Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Prevent Local Switching

Starting in Juniper Cloud-Native Router Release 23.1, JCNR provides support to prevent interfaces in a bridge domain that are a part of the same VLAN group, from transmitting ethernet frame copies in between those interfaces. The noLocalSwitching key provides the option to enable the functionality on the selected VLAN IDs.

To prevent interfaces in a bridge domain from transmitting and receiving ethernet frame copies, enable the noLocalSwitching key and assign a VLAN ID to it to ensure that the interfaces belonging to the VLAN ID do not transmit frames to one another. Note that the noLocalSwitching functionality is enabled only on the access interfaces. To enable noLocalSwitching on a trunk interface that is a part of the same VLAN ID, you have to separately enable the trunk interface by setting the no-local-switching key in the trunk interface to true. Use the noLocalSwitching functionality when you want to block interfaces that are a part of a VLAN group to stop transmitting traffic directly to one another.

Note: For all the trunk interfaces and access interfaces, the cloud-native router isolates traffic for the bridge domains configured with no-local-switching.

Configuration Example

To prevent local switching, perform the steps below prior to the deploy time:

  1. Edit the values.yaml file in Juniper_Cloud_Native_Router_<release-number>/helmchart directory.

  2. Enable the noLocalSwitching key and provide the VLAN IDs.

    Note:
    1. The value for the noLocalSwitching key can be an indivdual VLAN ID, or multipe comma-separated VLAN ID values, or a VLAN ID range, or a combination of comma-separated VLAN ID values and a VLAN ID range. For example, noLocalSwitching: [700, 701, 705-710].

    2. With this step the feature is enabled for all access interfaces having the specified VLAN ID. You can skip the next step if you do not want to enable the feature on the trunk interface.

  3. To enable the feature on a trunk interface, add the key no-local-switching and set it to true under the trunk interface configuration.

    . For example:
  4. Install or upgrade JCNR using the values.yaml.

Verify Configuration

To verify the configuration, you can use the purel2cli utility available on the vRouter. View the Access vRouter CLI topic to access the vRouter shell. You can run the purel2cli commands from the vRouter CLI. For example:

  1. Run the command purel2cli --nolocal show to know all the interfaces that are enabled for noLocalSwitching functionality on all the VLANs. A sample output is shown below:
  2. Run the command purel2cli --nolocal get <VLAN ID> to check if noLocalSwitching functionality is enabled on a specific VLAN ID. A sample output is shown below: