Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Guidelines for Configuring PVLANs on MX Series Routers

Consider the following guidelines while you configure PVLANs on MX Series routers that function in enhanced LAN mode:

  • PVLANs are supported on MX80 routers, on MX240, MX480, and MX960 routers with DPCs in LAN mode, on MX Series routers with MPCs.

  • Isolated ports, promiscuous ports, community ports, and interswitch links (ISL) adhere to the following rules of tagging and forwarding:

    • The frames received on the primary VLAN on promiscuous ports can go to any port.

    • The frames received on isolated ports can only go to promiscuous ports and ISL ports.

    • The frames received on community ports can only go to ports of the same community, promiscuous ports, and ISL ports.

    • The frames received on ISL ports with an isolation VLAN tag or ID can only go to promiscuous ports or ISL ports.

    • The frames received on ISL ports with a community VLAN tag can only go to promiscuous ports, ISL ports, or ports belonging to a corresponding community port.

    • The frames being sent out of promiscuous ports should have a primary VLAN tag or should be untagged. It is considered untagged if the port is configured as an untagged member of the primary VLAN. The frames going out of isolated or community ports are generally untagged. However, they can also be tagged depending on the port configuration. In any case, the configured VLAN tag must be the same as the related isolated VLAN tag or community VLAN tag.

    • The frames going out of ISL ports are tagged with the primary VLAN if they are received on a promiscuous port. An untagged frame cannot exit out of an ISL port in the context of a primary VLAN, isolated VLAN, or community VLAN, but for any other VLAN, it can be untagged depending on the configuration.

    • The frames going out of ISL ports are tagged with an isolated VLAN (isolation ID) if received on the isolated port.

    • The frames going out of ISL ports are tagged with the community VLAN tag, if it is received on the corresponding community port.

  • Graceful Routing Engine switchover (GRES) is supported for PVLANs.

  • A virtual switch instance that contains a bridge domain associated with logical interfaces is supported.

  • Aggregated Ethernet (ae) interfaces for all types of ports are supported.

  • Virtual private LAN service (VPLS) instances is not supported. Integrated routing and bridging (IRB) interfaces in PVLANs are supported.

  • MX Series Virtual Chassis configuration is not supported.

  • MC-LAG interfaces are not supported. All ports that are associated with PVLAN bridge domains cannot be mc-ae interfaces.

  • IGMP snooping is not supported. Q-in-Q tunneling is not supported.