Technical Documentation

Example: Configuring Layer 3 Subinterfaces for a Distribution Switch and an Access Switch

In a large LAN, you commonly need to partition the network into multiple VLANs. You can configure Layer 3 subinterfaces to route traffic between the VLANs. In one common topology, known as a “router on a stick” or a “one-armed router,” you connect a router to an access switch with connections to multiple VLANs.

This example describes how to create Layer 3 subinterfaces on trunk interfaces of a distribution switch and access switch so that you can route traffic among multiple VLANs:

Requirements

This example uses the following hardware and software components:

  • For the distribution switch, one EX4200-24F switch. This model is designed to be used as a distribution switch for aggregation or collapsed core network topologies and in space-constrained data centers. It has twenty-four 1-Gigabit Ethernet fiber SFP ports and an EX-UM-2XFP uplink module with two 10-Gigabit Ethernet XFP ports.
  • For the access switch, any Layer 2 switch that supports 802.1Q VLAN tags.
  • JUNOS Release 9.2 or later for EX Series switches.

Before you connect the switches, make sure you have:

Overview and Topology

In a large office with multiple buildings and VLANs, you commonly aggregate traffic from a number of access switches into a distribution switch. This configuration example shows a simple topology to illustrate how to connect a single Layer 2 access switch connected to multiple VLANs to a distribution switch, enabling traffic to pass between those VLANs.

In the example topology, the LAN is segmented into five VLANs, all associated with interfaces on the access switch. One 1-Gigabit Ethernet port on the access switch's uplink module connects to one 1-Gigabit Ethernet port on the distribution switch.

Table 1 lists the settings for the example topology.

Table 1: Components of the Topology for Creating Layer 3 Subinterfaces on an Access Switch and a Distribution Switch

PropertySettings

Access switch hardware

Any Layer 2 switch with multiple 1-Gigabit Ethernet ports and at least one 1-Gigabit Ethernet uplink module

Distribution switch hardware

EX4200-24F, 24 1-Gigabit Ethernet fiber SPF ports (ge-0/0/0 through ge-0/0/23); one 2-port 10-Gigabit Ethernet XFP uplink module (EX-UM-4SFP)

VLAN names and tag IDs

vlan1, tag 101

vlan2, tag 102

vlan3, tag 103

vlan4, tag 104

vlan5, tag 105

VLAN subnets

vlan1: 1.1.1.0/24 (addresses 1.1.1.1 through 1.1.1.254)

vlan2: 2.1.1.0/24 (addresses 2.1.1.1 through 2.1.1.254)

vlan3: 3.1.1.0/24 (addresses 3.1.1.1 through 3.1.1.254)

vlan4: 4.1.1.0/24 (addresses 4.1.1.1 through 4.1.1.254)

vlan5: 5.1.1.0/24 (addresses 5.1.1.1 through 5.1.1.254)

Port interfaces

On the access switch: ge-0/1/0

On the distribution switch: ge-0/0/0

Configuring the Access Switch Subinterfaces

CLI Quick Configuration

To quickly create and configure subinterfaces on the access switch, copy the following commands and paste them into the switch terminal window:


[edit]


set interfaces ge-0/1/0 vlan-tagging

set interfaces ge-0/1/0 unit 0 vlan-id 101 family inet address 1.1.1.1/24

set interfaces ge-0/1/0 unit 1 vlan-id 102 family inet address 2.1.1.1/24

set interfaces ge-0/1/0 unit 2 vlan-id 103 family inet address 3.1.1.1/24

set interfaces ge-0/1/0 unit 3 vlan-id 104 family inet address 4.1.1.1/24

set interfaces ge-0/1/0 unit 4 vlan-id 105 family inet address 5.1.1.1/24

Step-by-Step Procedure

To configure the subinterfaces on the access switch:

  1. On the trunk interface of the access switch, enable VLAN tagging:

    [edit interfaces ge-0/1/0]
    user@access-switch# set vlan-tagging
  2. Bind vlan1's VLAN ID to the logical interface:

    [edit interfaces ge-0/1/0]
    user@access-switch# set unit 0 vlan-id 101
  3. Set vlan1's subinterface IP address:

    [edit interfaces ge-0/1/0]
    user@access-switch# set unit 0 family inet address 1.1.1.1/24
  4. Bind vlan2's VLAN ID to the logical interface:

    [edit interfaces ge-0/1/0]
    user@access-switch# set unit 1 vlan-id 102
  5. Set vlan2's subinterface IP address:

    [edit interfaces ge-0/1/0]
    user@access-switch# set unit 1 family inet address 2.1.1.1/24
  6. Bind vlan3's VLAN ID to the logical interface:

    [edit interfaces ge-0/1/0]
    user@access-switch# set unit 2 vlan–id 103
  7. Set vlan3's subinterface IP address:

    [edit interfaces ge-0/1/0]
    user@access-switch# set unit 2 family inet address 3.1.1.1/24
  8. Bind vlan4's VLAN ID to the logical interface:

    [edit interfaces ge-0/1/0]
    user@access-switch# set unit 3 vlan-id 104
  9. Set vlan4's subinterface IP address:

    [edit interfaces ge-0/1/0]
    user@access-switch# set unit 3 family inet address 4.1.1.1/24
  10. Bind vlan5's VLAN ID to the logical interface:

    [edit interfaces ge-0/1/0]
    user@access-switch# set unit 4 vlan-id 105
  11. Set vlan5's subinterface IP address:

    [edit interfaces ge-0/1/0]
    user@access-switch# set unit 4 family inet address 5.1.1.1/24

Results

Check the results of the configuration:

user@access-switch> show configuration interfaces {ge-0/1/0 {vlan-tagging;unit 0 {vlan-id 101;family inet {address 1.1.1.1/24;}}unit 1 {vlan-id 102;family inet {address 2.1.1.1/24;}}unit 2 {vlan-id 103;family inet {address 3.1.1.1/24;}}unit 3 {vlan-id 104;family inet {address 4.1.1.1/24;}}unit 4 {vlan-id 105;family inet {address 5.1.1.1/24;}}}

Configuring the Distribution Switch Subinterfaces

CLI Quick Configuration

To quickly create and configure subinterfaces on the distribution switch, copy the following commands and paste them into the switch terminal window:


[edit]


set interfaces ge-0/0/0 vlan-tagging

set interfaces ge-0/0/0 unit 0 vlan-id 101 family inet address 1.1.1.2/24

set interfaces ge-0/0/0 unit 1 vlan-id 102 family inet address 2.1.1.2/24

set interfaces ge-0/0/0 unit 2 vlan-id 103 family inet address 3.1.1.2/24

set interfaces ge-0/0/0 unit 3 vlan-id 104 family inet address 4.1.1.2/24

set interfaces ge-0/0/0 unit 4 vlan-id 105 family inet address 5.1.1.2/24

Step-by-Step Procedure

To configure subinterfaces on the distribution switch:

  1. On the trunk interface of the distribution switch, enable VLAN tagging:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set vlan-tagging
  2. Bind vlan1's VLAN ID to the logical interface:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set unit 0 vlan-id 101
  3. Set vlan1's subinterface IP address:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set unit 0 family inet address 1.1.1.2/24
  4. Bind vlan2's VLAN ID to the logical interface:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set unit 1 vlan-id 102
  5. Set vlan2's subinterface IP address:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set unit 1 family inet address 2.1.1.2/24
  6. Bind vlan3's VLAN ID to the logical interface:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set unit 2 vlan-id 103
  7. Set vlan3's subinterface IP address:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set unit 2 family inet address 3.1.1.2/24
  8. Bind vlan4's VLAN ID to the logical interface:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set unit 3 vlan-id 104
  9. Set vlan4's subinterface IP address:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set unit 3 family inet address 4.1.1.2/24
  10. Bind vlan5's VLAN ID to the logical interface:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set unit 4 vlan-id 105
  11. Set vlan5's subinterface IP address:

    [edit interfaces ge-0/0/0]
    user@distribution-switch# set unit 4 family inet address 5.1.1.2/24

Results

user@distribution-switch> show configuration interfaces {ge-0/0/0 {vlan-tagging;unit 0 {vlan-id 101;family inet {address 1.1.1.2/24;}}unit 1 {vlan-id 102;family inet {address 2.1.1.2/24;}}unit 2 {vlan-id 103;family inet {address 3.1.1.2/24;}}unit 3 {vlan-id 104;family inet {address 4.1.1.2/24;}}unit 4 {vlan-id 105;family inet {address 5.1.1.2/24;}}}

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying That Subinterfaces Were Created

Purpose

Verify that the subinterfaces were properly created on the access switch and distribution switch.

Action

  1. Use the show interfaces command on the access switch:

    user@access-switch> show interfaces ge-0/1/0 terse
    Interface              Admin Link Proto    Local                 Remote
    ge-0/1/0               up    up
    ge-0/1/0.0             up    up   inet     1.1.1.1/24
    ge-0/1/0.1             up    up   inet     2.1.1.1/24
    ge-0/1/0.2             up    up   inet     3.1.1.1/24
    ge-0/1/0.3             up    up   inet     4.1.1.1/24
    ge-0/1/0.4             up    up   inet     5.1.1.1/24
    ge-0/1/0.32767         up    up
    
  2. Use the show interfaces command on the distribution switch:

    user@distribution-switch> show interfaces ge-0/0/0 terse
    Interface              Admin Link Proto    Local                 Remote
    ge-0/0/0               up    up
    ge-0/0/0.0             up    up   inet     1.1.1.2/24
    ge-0/0/0.1             up    up   inet     2.1.1.2/24
    ge-0/0/0.2             up    up   inet     3.1.1.2/24
    ge-0/0/0.3             up    up   inet     4.1.1.2/24
    ge-0/0/0.4             up    up   inet     5.1.1.2/24
    ge-0/0/0.32767         up    up
    

Meaning

Each subinterface created is displayed as a ge-fpc/pic/port.x logical interface, where x is the unit number in the configuration. The status is listed as up, indicating the link is working.

Verifying That Traffic Passes Between VLANs

Purpose

Verify that the distribution switch is correctly routing traffic from one VLAN to another.

Action

Ping from the access switch to the distribution switch on each subinterface.

  1. From the access switch, ping the address of the vlan1 subinterface on the distribution switch:

    user@access-switch> ping 1.1.1.2 count 4
    PING 1.1.1.2 (1.1.1.2): 56 data bytes
    64 bytes from 1.1.1.2: icmp_seq=0 ttl=64 time=0.333 ms
    64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.113 ms
    64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.112 ms
    64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.158 ms
    
    --- 1.1.1.2 ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.112/0.179/0.333/0.091 ms
  2. From the access switch, ping the address of the vlan2 subinterface on the distribution switch:

    user@access-switch> ping 2.1.1.2 count 4
    PING 2.1.1.2 (2.1.1.2): 56 data bytes
    64 bytes from 2.1.1.2: icmp_seq=0 ttl=64 time=0.241 ms
    64 bytes from 2.1.1.2: icmp_seq=1 ttl=64 time=0.113 ms
    64 bytes from 2.1.1.2: icmp_seq=2 ttl=64 time=0.162 ms
    64 bytes from 2.1.1.2: icmp_seq=3 ttl=64 time=0.167 ms
    
    --- 2.1.1.2 ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.113/0.171/0.241/0.046 ms
  3. From the access switch, ping the address of the vlan3 subinterface on the distribution switch:

    user@access-switch> ping 3.1.1.2 count 4
    PING 3.1.1.2 (3.1.1.2): 56 data bytes
    64 bytes from 3.1.1.2: icmp_seq=0 ttl=64 time=0.341 ms
    64 bytes from 3.1.1.2: icmp_seq=1 ttl=64 time=0.162 ms
    64 bytes from 3.1.1.2: icmp_seq=2 ttl=64 time=0.112 ms
    64 bytes from 3.1.1.2: icmp_seq=3 ttl=64 time=0.208 ms
    
    --- 3.1.1.2 ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.112/0.206/0.341/0.085 ms
    
  4. From the access switch, ping the address of the vlan4 subinterface on the distribution switch:

    user@access-switch> ping 4.1.1.2 count 4
    PING 4.1.1.2 (4.1.1.2): 56 data bytes
    64 bytes from 4.1.1.2: icmp_seq=0 ttl=64 time=0.226 ms
    64 bytes from 4.1.1.2: icmp_seq=1 ttl=64 time=0.166 ms
    64 bytes from 4.1.1.2: icmp_seq=2 ttl=64 time=0.107 ms
    64 bytes from 4.1.1.2: icmp_seq=3 ttl=64 time=0.221 ms
    
    --- 4.1.1.2 ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.107/0.180/0.226/0.048 ms
  5. From the access switch, ping the address of the vlan5 subinterface on the distribution switch:

    user@access-switch> ping 5.1.1.2 count 4
    PING 5.1.1.2 (5.1.1.2): 56 data bytes
    64 bytes from 5.1.1.2: icmp_seq=0 ttl=64 time=0.224 ms
    64 bytes from 5.1.1.2: icmp_seq=1 ttl=64 time=0.104 ms
    64 bytes from 5.1.1.2: icmp_seq=2 ttl=64 time=0.102 ms
    64 bytes from 5.1.1.2: icmp_seq=3 ttl=64 time=0.170 ms
    
    --- 5.1.1.2 ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.102/0.150/0.224/0.051 ms

Meaning

If all the ping packets are transmitted and are received by the destination address, the subinterfaces are up and working.


Published: 2010-08-19

Help
|
My Account
|
Log Out