Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring VLANs for EX Series Switches with ELS Support (CLI Procedure)

 
Note

This task uses Junos OS for EX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that does not support ELS, see Configuring VLANs for EX Series Switches (CLI Procedure). For ELS details, see Using the Enhanced Layer 2 Software CLI.

EX Series switches use VLANs to make logical groupings of network nodes with their own broadcast domains. VLANs limit the traffic flowing across the entire LAN and reduce collisions and packet retransmissions.

Why Create a VLAN?

For switching to begin, you must explicitly configure at least one VLAN, even if your network is simple and you want only one broadcast domain to exist.

Some reasons to create more than one VLAN are:

  • A LAN has more than 200 devices.

  • A LAN has a large amount of broadcast traffic.

  • A group of clients requires that a higher-than-average level of security be applied to traffic entering or exiting the group's devices.

  • A group of clients requires that the group's devices receive less broadcast traffic than they are currently receiving, so that data speed across the group is increased.

Creating a VLAN Using the Minimum Procedure

These steps are required to create a VLAN:

  • Uniquely identify the VLAN. You do this by assigning a name and an ID to the VLAN.

  • Assign at least one switch port interface to the VLAN for communication. After assigning one or more interfaces to the VLAN, the interfaces function in access mode. All interfaces in a single VLAN are in a single broadcast domain, even if the interfaces are on different switches. You can assign traffic on any switch to a particular VLAN by referencing either the interface sending traffic or the MAC addresses of devices sending traffic.

The following example creates a VLAN using only a few required steps. The VLAN is created with the name employee-vlan and the VLAN ID of 100. Then, three interfaces are assigned to that VLAN, and these interfaces, which function in access mode, transmit traffic among themselves.

In the example, all users connected to the interfaces ge-0/0/1, ge-0/0/2, and ge-0/0/3 can communicate with each other, but not with users on other interfaces in this network. To configure communication between VLANs, you must configure an integrated routing and bridging (IRB) interface. See Configuring Integrated Routing and Bridging Interfaces on Switches (CLI Procedure).

Creating a VLAN Using All of the Options

To configure a VLAN, follow these steps:

  1. Create the VLAN by setting the unique VLAN name:
    [edit vlans]
    user@switch# set vlan-name
  2. Configure the VLAN ID or a VLAN ID list for the VLAN. Using the VLAN ID list option, you can optionally specify a range of VLAN IDs.
    [edit vlans]
    user@switch# set vlan-name vlan-id vlan-id-number

    or

    [edit vlans]
    user@switch# set vlan-name vlan-id-list [vlan-ids | vlan-id--vlan-id-]
  3. Assign at least one interface to the VLAN:
    [edit interfaces]
    user@switch# set interface-name unit logical-unit-number family ethernet-switching vlan members [all | vlan-names | vlan-ids]
    Note

    You can also specify that a trunk interface is a member of all VLANs that are configured on this switch. When a new VLAN is configured on the switch, this trunk interface automatically becomes a member of the VLAN.

  4. (Optional) Create a subnet for the VLAN because all computers that belong to a subnet are addressed with a common, identical, most-significant-bit group in their IP address. This makes it easy to identify VLAN members by their IP addresses. To create the subnet for the VLAN:
    [edit interfaces]
    user@switch# set vlan unit logical-unit-number family inet address ip-address/destination-prefix
  5. (Optional) Specify the description of the VLAN:
    [edit vlans]
    user@switch# set vlan-name description text-description
  6. (Optional) For security purposes, specify a VLAN firewall filter to be applied to incoming or outgoing packets:
    [edit vlans]
    user@switch# set vlan-name filter (input | output) filter-name

Configuration Guidelines for VLANs

To create a VLAN, you must uniquely identify the VLAN and assign at least one switch port interface to the VLAN for communication. After you assign one or more interfaces to the VLAN, the interfaces function in access mode.

After creating a VLAN, all users connected to interfaces that are assigned to the VLAN can communicate with each other but not with users on other interfaces in the network. To configure communication between VLANs, you must configure an IRB interface. For information about creating an IRB interface, see Configuring Integrated Routing and Bridging Interfaces on Switches (CLI Procedure)..

The number of VLANs supported per switch varies. Use the command set vlans vlan-name vlan-id ? to determine the maximum number of VLANs allowed on a switch. You cannot exceed this VLAN limit because each VLAN is assigned an ID number when it is created.