[an error occurred while processing this directive][an error occurred while processing this directive]

Controlling the Management State of a VLAN in MVRP Configurations on MX Series Routers (CLI Procedure)

MX Series routers use Multiple VLAN Registration Protocol (MVRP) to manage dynamic virtual LAN (VLAN) registration in switching networks. Enabling MVRP on trunk interfaces in Carrier Ethernet networks reduces network overhead by limiting the scope of broadcast, unknown unicast, and multicast (BUM) traffic to interested devices only.

Dynamic VLAN registration through MVRP is enabled by default when you enable MVRP on a trunk interface. The trunk interface automatically uses the normal registration mode, accepts MVRP messages, and participates in MVRP. The management state in this case is also known as normal. However, it can be useful to configure VLAN IDs to bypass the dynamic VLAN registration process for security reasons or when MVRP is not supported on a peer switch. You can change the management state of a VLAN independently to either exclude it entirely from the MVRP registration process and remain in an unregistered state (forbidden state) or to force a VLAN to always stay in a registered state and to be declared on all other forwarding ports (fixed state).

Three parameters are used to control the management state of a VLAN in an MVRP configuration:

  • The VLAN is a member in the interface VLAN ID list (configured at the [edit interfaces interface-name family bridge vlan-id-list] hierarchy level).
  • The VLAN is a member in the bridge domain VLAN ID list (configured at the [edit bridge-domain bridge-domain-name vlan-id-list] hierarchy level).
  • The MVRP registration mode is configured for MVRP (configured at the [edit protocols mvrp interface interface-name registration (normal | restricted | forbidden)] hierarchy level).

When these three parameters are combined, a VLAN operates with the following MVRP management states:

  • If a VLAN ID is present in both the interface and bridge domain VLAN ID list, the VLAN is in a fixed management state, irrespective of the MVRP registration mode.
  • If a VLAN ID is present in the interface VLAN ID list but not in the bridge domain VLAN ID list and the MVRP registration mode is forbidden, the VLAN ID is in a forbidden management state. If the MVRP registration mode is not forbidden, the VLAN ID is in a normal registration state.
  • If a VLAN ID is not present in the interface VLAN ID list and the MVRP registration mode is forbidden or restricted, the VLAN ID is in a forbidden management state. Otherwise, it is in a normal management state.

Table 1 defines in more detail the MVRP management state for a VLAN when the interface and bridge domain VLAN ID lists and the MVRP registration mode are configured.

Table 1 contains the service configured for BEB2 as well as the correlating S-VLAN, I-SID, and B-VLAN.

Table 1: MVRP Management States

VLAN ID present in Interface VLAN ID List?VLAN ID present in Bridge Domain VLAN ID List?Interface uses MVRP Normal Registration ModeInterface uses MVRP Restricted Registration ModeInterface uses Forbidden Registration Mode

yes

yes

fixed state

fixed state

fixed state

yes

no

normal state

normal state

forbidden state

yes

yes/no

normal state

forbidden state

forbidden state

This topic describes how to configure the management state for VLANs in an MVRP configuration:

Configure All VLANs to Operate in Normal State

  • To configure an interface to operate in the normal state, configure the registration state as normal:

    [edit protocols]
    user@host# set mvrp interface interface-name registration normal

    For example, to configure all VLANs on trunk interface ge-1/0/0 to operate in normal state:


    [edit]
    user@host# set interface ge-1/0/0 family bridge trunk
    user@host# set protocols mvrp interface ge-1/0/0 registration normal

Configure VLANs to Operate With Mixed States (Fixed and Normal)

  • To configure an interface to operate in a fixed state, add the VLANs that should operate in a fixed state to the interface VLAN ID list:

    [edit]
    user@host# set interface interface-name family bridge vlan-id-list vlan-ids
    user@host# set bridge-domains bridge-domain-name vlan-id-list vlan-ids

    For example, to configure the first 1024 VLANs on trunk interface ge-1/0/0.0 to operate in fixed state, and the other VLANs to operate in normal state:


    [edit]
    user@host# set interface ge-1/0/0.0 family bridge trunk
    user@host# set interface ge-1/0/0.0 family bridge vlan-id-list 1-1024
    user@host# set bridge-domains bd vlan-id-list 1-1024
    user@host# set protocols mvrp interface ge-1/0/0 registration normal

Configure VLANs to Operate With Mixed States (Fixed, Normal, and Forbidden)

  • To configure an interface to operate in the forbidden state, configure the registration state as restricted:

    [edit protocols]
    user@host# set protocols mvrp interface interface-name registration restricted

    For example, to configure the first 1024 VLANs on trunk interface ge-1/0/0.0 to operate in fixed state, VLAN IDs 1024-2048 to operate in normal state, and the remaining VLANs to operate in forbidden state:


    [edit]
    user@host# set interface ge-1/0/0.0 family bridge trunk
    user@host# set interface ge-1/0/0.0 family bridge vlan-id-list 1-2048
    user@host# set bridge-domains bd vlan-id-list 1-1024
    user@host# set protocols mvrp interface ge-1/0/0 registration restricted

Published: 2010-05-11

[an error occurred while processing this directive]