Switching

Configuring VLANs—Quick Configuration

Each VLAN is a collection of network nodes that are grouped together to form separate broadcast domains. On an Ethernet network that is a single LAN, all traffic is forwarded to all nodes on the LAN. On VLANs, frames whose origin and destination are in the same VLAN are forwarded only within the local VLAN. Frames that are not destined for the local VLAN are the only ones forwarded to other broadcast domains. VLANs thus limit the amount of traffic flowing across the entire LAN, reducing the possible number of collisions and packet retransmissions within a VLAN and on the LAN as a whole.

On an Ethernet LAN, all network nodes must be physically connected to the same network. On VLANs, the physical location of the nodes is not important, so you can group network devices in any way that makes sense for your organization, such as by department or business function, by types of network nodes, or even by physical location. Each VLAN is identified by a single IP subnetwork and by standardized IEEE 802.1Q encapsulation.

To access the VLAN:

  1. In the J-Web user interface, select Configure>Switching>VLAN.

    The VLAN configuration page displays a list of existing VLANs. If you select a specific VLAN, the specific VLAN details are displayed in the details section.

  2. Click one:
    • Add—Creates a VLAN.
    • Edit—Edits an existing VLAN configuration.
    • Delete—Deletes an existing VLAN.

      Note: If you delete a VLAN, the VLAN configuration for all the associated interfaces is also deleted.

    When you are adding or editing a VLAN, enter information as described in Table 71.

  3. Click one:
    • OK—Saves the configuration and returns to the main configuration page, then click Commit Options>Commit.
    • Cancel—Cancels your entries and returns to the main configuration page.

Table 71: VLAN Configuration Details

Field

Function

Action

General

VLAN Name

Specifies a unique name for the VLAN.

Enter a name.

Note: VLAN text field is disabled when vlan-tagging is not enabled.

VLAN ID/Range

Specifies the identifier or range for the VLAN.

Select one:

  • VLAN ID—Type a unique identification number from 1 through 4094. If no value is specified, it defaults to 1.
  • VLAN Range—Type a number range to create VLANs with IDs corresponding to the range. For example, the range 2–3 will create two VLANs with the ID 2 and 3.

Description

Describes the VLAN.

Enter a brief description for the VLAN.

Input Filter

Specifies the VLAN firewall filter that is applied to incoming packets.

To apply an input firewall filter, select the firewall filter from the list.

Output Filter

Specifies the VLAN firewall filter that is applied to outgoing packets.

To apply an output firewall filter, select the firewall filter from the list.

Ports

Ports

Specifies the ports to be associated with this VLAN for data traffic. You can also remove the port association.

Click one:

  • Add—Select the ports from the available list.
  • Remove—Select the port that you do not want associated with the VLAN.
IP Address

Layer 3 Information

Specifies IP address options for the VLAN.

Select to enable the IP address options.

IP Address

Specifies the IP address of the VLAN.

Enter the IP address.

Subnet Mask

Specifies the range of logical addresses within the address space that is assigned to an organization.

Enter the address, for example, 255.255.255.0. You can also specify the address prefix.

Input Filter

Specifies the VLAN interface firewall filter that is applied to incoming packets.

To apply an input firewall filter to an interface, select the firewall filter from the list.

Output Filter

Specifies the VLAN interface firewall filter that is applied to outgoing packets.

To apply an output firewall filter to an interface, select the firewall filter from the list.

ARP/MAC Details

Specifies the details for configuring the static IP address and MAC.

Click the ARP/MAC Details button. Enter the static IP address and MAC address in the window that is displayed.

VoIP

Ports

Specifies the ports to be associated with this VLAN for voice traffic. You can also remove the port association.

Click one:

  • Add—Select the ports from the available list.
  • Remove—Select the port that you do not want associated with the VLAN.

Configuring a Spanning Tree—Quick Configuration

Juniper devices provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). You can configure bridge protocols data unit (BPDU) protection on interfaces to prevent them from receiving BPDUs that could result in STP misconfigurations, which could lead to network outages.

You can use the J-Web Quick Configuration to add a spanning tree or to edit or delete an existing spanning tree.

To access the Spanning Tree Quick Configuration:

  1. In the J-Web user interface, select Configure>Switching>Spanning Tree.

    The Spanning Tree Configuration page displays a list of existing spanning trees. If you select a specific spanning tree, the specific spanning tree details are displayed in the General and Interfaces tabs.

  2. Click one of the following:
    • Add—Creates a spanning tree.
    • Edit—Edits an existing spanning-tree configuration.
    • Delete—Deletes an existing spanning tree.

    When you are adding a spanning tree, select a protocol name:

    • If you select STP, enter information as described in Table 72.
    • If you select RSTP, enter information as described in Table 73.
    • If you select MSTP, enter information as described in Table 74.

    Select the Ports tab to configure the ports associated with this spanning tree. Click one of the following:

    • Add—Creates a new spanning-tree interface configuration.
    • Edit—Modifies an existing spanning-tree interface configuration.
    • Delete—Deletes an existing spanning-tree interface configuration.

    When you are adding or editing a spanning-tree port, enter information as described in Table 75.

  3. Click one:
    • Click OK to check your configuration and save it as a candidate configuration, then click Commit Options>Commit.
    • click Cancel to cancel the configuration without saving changes.

Table 72: STP Configuration Parameters

Field

Function

Action

Protocol Name

Displays the spanning-tree protocol.

View only.

Disable

Disables STP on the interface.

To enable this option, select the check box.

BPDU Protect

Specifies that BPDU blocks are to be processed.

To enable this option, select the check box.

Bridge Priority

Specifies the bridge priority. The bridge priority determines which bridge is elected as the root bridge. If two bridges have the same path cost to the root bridge, the bridge priority determines which bridge becomes the designated bridge for a LAN segment.

Select a value.

Forward Delay

Specifies the number of seconds an interface waits before changing from spanning-tree learning and listening states to the forwarding state.

Enter a value from 4 through 30 seconds.

Hello Time

Specifies time interval in seconds at which the root bridge transmits configuration BPDUs.

Enter a value from 1 through 10 seconds.

Max Age

Specifies the maximum aging time in seconds for all MST instances. The maximum aging time is the number of seconds a switch waits without receiving spanning-tree configuration messages before attempting a reconfiguration.

Enter a value from 6 through 40 seconds.

Table 73: RSTP Configuration Parameters

Field

Function

Action

Protocol Name

Displays the spanning-tree protocol.

View only.

Disable

Specifies whether RSTP must be disabled on the interface.

To enable this option, select the check box.

BPDU Protect

Specifies that BPDU blocks are to be processed.

To enable this option, select the check box.

Bridge Priority

Specifies the bridge priority. The bridge priority determines which bridge is elected as the root bridge. If two bridges have the same path cost to the root bridge, the bridge priority determines which bridge becomes the designated bridge for a LAN segment.

Select a value.

Forward Delay

Specifies the number of seconds a port waits before changing from its spanning-tree learning and listening states to the forwarding state.

Enter a value from 4 through 30 seconds.

Hello Time

Specifies the hello time in seconds for all MST instances.

Enter a value from 1 through 10 seconds.

Max Age

Specifies the maximum aging time in seconds for all MST instances. The maximum aging time is the number of seconds a switch waits without receiving spanning-tree configuration messages before attempting a reconfiguration.

Enter a value from 6 through 40 seconds.

Table 74: MSTP Configuration Parameters

Field

Function

Action

Protocol Name

Displays the spanning-tree protocol.

View only.

Disable

Specifies whether MSTP must be disabled on the interface.

To enable this option, select the check box.

BPDU Protect

Specifies that BPDU blocks are to be processed.

To enable this option, select the check box.

Bridge Priority

Specifies the bridge priority. The bridge priority determines which bridge is elected as the root bridge. If two bridges have the same path cost to the root bridge, the bridge priority determines which bridge becomes the designated bridge for a LAN segment.

Select a value.

Forward Delay

Specifies the number of seconds a port waits before changing from its spanning-tree learning and listening states to the forwarding state.

Enter a value from 4 through 30 seconds.

Hello Time

Specifies the hello time in seconds for all MST instances.

Enter a value from 1 through 10 seconds.

Max Age

Specifies the maximum aging time for all MST instances. The maximum aging time is the number of seconds a switch waits without receiving spanning-tree configuration messages before attempting a reconfiguration.

Enter a value from 6 through 40 seconds.

Configuration Name

MSTP region name carried in the MSTP bridge protocol data units (BPDUs).

Enter a name.

Max Hops

Maximum number of hops a BPDU can be forwarded in the MSTP region

Enter a value from 1 through 255.

Revision Level

Revision number of the MSTP region configuration.

Enter a value from 0 through 65535.

MSTI tab

MSTI Id

Specifies the multiple spanning-tree instance (MSTI) identifier. MSTI IDs are local to each region, so you can reuse the same MSTI ID in different regions.

Click one:

  • Add—Creates a MSTI.
  • Edit—Edits an existing MSTI.
  • Delete—Deletes an existing MSTI.

Bridge Priority

Specifies the bridge priority. The bridge priority determines which bridge is elected as the root bridge. If two bridges have the same path cost to the root bridge, the bridge priority determines which bridge becomes the designated bridge for a LAN segment.

Select a value.

VLAN

Specifies the VLANs for the MSTI.

Click one:

  • Add—Selects VLANs from the list.
  • Remove—Deletes the selected VLAN.

Interfaces

Specifies the interface for the MSTP protocol.

Click one:

  • Add—Selects interfaces from the list.
  • Edit—Edits the selected interface.
  • Remove—Deletes the selected interface.

Table 75: Spanning-Tree Ports Configuration Details

Field

Function

Action

Interface Name

Specifies the interface for the spanning-tree protocol type.

Select an interface.

Cost

Specifies the link cost to control which bridge is the designated bridge and which interface is the designated interface.

Enter a value from 1 through 200,000,000.

Priority

Specifies the interface priority to control which interface is elected as the root port.

Select a value.

Edge

Configures the interface as an edge interface. Edge interfaces immediately transition to a forwarding state.

Select to configure the interface as an edge interface.

Mode

Specifies the link mode.

Select one:

  • Point to Point—For full-duplex links, select this mode.
  • Shared—For half-duplex links, select this mode.

Configuring IGMP Snooping—Quick Configuration

IGMP snooping regulates multicast traffic in a switched network. With IGMP snooping enabled, the Juniper device monitors the IGMP transmissions between a host (a network device) and a multicast router, keeping track of the multicast groups and associated member interfaces. The Juniper device uses that information to make intelligent multicast-forwarding decisions and forward traffic to the intended destination interfaces.

You can use the J-Web Quick Configuration to add a new IGMP snooping configuration or to edit or delete an existing configuration.

To access the IGMP Snooping Quick Configuration:

  1. In the J-Web user interface, select Configure>Switching>IGMP Snooping.

    The VLAN Configuration page displays a list of existing IGMP snooping configurations.

  2. Click one:
    • Add—Creates an IGMP snooping configuration for the VLAN.
    • Edit—Edits an existing IGMP snooping configuration for the VLAN.
    • Delete—Deletes member settings for the interface.

      Note: If you delete a configuration, the VLAN configuration for all the associated interfaces is also deleted.

    • Disable Vlan—Disables IGMP snooping on the selected VLAN.

    When you are adding or editing a VLAN, enter information as described in Table 76.

  3. Click one:
    • Click OK to check your configuration and save it as a candidate configuration, then click Commit Options>Commit.
    • Click Cancel to cancel the configuration without saving changes.

Table 76: IGMP Snooping Configuration Fields

Field

Function

Action

VLAN Name

Specifies the VLAN on which to enable IGMP snooping.

Select the VLAN from the list.

Immediate Leave

Immediately removes a multicast group membership from an interface when it receives a leave message from that interface and suppresses the sending of any group-specific queries for the multicast group

To enable the option, select the check box.

To disable the option, clear the check box.

Query Interval

Configures how frequently the switch sends host-query timeout messages to a multicast group.

Enter a value from 1 through 1024 seconds.

Query Last Member Interval

Configures the interval between group-specific query timeout messages sent by the switch.

Enter a value from 1 through 1024 seconds.

Query Response Interval

Configures the length of time the switch waits to receive a response to a specific query message from a host.

Enter a value from 1 through 25 seconds.

Robust Count

Specifies the number of timeout intervals the switch waits before timing out a multicast group.

Enter a value from 2 through 10.

Interfaces List

Statically configures an interface as a switching interface toward a multicast router (the interface to receive multicast traffic).

  1. Click Add.
  2. Select an interface from the list.
  3. Select Multicast Router Interface.
  4. Enter the maximum number of groups an interface can join in Group Limit.
  5. In Static, choose one:
    • Click Add, type a group IP address, and click OK.
    • Select a group and click Remove to remove the group membership.

Configuring GVRP—Quick Configuration

As a network expands and the number of clients and VLANs increases, VLAN administration becomes complex, and the task of efficiently configuring VLANs on multiple EX Series switches becomes increasingly difficult. To automate VLAN administration, you can enable GARP VLAN Registration Protocol (GVRP) on the network.

GVRP learns VLANs on a particular 802.1Q trunk port, and adds the corresponding trunk interface to the VLAN if the advertised VLAN is preconfigured or existing already on the switch. For example, a VLAN named “sales” is advertised to trunk interface 1 on the GVRP-enabled switch. The switch adds trunk interface 1 to the sales VLAN if the sales VLAN already exists on the switch.

As individual interfaces become active and send requests to join a VLAN, the VLAN configuration is updated and propagated among the switches. Limiting the VLAN configuration to active participants reduces the network overhead. GVRP also provides the benefit of pruning VLANs to limit the scope of broadcast, unknown unicast, and multicast (BUM) traffic to interested network devices only.

You can use the J-Web Quick Configuration to enable or disable GVRP on an interface.

To access the GVRP Quick Configuration:

  1. In the J-Web user interface, select Configure>Switching>GVRP.

    The GVRP Configuration page displays a list of interfaces on which GVRP is enabled.

  2. Click one:
    • Global Settings—Modifies GVRP timers. Enter the information as described in Table 77.
    • Add—Enables GVRP on an interface.
    • Disable Port—Disables an interface.
    • Delete—Deletes an interface.
  3. Click one:
    • Click OK to check your configuration and save it as a candidate configuration, then click Commit Options>Commit.
    • Click Cancel to cancel the configuration without saving changes.

Table 77: GVRP Global Settings

Field

Function

Action

Disable GVRP

Disables GVRP on all the interfaces.

Click to select.

Join Timer

Specifies the number of milliseconds an interface must wait before sending VLAN advertisements.

Enter a value from 0 through 4294967295 milliseconds.

Leave Timer

Specifies the number of milliseconds an interface must wait after receiving a leave message to remove itself from the VLAN specified in the message.

Enter a value from 0 through 4294967295 milliseconds.

Leave All Timer

Specifies the interval in milliseconds at which Leave All messages are sent on interfaces. Leave All messages help to maintain current GVRP VLAN membership information in the network.

Enter a value from 0 through 4294967295 milliseconds.

Copyright© 2010 Juniper Networks, Inc. All rights reserved.