Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring Automatic VLAN Administration Using MVRP on MX Series Routers

 

Multiple VLAN Registration Protocol (MVRP) is used in Layer 2 networks to dynamically share virtual LAN (VLAN) information and to automatically configure necessary VLAN information. Automatically configuring VLANs on ports based on the current network configuration ensures that a router does not send traffic to an interface on the network with an inactive VLAN. In this way, MVRP reduces network overhead by limiting the scope of broadcast, unknown unicast, and multicast (BUM) traffic to interested devices only. MVRP also provides for rapid healing of network failures without interrupting services to unaffected VLANs and improves convergence times.

MVRP is a Layer 2 network protocol based on the IEEE standard 802.1ak amendment to 802.1Q-2005, Standard for Local and Metropolitan Area Networks Virtual Bridged Local Area Networks - Amendment 07: Multiple Registration Protocol.

This example describes how to use MVRP to automate administration of VLAN membership changes within your network and to dynamically create VLANs:

Requirements

This example uses the following hardware and software components:

  • Two MX Series routers acting as edge switches

  • One MX Series router acting as an aggregation switch

  • Junos OS Release 10.1 or later for MX Series routers

Overview and Topology

VLANs are statically configured on access interfaces on MX Series routers acting as edge switches. The VLAN membership information is propagated to the MX Series router acting as an aggregation switch at the core by enabling MVRP on two trunk interfaces:one connecting edge switch 1 (ES1) to aggregation switch 1 (AS1), and the other connecting ES2 to AS1. Enabling MVRP on the trunk interface of each MX Series router in your network ensures that the active VLAN information for the routers in the network is propagated to each router through the trunk interfaces (the default registration mode for MVRP).

MVRP ensures that the VLAN membership information on the trunk interface is updated as the edge switch’s access interfaces become active or inactive.

You do not need to explicitly bind a VLAN to the trunk interface. When MVRP is enabled, the trunk interface advertises all the VLANs that are active (bound to access interfaces) on that switch. An MVRP-enabled trunk interface does not advertise VLANs that have been configured on the switch but are not currently bound to an access interface. For example, ES1 in the topology does not forward traffic to inactive VLAN 300 on ES2.

Rapid Spanning Tree Protocol (RSTP) is also configured on the trunk interfaces to promote a loop-free topology.

This example shows a network with two customer sites, site–1 and site–2, using VLANs 100, 200, and 300.

ES1 supports all three VLANS, and all three VLANS are active and bound to interfaces that are connected to three customers at site–1:

  • ge-11/2/6—Access port connecting customer3–site1, VLAN ID 100.

  • ge-11/2/7—Access port connecting customer2–site1, VLAN ID 200.

  • ge-11/2/8—Access port connecting customer1–site1, VLAN ID 300.

  • ge-11/3/0—Trunk port connecting ES1 to AS1.

ES2 has been configured to support two VLANS, and both VLANS are active and bound to interfaces that are connected to two customers at site–2:

  • ge-0/1/1—Access port connecting customer1–site2, VLAN ID 100.

  • ge-0/2/0—Access port connecting customer2–site2, VLAN ID 200.

  • ge-0/0/5—Trunk port connecting ES2 to AS1.

AS1 learns the VLANs dynamically using MVRP through the connection to the edge switches. AS1 has two trunk interfaces:

  • ge-3/3/0—Connects the router to edge switch ES1 on interface ge-11/3/0.

  • ge-3/0/5—Connects the router to edge switch ES2 on interface ge-0/0/5.

The default MVRP interface registration mode is normal and is used in this example. An interface in normal registration mode participates in MVRP when MVRP is enabled on the router. For information about changing the MVRP registration mode, see Controlling the Management State of a VLAN in MVRP Configurations .

Figure 1 shows MVRP configured on three MX Series routers: two routers operating as edge switches and one router operating as an aggregation switch.

Figure 1: MVRP Configured on Three MX Series Routers for Automatic VLAN Administration
MVRP Configured on Three MX Series Routers for Automatic
VLAN Administration

Table 1 explains the components of the example topology.

Table 1: Components of the Network Topology

PropertySettings

MX Series routers

  • ES1

  • ES2

  • AS1

VLAN tag IDs associated with bridge domain bd

100, 200, and 300

ES1 interfaces

ES1 interfaces:

  • ge-11/2/6—Access port connecting customer3–site1, VLAN ID 100.

  • ge-11/2/7—Access port connecting customer2–site1, VLAN ID 200.

  • ge-11/2/8—Access port connecting customer1–site1, VLAN ID 300.

  • ge-11/3/0—Trunk port connecting ES1 to AS1.

ES2 interfaces

ES2 interfaces:

  • ge-0/1/1—Access port connecting customer3–site2, VLAN ID 100.

  • ge-0/2/0—Access port connecting customer3–site2, VLAN ID 200.

  • ge-0/0/5—Trunk port connecting ES2 to AS1.

AS1 interfaces

AS1 interfaces:

  • ge-3/3/0—Trunk port connected to ES1.

  • ge-3/0/5—Trunk port connected to ES2.

Configuration

To enable MVRP and RSTP on the trunk interface, as well as configure ES1 access interfaces and the bridge domain, perform these tasks:

Configuring MVRP on ES1

CLI Quick Configuration

To quickly configure ES1 for MVRP, copy the following commands and paste them into the switch terminal window of ES1:

[edit]



set interfaces ge-11/2/6 description "connected to customer3-site-1"


set interfaces ge-11/2/6 unit 0 family bridge interface-mode access


set interfaces ge-11/2/6 unit 0 family bridge vlan-id 300


set interfaces ge-11/2/7 description "connected to customer2-site-1"


set interfaces ge-11/2/7 unit 0 family bridge interface-mode access


set interfaces ge-11/2/7 unit 0 family bridge vlan-id 200


set interfaces ge-11/2/8 description "connected to customer1-site-1"


set interfaces ge-11/2/8 unit 0 family bridge interface-mode access


set interfaces ge-11/2/8 unit 0 family bridge vlan-id 100


set interfaces ge-11/3/0 description "connected to AS1 interface ge-3/3/0"


set interfaces ge-11/3/0 unit 0 family bridge interface-mode trunk


set bridge-domains bd vlan-id-list [100 200 300]


set protocols mvrp interface ge-11/3/0


set protocols rstp interface ge-11/3/0


Note

As we recommend as a best practice, default MVRP timers are used in this example. The default values associated with each MVRP timer are 200 ms for the join timer, 1000 ms for the leave timer, and 10000 ms for the leaveall timer. Modifying timers to inappropriate values might cause an imbalance in the operation of MVRP.

Step-by-Step Procedure

To configure MVRP on ES1:

  1. Configure the access interfaces for customers at customer-site 1 and the trunk interface connecting ES1 to AS1:
    [edit interfaces]

    user@es1# set ge-11/2/6 description "connected to customer3-site-1"

    user@es1# set ge-11/2/6 unit 0 family bridge interface-mode access

    user@es1# set ge-11/2/6 unit 0 family bridge vlan-id 300

    user@es1# set ge-11/2/7 description "connected to customer2-site-1"

    user@es1# set ge-11/2/7 unit 0 family bridge interface-mode access

    user@es1# set ge-11/2/7 unit 0 family bridge vlan-id 200

    user@es1# set ge-11/2/8 description "connected to customer1-site-1"

    user@es1# set ge-11/2/8 unit 0 family bridge interface-mode access

    user@es1# set ge-11/2/8 unit 0 family bridge vlan-id 100

    user@es1# set ge-11/3/0 description "connected to AS1 interface ge-3/3/0"

    user@es1# set ge-11/3/0 unit 0 family bridge interface-mode trunk

  2. Configure the bridge domain bd and the VLAN IDs associated with the bridge domain:
    [edit bridge-domains]

    user@es1# set bd vlan-id-list [100 200 300]

  3. Enable MVRP on the trunk interface:
    [edit protocols]

    user@es1# set mvrpinterface ge-11/3/0
  4. Enable RSTP on the trunk interface:
    [edit protocols]

    user@es1# set rstp interface ge-11/3/0

Results

Check the results of the configuration:

Configuring MVRP on ES2

CLI Quick Configuration

To quickly configure ES2 for MVRP, copy the following commands and paste them into the switch terminal window of ES2:

[edit]

set interfaces ge-0/0/5 description "connected to AS1 interface ge-3/0/5"


set interfaces ge-0/0/5 unit 0 family bridge interface-mode trunk


set interfaces ge-0/1/1 description "connected to customer1-site-2"


set interfaces ge-0/1/1 unit 0 family bridge interface-mode access


set interfaces ge-0/1/1 unit 0 family bridge vlan-id 100


set interfaces ge-0/2/0 description "connected to customer2-site-2"


set interfaces ge-0/2/0 unit 0 family bridge interface-mode access


set interfaces ge-0/2/0 unit 0 family bridge vlan-id 200


set bridge-domains bd vlan-id-list [100 200]


set protocols mvrp interface ge-0/0/5


set protocols rstp interface ge-0/0/5


Note

As we recommend as a best practice, default MVRP timers are used in this example. The default values associated with each MVRP timer are 200 ms for the join timer, 1000 ms for the leave timer, and 10000 ms for the leaveall timer. Modifying timers to inappropriate values might cause an imbalance in the operation of MVRP.

Step-by-Step Procedure

To enable MVRP and RSTP on the trunk interface, as well as configure ES2 access interfaces and the bridge domain:

  1. Configure the access interfaces for customers at customer site site-2 and the trunk interface connecting ES2 to AS1:
    [edit interfaces]

    user@es2# set ge-0/0/5 description "connected to AS1 interface ge-3/0/5"

    user@es2# set ge-0/0/5 unit 0 family bridge interface-mode trunk

    user@es2# set ge-0/1/1 description "connected to customer1-site-2"

    user@es2# set ge-0/1/1 unit 0 family bridge interface-mode access

    user@es2# set ge-0/1/1 unit 0 family bridge vlan-id 100

    user@es2# set ge-0/2/0 description "connected to customer2-site-2"

    user@es2# set ge-0/2/0 unit 0 family bridge interface-mode access

    user@es2# set ge-0/2/0 unit 0 family bridge vlan-id 200

  2. Configure the bridge domain bd and the VLAN IDs associated with the bridge domain:
    [edit bridge-domains]

    user@es2# set bd vlan-id-list [100 200]
  3. Enable MVRP on the trunk interface:
    [edit protocols]

    user@es2# set mvrpinterface ge-0/0/5
  4. Enable RSTP on the trunk interface:
    [edit protocols]

    user@es2# set rstp interface ge-0/0/5

Results

Check the results of the configuration:

Configuring MVRP on AS1

CLI Quick Configuration

To quickly configure AS1 for MVRP, copy the following commands and paste them into the switch terminal window of AS1:

[edit]

set interfaces ge-3/0/5 description "connected to ES2 interface ge-0/0/5”


set interfaces ge-3/0/5 unit 0 family bridge interface-mode trunk


set interfaces ge-3/3/0 description "connected to ES1 interface ge-11/3/0"


set interfaces ge-3/3/0 unit 0 family bridge interface-mode trunk


set protocols mvrp interface ge-3/0/5


set protocols mvrp interface ge-3/3/0


set protocols rstp bridge-priority 0


set protocols rstp interface ge-3/0/5


set protocols rstp interface ge-3/3/0


Note

As we recommend as a best practice, default MVRP timers are used in this example. The default values associated with each MVRP timer are 200 ms for the join timer, 1000 ms for the leave timer, and 10000 ms for the leaveall timer. Modifying timers to inappropriate values might cause an imbalance in the operation of MVRP.

Step-by-Step Procedure

To enable MVRP and RSTP on the trunk interfaces on AS1:

  1. Configure the trunk interfaces connecting AS1 to ES1 and ES2:
    [edit interfaces]

    user@as1# set ge-3/0/5 description "connected to ES2 interface ge-0/0/5”

    user@as1# set ge-3/0/5 unit 0 family bridge interface-mode trunk

    user@as1# set ge-ge-3/3/0 description "connected to ES1 interface ge-11/3/0"

    user@as1# set ge-3/3/0 unit 0 family bridge interface-mode trunk

  2. Enable MVRP on the trunk interfaces:
    [edit protocols]

    user@as1# set mvrp interface ge-3/0/5

    user@as1# set mvrp interface ge-3/3/0
  3. Enable RSTP on the trunk interfaces:
    [edit protocols]

    user@as1# set rstp bridge-priority 0

    user@as1# set rstp interface ge-3/0/5

    user@as1# set rstp interface ge-3/3/0

Results

Check the results of the configuration:

Verification

To confirm that the configuration is updating VLAN membership, perform these tasks:

Verifying That MVRP Is Enabled on ES1

Purpose

Verify that MVRP is enabled on ES1.

Action

Show the MVRP applicant state:

Meaning

The output displayed shows that trunk interface ge-11/3/0 on ES1 is declaring (sending out) interest in VLAN IDs 100, 200, and 300.

Verifying the MVRP Registration on ES1

Purpose

Verify the VLANs that are registering on ES1.

Action

List VLANs in the registered state:

Meaning

The output displayed shows the registrar state for VLANs 100 and 200 is Registered, indicating that these VLANs are receiving traffic from customer site site-2. VLAN 300 is in an Empty state and is not receiving traffic from site-2.

Verifying Dynamic VLAN Members on ES1

Purpose

Verify that flooding is not occurring on unregistered VLANs.

Action

List dynamic VLAN membership:

Meaning

The output displayed shows that VLAN 300 is not associated with the trunk interface ge-11/3/0 connected to AS1. No unnecessary traffic is flooding the interface for VLAN 300 towards ES2 site-2.

Verifying That MVRP Is Enabled on ES2

Purpose

Verify that MVRP is enabled on ES2.

Action

Show the MVRP applicant state:

Meaning

The output displayed shows that trunk interface ge-0/0/5 on ES2 is declaring (sending out) interest in VLAN IDs 100 and 200 but is not declaring interest for VLAN 300. The state displayed for VLAN 300 is Idle.

Verifying the MVRP Registration on ES2

Purpose

Verify the VLANs that are registering on ES2.

Action

List VLANs in the registered state:

Meaning

The output displayed shows that the registrar state for VLANs 100, 200, and 300 is Registered indicating that these VLANs are receiving traffic from customer site site-1.

Verifying Dynamic VLAN Members on ES2

Purpose

Verify dynamic VLAN membership.

Action

List dynamic VLAN membership:

Meaning

The output displayed shows that VLAN 300 is not a static VLAN. A static VLAN is indicated by the s beside the VLAN ID. VLAN 300 added to ES2 shows the VLAN membership is being updated.

Verifying That MVRP Is Enabled on AS1

Purpose

Verify that MVRP is enabled on AS1.

Action

Show the MVRP applicant state:

Meaning

The output displayed shows that trunk interfaces ge-3/3/0 (connected to ES1) and ge-3/0/5 (connected to ES2) are declaring (sending out) interest in the VLAN IDs 100 and 200. Interface ge-3/0/5 is declaring interest for VLAN 300 (toward ES2) but not declaring interest for VLAN 300 on interface ge-3/3/0 (toward ES1).

Verifying the MVRP Registration on AS1

Purpose

Verify the VLANs that are registering on AS1.

Action

List VLANs in the registered state:

Meaning

The output displayed shows that the registrar state for VLANs 100 and 200 is Registered on both sides of AS1 (ES1 and ES2), indicating that traffic is being transmitted and received through these VLANs between customer site site-1 and site-2. The registrar state for VLAN 300 is Registered on interface ge-3/3/0 (connected to ES1), but not on interface ge-3/0/5 (connected to ES2).

Verifying That MVRP Is Updating VLAN Membership on AS1

Purpose

Verify that MVRP is updating VLAN membership on AS1 by displaying the dynamic VLAN membership on AS1.

Action

List the VLANs on AS1 that were created dynamically using MVRP:

Meaning

VLANs are only configured statically on the edge switches. The output displayed shows that all VLANs were learned dynamically. No (s) is added beside the VLAN IDs, indicating that they were created dynamically and not added statically.