Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring Layer 3 Subinterfaces for a Distribution Switch and an Access Switch

    In a large LAN, you commonly need to partition the network into multiple VLANs. You can configure Layer 3 subinterfaces to route traffic between the VLANs. In one common topology, known as a “router on a stick” or a “one-armed router,” you connect a router to an access switch with connections to multiple VLANs.

    This example describes how to create Layer 3 subinterfaces on trunk interfaces of a distribution switch and access switch so that you can route traffic among multiple VLANs:

    Requirements

    This example uses the following hardware and software components:

    • For the distribution switch, one EX4200-24F switch. This model is designed to be used as a distribution switch for aggregation or collapsed core network topologies and in space-constrained data centers. It has twenty-four 1-Gigabit Ethernet fiber SFP ports and an EX-UM-2XFP uplink module with two 10-Gigabit Ethernet XFP ports.

    • For the access switch, any Layer 2 switch that supports 802.1Q VLAN tags.

    • Junos OS Release 9.2 or later for EX Series switches.

    Before you begin, make sure you have:

    Overview and Topology

    In a large office with multiple buildings and VLANs, you commonly aggregate traffic from a number of access switches into a distribution switch. This configuration example shows a simple topology to illustrate how to connect a single Layer 2 access switch connected to multiple VLANs to a distribution switch, enabling traffic to pass between those VLANs.

    In the example topology, the LAN is segmented into five VLANs, all associated with interfaces on the access switch. One 1-Gigabit Ethernet port on the access switch's uplink module connects to one 1-Gigabit Ethernet port on the distribution switch.

    Table 1 lists the settings for the example topology.

    Table 1: Components of the Topology for Creating Layer 3 Subinterfaces on an Access Switch and a Distribution Switch

    PropertySettings

    Access switch hardware

    Any Layer 2 switch with multiple 1-Gigabit Ethernet ports and at least one 1-Gigabit Ethernet uplink module

    Distribution switch hardware

    EX4200-24F, 24 1-Gigabit Ethernet fiber SPF ports (ge-0/0/0 through ge-0/0/23); one 2-port 10-Gigabit Ethernet XFP uplink module (EX-UM-4SFP)

    VLAN names and tag IDs

    vlan1, tag 101

    vlan2, tag 102

    vlan3, tag 103

    vlan4, tag 104

    vlan5, tag 105

    VLAN subnets

    vlan1: 1.1.1.0/24 (addresses 1.1.1.1 through 1.1.1.254)

    vlan2: 2.1.1.0/24 (addresses 2.1.1.1 through 2.1.1.254)

    vlan3: 3.1.1.0/24 (addresses 3.1.1.1 through 3.1.1.254)

    vlan4: 4.1.1.0/24 (addresses 4.1.1.1 through 4.1.1.254)

    vlan5: 5.1.1.0/24 (addresses 5.1.1.1 through 5.1.1.254)

    Port interfaces

    On the access switch: ge-0/1/0

    On the distribution switch: ge-0/0/0

    Configuring the Access Switch Subinterfaces

    CLI Quick Configuration

    To quickly create and configure subinterfaces on the access switch, copy the following commands and paste them into the switch terminal window:

    [edit]

    set interfaces ge-0/1/0 vlan-tagging
    set interfaces ge-0/1/0 unit 0 vlan-id 101 family inet address 1.1.1.1/24
    set interfaces ge-0/1/0 unit 1 vlan-id 102 family inet address 2.1.1.1/24
    set interfaces ge-0/1/0 unit 2 vlan-id 103 family inet address 3.1.1.1/24
    set interfaces ge-0/1/0 unit 3 vlan-id 104 family inet address 4.1.1.1/24
    set interfaces ge-0/1/0 unit 4 vlan-id 105 family inet address 5.1.1.1/24

    Step-by-Step Procedure

    To configure the subinterfaces on the access switch:

    1. On the trunk interface of the access switch, enable VLAN tagging:
      [edit interfaces ge-0/1/0]
      user@access-switch# set vlan-tagging
    2. Bind vlan1's VLAN ID to the logical interface:
      [edit interfaces ge-0/1/0]
      user@access-switch# set unit 0 vlan-id 101
    3. Set vlan1's subinterface IP address:
      [edit interfaces ge-0/1/0]
      user@access-switch# set unit 0 family inet address 1.1.1.1/24
    4. Bind vlan2's VLAN ID to the logical interface:
      [edit interfaces ge-0/1/0]
      user@access-switch# set unit 1 vlan-id 102
    5. Set vlan2's subinterface IP address:
      [edit interfaces ge-0/1/0]
      user@access-switch# set unit 1 family inet address 2.1.1.1/24
    6. Bind vlan3's VLAN ID to the logical interface:
      [edit interfaces ge-0/1/0]
      user@access-switch# set unit 2 vlan–id 103
    7. Set vlan3's subinterface IP address:
      [edit interfaces ge-0/1/0]
      user@access-switch# set unit 2 family inet address 3.1.1.1/24
    8. Bind vlan4's VLAN ID to the logical interface:
      [edit interfaces ge-0/1/0]
      user@access-switch# set unit 3 vlan-id 104
    9. Set vlan4's subinterface IP address:
      [edit interfaces ge-0/1/0]
      user@access-switch# set unit 3 family inet address 4.1.1.1/24
    10. Bind vlan5's VLAN ID to the logical interface:
      [edit interfaces ge-0/1/0]
      user@access-switch# set unit 4 vlan-id 105
    11. Set vlan5's subinterface IP address:
      [edit interfaces ge-0/1/0]
      user@access-switch# set unit 4 family inet address 5.1.1.1/24

    Results

    Check the results of the configuration:

    user@access-switch> show configuration
    interfaces {
    ge-0/1/0 {
    vlan-tagging;
    unit 0 {
    vlan-id 101;
    family inet {
    address 1.1.1.1/24;
    }
    }
    unit 1 {
    vlan-id 102;
    family inet {
    address 2.1.1.1/24;
    }
    }
    unit 2 {
    vlan-id 103;
    family inet {
    address 3.1.1.1/24;
    }
    }
    unit 3 {
    vlan-id 104;
    family inet {
    address 4.1.1.1/24;
    }
    }
    unit 4 {
    vlan-id 105;
    family inet {
    address 5.1.1.1/24;
    }
    }
    }

    Configuring the Distribution Switch Subinterfaces

    CLI Quick Configuration

    To quickly create and configure subinterfaces on the distribution switch, copy the following commands and paste them into the switch terminal window:

    [edit]

    set interfaces ge-0/0/0 vlan-tagging
    set interfaces ge-0/0/0 unit 0 vlan-id 101 family inet address 1.1.1.2/24
    set interfaces ge-0/0/0 unit 1 vlan-id 102 family inet address 2.1.1.2/24
    set interfaces ge-0/0/0 unit 2 vlan-id 103 family inet address 3.1.1.2/24
    set interfaces ge-0/0/0 unit 3 vlan-id 104 family inet address 4.1.1.2/24
    set interfaces ge-0/0/0 unit 4 vlan-id 105 family inet address 5.1.1.2/24

    Step-by-Step Procedure

    To configure subinterfaces on the distribution switch:

    1. On the trunk interface of the distribution switch, enable VLAN tagging:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set vlan-tagging
    2. Bind vlan1's VLAN ID to the logical interface:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set unit 0 vlan-id 101
    3. Set vlan1's subinterface IP address:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set unit 0 family inet address 1.1.1.2/24
    4. Bind vlan2's VLAN ID to the logical interface:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set unit 1 vlan-id 102
    5. Set vlan2's subinterface IP address:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set unit 1 family inet address 2.1.1.2/24
    6. Bind vlan3's VLAN ID to the logical interface:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set unit 2 vlan-id 103
    7. Set vlan3's subinterface IP address:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set unit 2 family inet address 3.1.1.2/24
    8. Bind vlan4's VLAN ID to the logical interface:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set unit 3 vlan-id 104
    9. Set vlan4's subinterface IP address:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set unit 3 family inet address 4.1.1.2/24
    10. Bind vlan5's VLAN ID to the logical interface:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set unit 4 vlan-id 105
    11. Set vlan5's subinterface IP address:
      [edit interfaces ge-0/0/0]
      user@distribution-switch# set unit 4 family inet address 5.1.1.2/24

    Results

    user@distribution-switch> show configuration
    interfaces {
    ge-0/0/0 {
    vlan-tagging;
    unit 0 {
    vlan-id 101;
    family inet {
    address 1.1.1.2/24;
    }
    }
    unit 1 {
    vlan-id 102;
    family inet {
    address 2.1.1.2/24;
    }
    }
    unit 2 {
    vlan-id 103;
    family inet {
    address 3.1.1.2/24;
    }
    }
    unit 3 {
    vlan-id 104;
    family inet {
    address 4.1.1.2/24;
    }
    }
    unit 4 {
    vlan-id 105;
    family inet {
    address 5.1.1.2/24;
    }
    }
    }

    Verification

    To confirm that the configuration is working properly, perform these tasks:

    Verifying That Subinterfaces Were Created

    Purpose

    Verify that the subinterfaces were properly created on the access switch and distribution switch.

    Action

    1. Use the show interfaces command on the access switch:
      user@access-switch> show interfaces ge-0/1/0 terse
      Interface              Admin Link Proto    Local                 Remote
      ge-0/1/0               up    up
      ge-0/1/0.0             up    up   inet     1.1.1.1/24
      ge-0/1/0.1             up    up   inet     2.1.1.1/24
      ge-0/1/0.2             up    up   inet     3.1.1.1/24
      ge-0/1/0.3             up    up   inet     4.1.1.1/24
      ge-0/1/0.4             up    up   inet     5.1.1.1/24
      ge-0/1/0.32767         up    up
      
    2. Use the show interfaces command on the distribution switch:
      user@distribution-switch> show interfaces ge-0/0/0 terse
      Interface              Admin Link Proto    Local                 Remote
      ge-0/0/0               up    up
      ge-0/0/0.0             up    up   inet     1.1.1.2/24
      ge-0/0/0.1             up    up   inet     2.1.1.2/24
      ge-0/0/0.2             up    up   inet     3.1.1.2/24
      ge-0/0/0.3             up    up   inet     4.1.1.2/24
      ge-0/0/0.4             up    up   inet     5.1.1.2/24
      ge-0/0/0.32767         up    up
      

    Meaning

    Each subinterface created is displayed as a ge-fpc/pic/port.x logical interface, where x is the unit number in the configuration. The status is listed as up, indicating the link is working.

    Verifying That Traffic Passes Between VLANs

    Purpose

    Verify that the distribution switch is correctly routing traffic from one VLAN to another.

    Action

    Ping from the access switch to the distribution switch on each subinterface.

    1. From the access switch, ping the address of the vlan1 subinterface on the distribution switch:
      user@access-switch> ping 1.1.1.2 count 4
      PING 1.1.1.2 (1.1.1.2): 56 data bytes
      64 bytes from 1.1.1.2: icmp_seq=0 ttl=64 time=0.333 ms
      64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.113 ms
      64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.112 ms
      64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.158 ms
      
      --- 1.1.1.2 ping statistics ---
      4 packets transmitted, 4 packets received, 0% packet loss
      round-trip min/avg/max/stddev = 0.112/0.179/0.333/0.091 ms
    2. From the access switch, ping the address of the vlan2 subinterface on the distribution switch:
      user@access-switch> ping 2.1.1.2 count 4
      PING 2.1.1.2 (2.1.1.2): 56 data bytes
      64 bytes from 2.1.1.2: icmp_seq=0 ttl=64 time=0.241 ms
      64 bytes from 2.1.1.2: icmp_seq=1 ttl=64 time=0.113 ms
      64 bytes from 2.1.1.2: icmp_seq=2 ttl=64 time=0.162 ms
      64 bytes from 2.1.1.2: icmp_seq=3 ttl=64 time=0.167 ms
      
      --- 2.1.1.2 ping statistics ---
      4 packets transmitted, 4 packets received, 0% packet loss
      round-trip min/avg/max/stddev = 0.113/0.171/0.241/0.046 ms
    3. From the access switch, ping the address of the vlan3 subinterface on the distribution switch:
      user@access-switch> ping 3.1.1.2 count 4
      PING 3.1.1.2 (3.1.1.2): 56 data bytes
      64 bytes from 3.1.1.2: icmp_seq=0 ttl=64 time=0.341 ms
      64 bytes from 3.1.1.2: icmp_seq=1 ttl=64 time=0.162 ms
      64 bytes from 3.1.1.2: icmp_seq=2 ttl=64 time=0.112 ms
      64 bytes from 3.1.1.2: icmp_seq=3 ttl=64 time=0.208 ms
      
      --- 3.1.1.2 ping statistics ---
      4 packets transmitted, 4 packets received, 0% packet loss
      round-trip min/avg/max/stddev = 0.112/0.206/0.341/0.085 ms
      
    4. From the access switch, ping the address of the vlan4 subinterface on the distribution switch:
      user@access-switch> ping 4.1.1.2 count 4
      PING 4.1.1.2 (4.1.1.2): 56 data bytes
      64 bytes from 4.1.1.2: icmp_seq=0 ttl=64 time=0.226 ms
      64 bytes from 4.1.1.2: icmp_seq=1 ttl=64 time=0.166 ms
      64 bytes from 4.1.1.2: icmp_seq=2 ttl=64 time=0.107 ms
      64 bytes from 4.1.1.2: icmp_seq=3 ttl=64 time=0.221 ms
      
      --- 4.1.1.2 ping statistics ---
      4 packets transmitted, 4 packets received, 0% packet loss
      round-trip min/avg/max/stddev = 0.107/0.180/0.226/0.048 ms
    5. From the access switch, ping the address of the vlan5 subinterface on the distribution switch:
      user@access-switch> ping 5.1.1.2 count 4
      PING 5.1.1.2 (5.1.1.2): 56 data bytes
      64 bytes from 5.1.1.2: icmp_seq=0 ttl=64 time=0.224 ms
      64 bytes from 5.1.1.2: icmp_seq=1 ttl=64 time=0.104 ms
      64 bytes from 5.1.1.2: icmp_seq=2 ttl=64 time=0.102 ms
      64 bytes from 5.1.1.2: icmp_seq=3 ttl=64 time=0.170 ms
      
      --- 5.1.1.2 ping statistics ---
      4 packets transmitted, 4 packets received, 0% packet loss
      round-trip min/avg/max/stddev = 0.102/0.150/0.224/0.051 ms

    Meaning

    If all the ping packets are transmitted and are received by the destination address, the subinterfaces are up and working.

    Modified: 2018-02-21