Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring PVLANs on MX Series Routers in Enhanced LAN Mode

You can configure a private VLAN (PVLAN) on a single MX Series router to span multiple MX Series routers. VLANs limit broadcasts to specified users. You need to specify the interswitch link (ISL) for a PVLAN, the PVLAN port types, and secondary VLANs for the PVLAN. You must create a virtual switch routing instance with a bridge domain, and associate the interfaces with the bridge domain. You can specify the secondary VLANs as isolated or community VLANs in the bridge domain.

Before you begin configuring a PVLAN, make sure you have:

  • Created and configured the necessary VLANs. See Configuring VLAN and Extended VLAN Encapsulation and Enabling VLAN Tagging.

  • Configured MX240, MX480, and MX960 routers to function in enhanced LAN mode by entering the network-services lan statement at the [edit chassis] hierarchy level.

    You must reboot the router when you configure or delete the enhanced LAN mode on the router. Configuring the network-services lan option implies that the system is running in the enhanced IP mode. When you configure a device to function in MX-LAN mode, only the supported configuration statements and operational show commands that are available for enabling or viewing in this mode are displayed in the CLI interface.

    If your system contains parameters that are not supported in MX-LAN mode in a configuration file, you cannot commit those unsupported attributes. You must remove the settings that are not supported and then commit the configuration. After the successful CLI commit, a system reboot is required for the attributes to become effective. Similarly, if you remove the network-services lan statement, the system does not run in MX-LAN mode. Therefore, all of the settings that are supported outside of the MX-LAN mode are displayed and are available for definition in the CLI interface. If your configuration file contains settings that are supported only in MX-LAN mode, you must remove those attributes before you commit the configuration. After the successful CLI commit, a system reboot is required for the CLI parameters to take effect. The Layer 2 Next-Generation CLI configuration settings are supported in MX-LAN mode. As a result, the typical format of CLI configurations might differ in MX-LAN mode.

To configure a PVLAN:

  1. Create a promiscuous port for the PVLAN.
  2. Create the interswitch link (ISL) trunk port for the PVLAN.
  3. Create the isolated port for the PVLAN. The port is identified as an isolated port or a community port, based on the VLAN ID or the list of VLAN IDs to which the interface corresponds. For example, if you configure a port with a VLAN ID of 50, and if you specify a VLAN ID of 50 as the isolated VLAN or tag in the bridge domain, the port is considered as an isolation port.
  4. Create the community port for the PVLAN. The port is identified as an isolated port or a community port, based on the VLAN ID or the list of VLAN IDs to which the interface corresponds. For example, if you configure a port with a VLAN ID of 50, and if you specify a VLAN ID of 50 as the community VLAN or tag in the bridge domain, the port is considered as a community port.
  5. Create a virtual switch instance with a bridge domain and associate the logical interfaces.
  6. Specify the primary, isolated, and community VLAN IDs, and associate the VLANs with the bridge domain.