Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring a Layer 2 Virtual Switch

 

A Layer 2 virtual switch, which isolates a LAN segment with its spanning-tree protocol instance and separates its VLAN ID space, filters and forwards traffic only at the data link layer. Layer 3 routing is not performed. Each bridge domain consists of a set of logical ports that participate in Layer 2 learning and forwarding. A virtual switch represents a Layer 2 network.

Two main types of interfaces are used in virtual switch hierarchies:

  • Layer 2 logical interface—This type of interface uses the VLAN-ID as a virtual circuit identifier and the scope of the VLAN-ID is local to the interface port. This type of interface is often used in service-provider-centric applications.

  • Access or trunk interface—This type of interface uses a VLAN-ID with global significance. The access or trunk interface is implicitly associated with bridge domains based on VLAN membership. Access or trunk interfaces are typically used in enterprise-centric applications.

    Note

    The difference between access interfaces and trunk interfaces is that access interfaces can be part of one VLAN only and the interface is normally attached to an end-user device (packets are implicitly associated with the configured VLAN). In contrast, trunk interfaces multiplex traffic from multiple VLANs and usually interconnect switches.

To configure a Layer 2 virtual switch, include the following statements:

To enable a virtual switch, you must specify virtual-switch as the instance-type.

For each bridge domain that you configure for the virtual switch, specify a bridge-domain-name. You must also specify the value bridge for the domain-type statement.

For the vlan-id statement, you can specify either a valid VLAN identifier or the none or all options.

The all option is not supported with IRB.

Note

You do not have to specify a VLAN identifier for a bridge domain. However, you cannot specify the same VLAN identifier for more than one bridge domain within a virtual switch. Each bridge domain within a virtual switch must have a unique VLAN identifier.

Note

For a single bridge domain, you can include either the vlan-id statement or the vlan-tags statement, but not both. The vlan-id statement, vlan-id-list statement, and vlan-tags statement are mutually exclusive.

The vlan-id-list statement allows you to automatically create multiple bridge-domains for each vlan-id in the list.

To specify one or more logical interfaces to include in the bridge domain, specify an interface-name for an Ethernet interface you configured at the [edit interfaces] hierarchy level. For more information, see the Junos OS Network Interfaces Library for Routing Devices.