Technical Documentation

Example: Configuring Automatic VLAN Administration Using MVRP on EX Series Switches

As a network expands and the number of clients and VLANs increases, VLAN administration becomes complex and the task of efficiently configuring VLANs on multiple EX Series switches becomes increasingly difficult. To automate VLAN administration, you can enable Multiple VLAN Registration Protocol (MVRP) on the network.

MVRP can also be used to dynamically create VLANs, further simplifying the network overhead required to statically configure VLANs.

Note: Only trunk interfaces can be enabled for MVRP.

This example describes how to use MVRP to automate administration of VLAN membership changes within your network and how to use MVRP to dynamically create VLANs:

Requirements

This example uses the following hardware and software components:

  • Two EX Series access switches
  • One EX Series distribution switch
  • JUNOS Release 10.0 or later for EX Series switches

Overview and Topology

MVRP is used to manage dynamic VLAN registration in a LAN. It can also be used to dynamically create VLANs.

This example uses MVRP to dynamically create VLANs on the switching network. You can disable dynamic VLAN creation and create VLANs statically, if desired. Enabling MVRP on the trunk interface of each switch in your switching network ensures that the active VLAN information for the switches in the network is propagated to each switch through the trunk interfaces, assuming dynamic VLAN creation is enabled for MVRP.

MVRP ensures that the VLAN membership information on the trunk interface is updated as the switch’s access interfaces become active or inactive in the configured VLANs in a static or dynamic VLAN creation setup.

You do not need to explicitly bind a VLAN to the trunk interface. When MVRP is enabled, the trunk interface advertises all the VLANs that are active (bound to access interfaces) on that switch. An MVRP-enabled trunk interface does not advertise VLANs that have been configured on the switch but that are not currently bound to an access interface. Thus, MVRP provides the benefit of reducing network overhead—by limiting the scope of broadcast, unknown unicast, and multicast (BUM) traffic to interested devices only.

When VLAN access interfaces become active or inactive, MVRP ensures that the updated information is advertised on the trunk interface. Thus, in this example, distribution Switch C does not forward traffic to inactive VLANs.

This example shows a network with three VLANs: finance, sales, and lab.

Access Switch A has been configured to support all three VLANS and all three VLANS are active, bound to interfaces that are connected to personal computers:

  • ge-0/0/1—Connects PC1 as a member of finance, VLAN ID 100
  • ge-0/0/2—Connects PC2 as a member of lab, VLAN ID 200
  • ge-0/0/3—Connects PC3 as a member of sales, VLAN ID 300

Access Switch B has also been configured to support three VLANS. However, currently only two VLANs are active, bound to interfaces that are connected to personal computers:

  • ge-0/0/0—Connects PC4 as a member of finance, VLAN ID 100
  • ge-0/0/1—Connects PC5 as a member of lab, VLAN ID 200

Distribution Switch C learns the VLANs dynamically using MVRP through the connection to the access switches. Distribution Switch C has two trunk interfaces:

  • xe-0/1/1—Connects the switch to access Switch A.
  • xe-0/1/0—Connects the switch to access Switch B.

Figure 1 shows MVRP configured on two access switches and one distribution switch.

Figure 1: MVRP Configured on Two Access Switches and One Distribution Switch for Automatic VLAN Administration

Image g020317.gif

Table 1 explains the components of the example topology.

Table 1: Components of the Network Topology

PropertySettings

Switch hardware

  • Access Switch A
  • Access Switch B
  • Distribution Switch C

VLAN names and tag IDs

finance, tag 100
lab, tag 200
sales, tag 300


Interfaces

Access Switch A interfaces:

  • ge-0/0/1—Connects PC1 to access Switch A.
  • ge-0/0/2—Connects PC2 to access Switch A.
  • ge-0/0/3—Connects PC3 to access Switch A.
  • xe-0/1/1—Connects access Switch A to distribution Switch C (trunk).

Access Switch B interfaces:

  • ge-0/0/0—Connects PC4 to access Switch B.
  • ge-0/0/1—Connects PC5 to access Switch B.
  • xe-0/1/0—Connects access Switch B to distribution Switch C. (trunk)

Distribution Switch C interfaces:

  • xe-0/1/1—Connects distribution Switch C to access Switch A. (trunk)
  • xe-0/1/0—Connects distribution Switch C to access Switch B. (trunk)

Configuring VLANs and MVRP on Access Switch A

To configure VLANs on the switch, bind access interfaces to the VLANs, and enable MVRP on the trunk interface of access Switch A, perform these tasks:

CLI Quick Configuration

To quickly configure access Switch A for MVRP, copy the following commands and paste them into the switch terminal window of Switch A:


[edit]
set vlans finance vlan-id 100


set vlans lab vlan-id 200


set vlans sales vlan-id 300


set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members finance

set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members lab

set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members sales


set interfaces xe-0/1/1 unit 0 family ethernet-switching port-mode trunk

set protocols mvrp interface xe-0/1/1.0

Note: As we recommend as a best practice, default MVRP timers are used in this example. The default values associated with each MVRP timer are: 200 ms for the join timer, 1000 ms for the leave timer, and 10000 ms for the leaveall timer. Modifying timers to inappropriate values might cause an imbalance in the operation of MVRP.

Step-by-Step Procedure

To configure access Switch A for MVRP:

  1. Configure the finance VLAN:

    [edit]
    user@Access-Switch-A# set vlans finance vlan-id 100
  2. Configure the lab VLAN:

    [edit]
    user@Access-Switch-A# set vlans lab vlan–id 200
  3. Configure the sales VLAN:

    [edit]
    user@Access-Switch-A# set vlans sales vlan–id 300
  4. Configure an Ethernet interface as a member of the finance VLAN:

    [edit]
    user@Access-Switch-A# set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members finance
  5. Configure an Ethernet interface as a member of the lab VLAN:

    [edit]
    user@Access-Switch-A# set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members lab
  6. Configure an Ethernet interface as a member of the sales VLAN:

    [edit]
    user@Access-Switch-A# set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members sales
  7. Configure a trunk interface:

    [edit]
    user@Access-Switch-A# set interfaces xe-0/1/1 unit 0 family ethernet-switching port-mode trunk
  8. Enable MVRP on the trunk interface:

    [edit]
    user@Access-Switch-A# set protocols mvrp interface xe-0/1/1.0

Results

Check the results of the configuration:

[edit]
user@switch# show
interfaces {
ge-0/0/1 {unit 0 {family ethernet-switching {vlan {members finance;}}}}ge-0/0/2 {unit 0 {family ethernet-switching {vlan {members lab;}}}}ge-0/0/3 {unit 0 {family ethernet-switching {vlan {members sales;}}}}xe-0/1/1 {unit 0 {family ethernet-switching {port-mode trunk;}}}}
protocols {mvrp {interface xe-0/1/1.0;}}
vlans {finance {vlan-id 100;}lab {vlan-id 200;}sales {vlan-id 300;}}

Configuring VLANs and MVRP on Access Switch B

To configure three VLANs on the switch, bind access interfaces for PC4 and PC5 to the VLANs, and enable MVRP on the trunk interface of access Switch B, perform these tasks:

CLI Quick Configuration

To quickly configure Access Switch B for MVRP, copy the following commands and paste them into the switch terminal window of Switch B:


[edit]
set vlans finance vlan-id 100


set vlans lab vlan-id 200


set vlans sales vlan-id 300



set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members finance

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members lab


set interfaces xe-0/1/0 unit 0 family ethernet-switching port-mode trunk

set protocols mvrp interface xe-0/1/0.0

Step-by-Step Procedure

To configure access Switch B for MVRP:

  1. Configure the finance VLAN:

    [edit]
    user@Access-Switch-B# set vlans finance vlan-id 100
  2. Configure the lab VLAN:

    [edit]
    user@Access-Switch-B# set vlans lab vlan–id 200
  3. Configure the sales VLAN:

    [edit]
    user@Access-Switch-B# set vlans sales vlan–id 300
  4. Configure an Ethernet interface as a member of the finance VLAN:

    [edit]
    user@Access-Switch-B# set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members finance
  5. Configure an Ethernet interface as a member of the lab VLAN:

    [edit]
    user@Access-Switch-B# set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members lab
  6. Configure a trunk interface:

    user@Access-Switch-B# set interfaces xe-0/1/0 unit 0 family ethernet-switching port-mode trunk
  7. Enable MVRP on the trunk interface:

    [edit]
    user@Access-Switch-B# set protocols mvrp xe-0/1/0.0

    Note: As we recommend as a best practice, default MVRP timers are used in this example. The default values associated with each MVRP timer are: 200 ms for the join timer, 1000 ms for the leave timer, and 10000 ms for the leaveall timer. Modifying timers to inappropriate values might cause an imbalance in the operation of MVRP.

Results

Check the results of the configuration:

[edit]
user@Access-Switch-B# show interfaces {ge-0/0/0 {unit 0 {family ethernet-switching {vlan {members finance;}}}}ge-0/0/1 {unit 0 {family ethernet-switching {vlan {members lab;}}}}xe-0/1/0 {unit 0 {family ethernet-switching {port-mode trunk;}}}}}
protocols {mvrp {interface xe-0/1/0.0;}}vlans {finance {vlan-id 100;}lab {vlan-id 200;}sales {vlan-id 300;}}

Configuring VLANS and MVRP on Distribution Switch C

CLI Quick Configuration

To quickly configure distribution Switch C for MVRP, copy the following commands and paste them into the switch terminal window of distribution Switch C:


[edit]


set interfaces xe-0/1/1 unit 0 family ethernet-switching port-mode trunk
set interfaces xe-0/1/0 unit 0 family ethernet-switching port-mode trunk


set protocols mvrp interface xe-0/1/1.0

set protocols mvrp interface xe-0/1/0.0

Step-by-Step Procedure

To configure distribution Switch C for MVRP:

  1. Configure the trunk interface to access Switch A:

    [edit]
    user@Distribution-Switch-C# set interfaces xe-0/1/1 unit 0 family ethernet-switching port-mode trunk
  2. Configure the trunk interface to access Switch B:

    [edit]
    user@Distribution-Switch-C# set interfaces xe-0/1/0 unit 0 family ethernet-switching port-mode trunk
  3. Enable MVRP on the trunk interface for xe-0/1/1 :

    [edit]
    user@Distribution-Switch-C# set protocols mvrp interface xe-0/1/1.0

  4. Enable MVRP on the trunk interface for xe-0/1/0 :

    [edit]
    user@Distribution-Switch-C# set protocols mvrp interface xe-0/1/0.0

Results

Check the results of the configuration:

[edit]
user@Distribution Switch-D# show interfaces {xe-0/1/0 {unit 0 {family ethernet-switching {port-mode trunk;}}}xe-0/1/1 {unit 0 {family ethernet-switching {port-mode trunk;}}}}protocols {mvrp {interface xe-0/1/0.0;interface xe-0/1/1.0;}

Verification

To confirm that the configuration is updating VLAN membership, perform these tasks:

Verifying That MVRP Is Enabled on Access Switch A

Purpose

Verify that MVRP is enabled on the switch.

Action

Show the MVRP configuration:


user@Access-Switch-A> show mvrp
MVRP configuration 
MVRP status                 : Enabled        
MVRP dynamic VLAN creation  : Enabled 

MVRP timers (ms): 
Interface            Join   Leave       LeaveAll
--------------       -----  --------    ----------- 
all                   200   1000        10000   
xe-0/1/1.0            200   1000        10000    

Interface       Status        Registration Mode
--------------  --------      ----------------- 
all             Disabled      Normal     
xe-0/1/1.0      Enabled       Normal  

Meaning

The results show that MVRP is enabled on the trunk interface of Switch A and that the default timers are used.

Verifying That MVRP Is Updating VLAN Membership on Access Switch A

Purpose

Verify that MVRP is updating VLAN membership by displaying the Ethernet switching interfaces and associated VLANs that are active on Switch A.

Action

List Ethernet switching interfaces on the switch:




Interface State VLAN members Blocking ge-0/0/1.0 up finance unblocked ge-0/0/2.0 up lab unblocked ge-0/0/3.0 up sales unblocked xe-0/1/1.0 up finance unblocked lab unblocked

Meaning

MVRP has automatically added finance and lab as VLAN members on the trunk interface because they are being advertised by access Switch B.

Verifying That MVRP Is Enabled on Access Switch B

Purpose

Verify that MVRP is enabled on the switch.

Action

Show the MVRP configuration:


user@Access-Switch-B> show mvrp
MVRP configuration 
MVRP status                 : Enabled        
MVRP dynamic VLAN creation  : Enabled 

MVRP timers (ms): 
Interface         Join   Leave       LeaveAll
--------------    -----  --------    ----------- 
all                200   1000       10000   
xe-0/1/0.0         200   1000       10000    

Interface       Status        Registration Mode
--------------  --------      ----------------- 
all             Disabled      Normal     
xe-0/1/0.0      Enabled       Normal    

Meaning

The results show that MVRP is enabled on the trunk interface of Switch B and that the default timers are used.

Verifying That MVRP Is Updating VLAN Membership on Access Switch B

Purpose

Verify that MVRP is updating VLAN membership by displaying the Ethernet switching interfaces and associated VLANs that are active on Switch B.

Action

List Ethernet switching interfaces on the switch:


user@Access-Switch-B> show ethernet-switching interfaces

Interface State VLAN members Blocking ge-0/0/0.0 up finance unblocked ge-0/0/1.0 up lab unblocked xe-0/1/1.0 up finance unblocked lab unblocked sales unblocked

Meaning

MVRP has automatically added finance, lab, and sales as VLAN members on the trunk interface because they are being advertised by access Switch A.

Verifying That MVRP Is Enabled on Distribution Switch C

Purpose

Verify that MVRP is enabled on the switch.

Action

Show the MVRP configuration:


user@Distribution-Switch-C> show mvrp
MVRP configuration 
MVRP status                 : Enabled        
MVRP dynamic VLAN creation  : Enabled 

MVRP timers (ms): 
Interface            Join   Leave       LeaveAll
--------------       -----  --------    ----------- 
all                   200   1000        10000   
xe-0/0/1.0            200   1000        10000    
xe-0/1/1.0            200   1000        10000

Interface       Status        Registration Mode
--------------  --------      ----------------- 
all             Disabled      Normal     
xe-0/0/1.0      Enabled       Normal   
xe-0/1/1.0      Enabled       Normal

Verifying That MVRP Is Updating VLAN Membership on Distribution Switch C

Purpose

Verify that MVRP is updating VLAN membership on distribution Switch C by displaying the Ethernet switching interfaces and associated VLANs on distribution Switch C.

Action

List the Ethernet switching interfaces on the switch:


user@Distribution-Switch-C> show ethernet-switching interfaces

Interface State VLAN members Blocking xe-0/1/1.0 up __mvrp_100__ unblocked __mvrp_200__ unblocked __mvrp_300__ unblocked xe-0/1/0.0 up __mvrp_100__ unblocked __mvrp_200__ unblocked

List the VLANs that were created dynamically using MVRP on the switch:


user@Distribution-Switch-C> show mvrp dynamic-vlan-memberships

VLAN Name Interfaces ------------------- ---------------- __mvrp_100__ xe-0/1/1.0 xe-0/1/0.0 __mvrp_200__ xe-0/1/1.0 xe-0/1/0.0 __mvrp_300__ xe-0/1/1.0

Meaning

Distribution Switch C has two trunk interfaces. Interface xe-0/1/1.0 connects distribution Switch C to Access Switch A and is therefore updated to show that it is a member of all the VLANs that are active on Switch A. Any traffic for those VLANs will be passed on from distribution Switch C to Switch A, through interface xe-0/1/1.0. Interface xe-0/1/0.0 connects distribution Switch C to Switch B and is updated to show that it is a member of the two VLANs that are active on Switch B. Thus, distribution Switch C sends traffic for finance and lab to both Switch A and Switch B. But distribution Switch C sends traffic for sales only to Switch A.

Distribution Switch C also has three dynamic VLANs created using MVRP: mvrp_100, mvrp_200, and mvrp_300. The dynamically created VLANs mvrp_100 and mvrp_200 are active on interfaces xe-0/1/1.0 and xe-0/1/1.0, and dynamically created VLAN mvrp_300 is active on interface xe-0/1/1.0.


Published: 2010-08-19

|
|