Controlling the Management State of a VLAN in MVRP Configurations
MX Series routers use Multiple VLAN Registration Protocol (MVRP) to manage dynamic virtual LAN (VLAN) registration in Layer 2 networks. Enabling MVRP on trunk interfaces in Layer 2 networks reduces network overhead by limiting the scope of broadcast, unknown unicast, and multicast (BUM) traffic to interested devices only.
Dynamic VLAN registration through MVRP is enabled by default when you enable MVRP on a trunk interface. The trunk interface automatically uses the normal registration mode, accepts MVRP messages, and participates in MVRP. The management state in this case is also known as normal. However, it can be useful to configure VLAN IDs to bypass the dynamic VLAN registration process for security reasons or when MVRP is not supported on a peer switch. You can change the management state of a VLAN independently to either exclude it entirely from the MVRP registration process and remain in an unregistered state (forbidden state), or to force a VLAN to always stay in a registered state and to be declared on all other forwarding ports (fixed state).
Three parameters are used to control the management state of a VLAN in an MVRP configuration:
The VLAN is a member in the interface VLAN ID list (configured at the
[edit interfaces interface-name family bridge vlan-id-list]hierarchy level).The VLAN is a member in the bridge domain VLAN ID list (configured at the
[edit bridge-domain bridge-domain-name vlan-id-list]hierarchy level).The MVRP registration mode is configured for MVRP (configured at the
[edit protocols mvrp interface interface-name registration (normal | restricted | forbidden)]hierarchy level).
When these three parameters are combined, a VLAN operates with the following MVRP management states:
If a VLAN ID is present in both the interface and bridge domain VLAN ID list, the VLAN is in a fixed management state, irrespective of the MVRP registration mode.
If a VLAN ID is present in the interface VLAN ID list but not in the bridge domain VLAN ID list and the MVRP registration mode is forbidden, the VLAN ID is in a forbidden management state. If the MVRP registration mode is not forbidden, the VLAN ID is in a normal registration state.
If a VLAN ID is not present in the interface VLAN ID list and the MVRP registration mode is forbidden or restricted, the VLAN ID is in a forbidden management state. Otherwise, it is in a normal management state.
Table 1 defines in more detail the MVRP management state for a VLAN when the interface and bridge domain VLAN ID lists and the MVRP registration mode are configured.
Table 1 contains the service configured for BEB2, as well as the correlating S-VLAN, I-SID, and B-VLAN.
| VLAN ID Present in Interface VLAN ID List? | VLAN ID Present in Bridge Domain VLAN ID List? | Interface Uses MVRP Normal Registration Mode | Interface Uses MVRP Restricted Registration Mode | Interface Uses Forbidden Registration Mode |
|---|---|---|---|---|
yes |
yes |
fixed state |
fixed state |
fixed state |
yes |
no |
normal state |
normal state |
forbidden state |
yes |
yes/no |
normal state |
forbidden state |
forbidden state |
This topic describes how to configure the management state for VLANs in an MVRP configuration:
Configure All VLANs to Operate in Normal State
To configure an interface to operate in the normal state, configure the registration state as normal:
[edit protocols] user@host# set mvrp interface interface-name registration normal
For example, to configure all VLANs on trunk interface ge-1/0/0 to operate in normal state:
[edit] user@host# set interface ge-1/0/0 family bridge trunk user@host# set protocols mvrp interface ge-1/0/0 registration normal
Configure VLANs to Operate with Mixed States (Fixed and Normal)
To configure an interface to operate in a fixed state, add the VLANs that should operate in a fixed state to the interface VLAN ID list:
[edit] user@host# set interface interface-name family bridge vlan-id-list vlan-ids user@host# set bridge-domains bridge-domain-name vlan-id-list vlan-ids
For example, to configure the first 1024 VLANs on trunk interface ge-1/0/0.0 to operate in fixed state, and the other VLANs to operate in normal state:
[edit] user@host# set interface ge-1/0/0.0 family bridge trunk user@host# set interface ge-1/0/0.0 family bridge vlan-id-list 1-1024 user@host# set bridge-domains bd vlan-id-list 1-1024 user@host# set protocols mvrp interface ge-1/0/0 registration normal
Configure VLANs to Operate with Mixed States (Fixed, Normal, and Forbidden)
To configure an interface to operate in the forbidden state, configure the registration state as restricted:
[edit protocols] user@host# set protocols mvrp interface interface-name registration restricted
For example, to configure the first 1024 VLANs on trunk interface ge-1/0/0.0 to operate in fixed state, VLAN IDs 1024 to 2048 to operate in normal state, and the remaining VLANs to operate in forbidden state:
[edit] user@host# set interface ge-1/0/0.0 family bridge trunk user@host# set interface ge-1/0/0.0 family bridge vlan-id-list 1-2048 user@host# set bridge-domains bd vlan-id-list 1-1024 user@host# set protocols mvrp interface ge-1/0/0 registration restricted