To save a new profile or to save modified settings to an existing profile, click Finish.

    The Manage VLAN Profiles page is displayed and your new or modified VLAN profile is listed in the table of VLAN profiles.

What to Do Next

Once the VLAN profile is created, you must assign the VLAN profile from the Assign VLAN Profile page to the required ports or switches, . To assign a VLAN profile, see Assigning a VLAN Profile to Devices or Ports. After you assign a VLAN profile to a port or switch, you must deploy the profile configuration from the Deploy mode. For directions on deploying your configurations, see Deploying Configuration to Devices.

FCoE VLANs are assigned to Fabric profiles, where they define the FCoE VLAN for a gateway FC fabric.