Juniper SRX / EX Q-in-Q VLAN Tagging

IN OFFICIAL JUNIPER DOCUMENTS YOU CAN HARDLY FIND INFORMATION REGARDING Q-IN-Q VLAN TAGGING CONFIGURATION FOR SRX 210 DEVICES, ALL INFORMATION THEY PROVIDE - ONLY A FEW CONFIGS FOR HI-END DEVICES OR J-SERIES ROUTERS.

I highlighted the info that Juniper provides:

Q-in-Q tunneling, defined by the IEEE 802.1ad standard, allows service providers on Ethernet access networks to extend a Layer 2 Ethernet connection between two customer sites. 
In Q-in-Q tunneling, as a packet travels from a customer VLAN (C-VLAN) to a service provider's VLAN, a service provider-specific 802.1Q tag is added to the packet. This additional tag is used to segregate traffic into service-provider-defined service VLANs (S-VLANs). The original customer 802.1Q tag of the packet remains and is transmitted transparently, passing through the service provider's network. As the packet leaves the S-VLAN in the downstream direction, the extra 802.1Q tag is removed.

i
Note: When Q-in-Q tunneling is configured for a service provider’s VLAN, all Routing Engine packets, including packets from the routed VLAN interface, that are transmitted from the customer-facing access port of that VLAN will always be untagged.


There are three ways to map C-VLANs to an S-VLAN: 
  • All-in-one bundling—Use the dot1q-tunneling statement at the [edit vlans] hierarchy to map without specifying customer VLANs. All packets from a specific access interface are mapped to the S-VLAN. 
  • Many-to-one bundling—Use the customer-vlans statement at the [edit vlans] hierarchy to specify which C-VLANs are mapped to the S-VLAN.
  • Mapping C-VLAN on a specific interface—Use the mapping statement at the [edit vlans] hierarchy to map a specific C-VLAN on a specified access interface to the S-VLAN.

i
Note: On SRX650 devices, in the dot1q-tunneling configuration options, customer VLANs range and VLAN push do not work together for the same S-VLAN, even when you commit the configuration. If both are configured, then VLAN push takes priority over customer VLANs range. 
So now I'd like to show a small lab with configuration on each SRX 210 device that has been presented by Pradeep (JNCIP-Security).Thanx Pradeep )))

CE1 :
set interfaces fe-0/0/0.0 family ethernet-switching
set interfaces fe-0/0/7.0 family ethernet-switching port-mode trunk
set vlans v100 vlan-id 100
set vlans v100 interface fe-0/0/0.0
set vlans v100 interface fe-0/0/7.0

PE1 :
set interfaces ge-0/0/0.0 family ethernet-switching
set interfaces ge-0/0/7.0 family ethernet-switching port-mode trunk
set vlans v200 vlan-id 200
set vlans v200 interface ge-0/0/0.0
set vlans v200 interface ge-0/0/7.0
set vlans v200 dot1q-tunneling

PE2 :
set interfaces ge-0/0/0.0 family ethernet-switching
set interfaces ge-0/0/7.0 family ethernet-switching port-mode trunk
set vlans v200 vlan-id 200
set vlans v200 interface ge-0/0/0.0
set vlans v200 interface ge-0/0/7.0
set vlans v200 dot1q-tunneling

CE2 :
set interfaces ge-0/0/0.0 family ethernet-switching
set interfaces ge-0/0/7.0 family ethernet-switching port-mode trunk
set vlans v100 vlan-id 100
set vlans v100 interface ge-0/0/0.0
set vlans v100 interface ge-0/0/7.0

PC1 and PC2 should be able to communicate with each other.









Comments

Post a Comment

Popular posts from this blog

HPE MSR series router NAT, DHCP, SSH config

Image
1. NAT Configuration    1.1. Define Access List [Router] acl basic 2001  [Router] step 1 [Router] rule 0 permit [Router] rule 10 deny 2. Interfaces Configuration    2.1. External (WAN) interface configuration [Router] interface GigabitEthernet 0/0/0 [Router] ip address 10.163.195.2 255.255.255.0 [Router] nat outbound 2001     2.2. Internal (LAN) sub-interfaces configuration [Router] interface GigabitEthernet 0/0/1.2 [Router] ip address 192.168.1.2 255.255.255.0 [Router] vlan-type dot1q vid 2 [Router] interface GigabitEthernet 0/0/1.3 [Router] ip address 192.168.2.2 255.255.255.0 [Router] vlan-type dot1q vid 3 [Router] interface GigabitEthernet 0/0/1.4 [Router] ip address 192.168.3.2 255.255.255.0 [Router] vlan-type dot1q vid 4 3. DHCP Server Configuration     3.1. Enable DHCP service on router [Router] dhcp enable     3.2. Define dhcp settings for vlan 2 [Router] dhcp server ip-pool vlan 2 [Router] ne
Read more

Juniper SRX Routing Instances Configuration and Importing Routes to and from virtual routers

Image
Our goal is to configure routing instances on all devices and provide routing between all instances with ospf protocol. Configure routing instances on SRX1: We will be using a tagged interface ge-0/0/1 where vlan 10 is for vr10.10 routing instance and vlan 20 is for vr20.20: set interfaces ge-0/0/1 vlan-tagging set interfaces ge-0/0/1 unit 10 vlan-id 10 set interfaces ge-0/0/1 unit 10 family inet address 172.16.10.1/24 set interfaces ge-0/0/1 unit 20 vlan-id 20 set interfaces ge-0/0/1 unit 20 family inet address 172.16.20.1/24 Now create routing instances and assign interfaces to them: set routing-instances vr10.10 instance-type virtual-router set routing-instances vr10.10 interface ge-0/0/1.10 set routing-instances vr20.20 instance-type virtual-router set routing-instances vr20.20 interface ge-0/0/1.20 Configure rib-groups to import routes from one routing instance to another (Another alternative is to configure policy-options for importing): set routing-instances vr10.10 routing-opti
Read more

Install Junos with USB

You discover that your Junos EX or SRX device does not complete normal boot up. The image seems to be corrupted for some reason, such as a continuous power failure. If this occurs, don’t worry, you can get it back up within few minutes using the USB port. Step 1. Get a USB flash drive. Copy the Junos image to the USB drive (without creating folders). Use FAT file format if the USB size is less than 2 GB. Use FAT32 if the USB size is greater than or equal to 4 GB. The example below uses the file image junos-srxsme-10.4R1.9-domestic .tgz. Step 2. Insert the flash into an EX/SRX USB port. Step 3. Reboot the device. When Junos boots up, you will see the message : Press Space to abort autoboot Do nothing. A little while later, you will see: Hit [Enter] to boot immediately, or space bar for command prompt. Press the space bar. You will be at loader mode; the prompt should be loader>. If the prompt is > , type >boot to make it loader>. Step 4. Now type the following command: lo
Read more