vlans
Sintaxis (serie QFX, QFabric, serie NFX y EX4600)
vlans {
vlan-name {
description text-description;
dot1q-tunneling {
customer-vlans (id | range);
}
filter input filter-name;
filter output filter-name;
interface interface-name {
isolated;
mapping (policy | tag push | native push);
promiscuous;
}
isolation-vlan-id;
l3-interface vlan.logical-interface-number;
mac-limit number;
no-local-switching;
no-mac-learning;
primary-vlan vlan-name;
pvlan extend-secondary-vlan-id vlan-id;
vlan-id number;
vlan-range vlan-id-low-vlan-id-high;
}
}
Sintaxis (serie QFX, serie NFX y EX4600)
vlans {
vlan-name {
description text-description;
domain-type bridge;
forwarding-options {
dhcp-security {
arp-inspection;
group group-name {
interface interface-name {
static-ip ip-address {
mac mac-address;
}
}
overrides {
no-option82;
trusted;
untrusted;
}
}
ip-source-guard;
no-dhcp-snooping;
option-82 {
circuit-id {
prefix {
host-name;
logical-system-name;
routing-instance-name;
}
use-interface-description (device | logical);
use-vlan-id;
}
remote-id {
host-name hostname;
use-interface-description (device | logical);
use-string string;
}
vendor-id {
use-string string;
}
}
}
fip-security {
examine-vn2vf;
examine-vn2vn {
beacon-period milliseconds;
}
fc-map fc-map-value;
interface interface-name {
(fcoe-trusted | no-fcoe-trusted;)
}
}
}
l3-interface irb.logical-unit-number;
multicast-snooping-options {
flood-groups [group-names];
forwarding-cache {
threshold {
reuse threshold;
suppress threshold;
}
}
graceful-restart {
disable;
restart-duration duration;
}
host-outbound-traffic {
dot1p bits;
forwarding-class forwarding-class;
}
multichassis-lag-replicate-state;
nexthop-hold-time time;
options {
syslog {
level level;
mark interval;
upto level;
}
}
traceoptions {
file filename {
files number;
no-world-readable;
size file-size;
world-readable;
}
flag flag {
disable;
}
}
}
switch-options {
interface interface-name {
interface-mac-limit limit {
packet-action action;
}
static-mac mac-address;
}
interface-mac-limit limit {
packet-action action;
}
mac-move-limit limit {
packet-action action;
}
mac-table-size limit {
packet-action drop;
}
no-mac-learning;
}
}
vlan-id number;
vlan-id-list [vlan-id | vlan-id–vlan-id];
vlan-tags
inner value;
outer value;
}
vxlan {
ingress-node-replication
ovsdb-managed
}
}
}
}
Sintaxis (serie SRX y EX)
vlans {
vlan-name {
description text-description;
dot1q-tunneling {
customer-vlans (id | range)
layer2-protocol-tunneling all | protocol-name {
drop-threshold number;
shutdown-threshold number;
}
}
filter input filter-name;
filter output filter-name;
interface interface-name {
egress;
ingress;
mapping (native (push | swap) | policy | tag (push | swap));
pvlan-trunk;
}
isolation-id id-number;
l3-interface l3-interface-name.logical-interface-number;
l3-interface-ingress-counting layer-3-interface-name;
mac-limit limit action action;
mac-table-aging-time seconds;
no-local-switching;
no-mac-learning;
primary-vlan vlan-name;
vlan-id number;
vlan-prune;
vlan-range vlan-id-low-vlan-id-high;
}
}
Sintaxis (serie SRX)
vlans {
vlan name {
(vlan-id (1..3967) | vlan-id-list [ vlan-id-numbers]);
description;
forwarding-options {
dhcp-security {
arp-inspection;
dhcpv6-options {
option-16 {
use-string use-string;
}
option-18 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
option-37 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
}
group group-name {
interface interface-name {
static-ip {
ip-address {
mac-address;
}
}
static-ipv6 {
ip-address {
mac-address;
}
}
}
overrides {
no-dhcpv6-options;
no-option16;
no-option18;
no-option37;
no-option82;
trusted;
untrusted;
}
}
ip-source-guard;
ipv6-source-guard;
neighbor-discovery-inspection;
no-dhcp-snooping;
no-dhcpv6-snooping;
option-82 {
circuit-id {
prefix {
host-name;
logical-system-name;
routing-instance-name;
}
use-interface-description (device | logical);
use-vlan-id;
}
remote-id {
host-name;
mac;
use-interface-description (device | logical);
use-string use-string;
}
vendor-id {
use-string use-string;
}
}
}
filter {
input filter-name;
}
flood {
input filter-name;
}
}
interface interface-name;
l3-interface l3-interface-name;
mcae-mac-flush;
mcae-mac-synchronize;
service-id service-id;
switch-options {
interface name {
action-priority action-priority;
encapsulation-type (ethernet | ethernet-vlan);
ignore-encapsulation-mismatch;
interface-mac-limit {
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
no-mac-learning;
pseudowire-status-tlv;
static-mac mac-address {
vlan-id value;
}
}
interface-mac-limit {
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
mac-table-aging-time seconds;
mac-table-size {
limit;
packet-action {
drop;
}
}
no-mac-learning;
static-rvtep-mac {
mac mac_addr {
remote-vtep;
}
}
}
}
}
Sintaxis (vSRX)
vlans {
vlan name {
(vlan-id (all | none | number) | vlan-id-list [ vlan-id-numbers] | vlan-tags <inner number> outer number);
description;
forwarding-options {
dhcp-security {
arp-inspection;
dhcpv6-options {
option-16 {
use-string use-string;
}
option-18 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
option-37 {
prefix {
host-name;
logical-system-name;
routing-instance-name;
vlan-id;
vlan-name;
}
use-interface-description (device | logical);
use-interface-index (device | logical);
use-interface-mac;
use-interface-name (device | logical);
use-string use-string;
}
}
group group-name {
interface interface-name {
static-ip {
ip-address;
}
static-ipv6 {
ip-address;
}
}
overrides {
no-dhcpv6-options;
no-option16;
no-option18;
no-option37;
no-option82;
trusted;
untrusted;
}
}
ip-source-guard;
ipv6-source-guard;
light-weight-dhcpv6-relay;
neighbor-discovery-inspection;
no-dhcp-snooping;
no-dhcpv6-snooping;
option-82 {
circuit-id {
prefix {
host-name;
logical-system-name;
routing-instance-name;
}
use-interface-description (device | logical);
use-vlan-id;
}
remote-id {
host-name;
mac;
use-interface-description (device | logical);
use-string use-string;
}
vendor-id {
use-string use-string;
}
}
}
filter {
input filter-name;
}
flood {
input filter-name;
}
}
interface interface-name;
l3-interface l3-interface-name;
mcae-mac-synchronize;
no-irb-layer-2-copy;
service-id service-id;
switch-options {
interface name {
action-priority action-priority;
encapsulation-type (ethernet | ethernet-vlan);
ignore-encapsulation-mismatch;
interface-mac-limit {
disable;
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
mac-pinning;
no-mac-learning;
pseudowire-status-tlv;
static-mac mac-address {
vlan-id value;
}
}
interface-mac-limit {
limit;
packet-action (drop | drop-and-log | log | none | shutdown);
}
mac-statistics;
mac-table-aging-time seconds;
mac-table-size {
limit;
packet-action {
drop;
}
}
no-mac-learning;
static-rvtep-mac {
mac mac_addr {
remote-vtep;
}
}
}
}
}
Nivel de jerarquía
[edit]
[edit routing-instances routing-instance-name]
Descripción
Configure las propiedades de VLAN.
En los conmutadores de la serie EX y los dispositivos serie SRX (incluido vSRX), se aplican las siguientes pautas de configuración:
Solo se pueden utilizar filtros de firewall privados de VLAN (PVLAN) cuando la VLAN está habilitada para la tunelización Q-in-Q.
Se agrega una etiqueta S-VLAN al paquete si la VLAN está Q-in-Q-tunneled y el paquete llega desde una interfaz de acceso.
No puede usar un filtro de firewall para asignar una interfaz de enrutamiento y puentes integrados (IRB) o una interfaz de VLAN enrutada (RVI) a una VLAN.
Las asignaciones de VLAN realizadas con un filtro de firewall reemplazan todas las demás asignaciones de VLAN.
Predeterminado
Si utiliza la configuración predeterminada de fábrica, todas las interfaces de conmutador pasan a formar parte de la VLAN default.
Opciones
vlan-name—Nombre de la VLAN. El nombre puede incluir letras, números, guiones (-) y puntos (.) y puede contener hasta 255 caracteres de longitud.
El resto de las instrucciones se explican por separado. Consulte Explorador de CLI.
El resto de las instrucciones se describen por separado.
Nivel de privilegio requerido
enrutamiento: para ver esta instrucción en la configuración.
enrutamiento–control: para agregar esta instrucción a la configuración.
system— Para ver esta instrucción en la configuración.
sistema-control: para agregar esta instrucción a la configuración.
Información de versión
Declaración introducida en la versión 9.0 de Junos OS.
Instrucciones para VLAN privadas y tunelización Q-in-Q introducidas en Junos OS versión 12.1 para la serie QFX.