Switching

Hi,

 

New in the world of Juniper, used to working with HP Procurve switches ... Now I'm learning the JunOS and how the switches are working.

 

In regards to this ... I'm trying to get a trunk between a HP Procurve 1810G-24GE and a Juniper EX2200-C working in a test environment ... The trunk on the  HP is working with other Procurves but not with the Juniper, I browsed the forums and the net for information, I have 2 VLANs configured on the trunk (VLAN1 and VLAN10) they are both tagged on the HP and also on the Juniper (I think).

 

I tried different configurations, I created a config where the management is on the same VLAN10 as where the clients are as well as tried with a config where the management is on the management interface (me0/0) ... I tried disabling STP on both ends (maybe they don't work well together), disabled lldp (read it on a forum) ... Nothing seems to get the trunk working. I also tried to make a trunk on ge-0/0/11 as well as ge-0/1/0 ...

 

The management is on a separate subnet ... The testlan subnet is 10.101.0.0/22 ... Should I make a VLAN with an ip in that subnet  (which I did at first) or can the management be on a separate subnet all together like it is now ?

 

Any help appreciated !

 

Config:

interfaces {
ge-0/0/0 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/1 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/2 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/3 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/4 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/6 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/7 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/8 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/9 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/10 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/0/11 {
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching;
}
}
ge-0/1/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ VLAN1 VLAN10 ];
}
}
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
me0 {
unit 0 {
family inet {
address 192.168.33.5/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.33.254;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp {
disable;
}
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
voip;
storm-control {
interface all;
}
}
vlans {
VLAN1 {
vlan-id 1;
}
VLAN10 {
vlan-id 10;
}
}
poe {
interface all;
}

Not sure I understand what is not working but here are some observations...

 

None of your interfaces are tied to either VLAN 1 or 10 which would explain issues if you are having trouble connecting to one of the non trunk ports and cannot access one of your subnets.  Example:

 

interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members VLAN1;

 

If it is that you are wanting to manage the switch via one of the trunked VLANs then the problem is that there is not a layer 3 interface assigned to one of the trunked VLAN.  Example using the IP assigned to the me0 (you would need to remove me0 IP settings for this to work):

 

interfaces {
vlan {
unit 10 {
family inet {
address 192.168.33.5/24;

 

vlans {
VLAN10 {
vlan-id 10;
l3-interface vlan.10;

 

Keep in mind that assinging an IP to the me0 interface ties that IP to that physical interface which would mean that you would then need plug that me0 interface into an access port that has the appropriate VLAN membership.

We have Procurves and we are moving to Juniper.

 

What you want is the following on the Procurve devices that connect to Juniper devices:

 

• Edge ports untagged for VLAN 1 (default VLAN) and tagged for all other VLANs
• Uplink ports to a Juniper swtich are untagged for VLAN 1 and tagged for all other VLANs
• Uplink ports to another Procurve switch must match the settings on the interface that the switch is connected to (obvious, but worth mentioning)

On a Juniper device that connects to a Procurve:

 

• All ports are trunk ports
• Edge ports must be VLAN members of the default VLAN and additional VLANs (see below)
• Uplink ports must be members of all VLANs that you with to traverse the uplink port
• The default VLAN ID must be 1
• The default VLAN must be added to uplink ports

Junos VLANs work like this:

 

• Access ports - ports that are members of 1 and only 1 VLAN, do not carry 802.1q VLAN tagged traffic
• Trunk ports - carry multiple VLANs via 802.1q VLAN tagged traffic

By default a Juniper switch port is an access port. If you need more than 1 VLAN or if you need tagged VLANs you must make the port a trunk port.

 

Note that the default VLAN only carries untagged traffic by default which means that you cannot send this VLAN over a trunk port without a little help.

 

Suppose you have a Procurve with VLAN 1 (default VLAN, untagged) for a PC and VLAN 10 (tagged)  for a VoIP phone.You want to replace the Procurve with a Juniper switch and have it work with an upstream Procurve switch.

 

On the Juniper you would do this:

 

Create VLAN 10:

set vlans <vlan name> vlan-id 10

 

Set Default VLAN ID:

set vlans default vlan-id 1

 

Assign Trunk Ports:

set interfaces <your edge interface> unit 0 faminly ethernet-switching port-mode trunk

set interfaces <your uplink interface> unit 0 family ethernet-switching port-mode trunk

 

Assign VLAN Membership:

set interfaces <your edge interface> unit 0 family ethernet-switching vlan members 10

set interfaces <your uplink interface> unit 0 family ethernet-switching vlan members 10

 

Assign Default VLAN to Trunk Ports

set interfaces <your edge interface> unit 0 family ethernet-switching native-vlan-id default

set interfaces <your uplink interface> unit 0 family ethernet-switching native-vlan-id default

 

Commit and you are ready for action once the Procurve uplink port connected to the Juniper uplink port is untagged for VLAN 1 and tagged for VLAN 10.

 

Hello All,

 

Thank you for the wonderful and detailed information ... This will help me a lot. I'm sorry for the late reply by the way, I got tangled in some other cases.

 

I'll try to implement the suggestions today, I'm sure with the explanation of NateK I will get much further!

But others have given me some very useful tips as well.

 

Thanks again, I will set this solution as solved once I test the scenarios.

So ... I altered the config, basically I want the Juniper switch to be available for management at 10.101.0.205, I want all the ports to be configured in vlan LAN (I haven't done that yet in this config) but the problem is that on the Procurve switches the ports are untagged in the vlan LAN, how do I do this on the juniper? Do I configure all ports in trunk mode and set default vlan to LAN? Or can they just stay in access mode?

 

Is the config correct the way it is now? I can't seem to reach the gateway when I connect the uplink to port ge-0/1/1 ... 

 

The way it is configured at this site is that all switches are in the default vlan 1 for management and all LAN traffic is on VLAN10 (LAN) untagged... I could move the management for the switches in vlan LAN ... 

 

Thanks again!

 

}
services {
web-management {
http;
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members LAN;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/0 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ 10 LAN ];
}
native-vlan-id default;
}
}
}
vlan {
unit 1 {
family inet {
address 10.101.0.205/22;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.101.0.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
LAN {
vlan-id 10;
}
default {
vlan-id 1;
l3-interface vlan.1;
}
}
poe {
interface all;
}

Is it correct that VLAN 10 is untagged on your Procurve?

 

You would normally just need to tag VLAN 10 and untag VLAN 1 on the Procurve uplink port (to the Juniper) if you have VLAN 1 as the default VLAN on the Procurve.

 

Say you were connected to port 25 on your Procurve from the Juniper:

 

VLAN 1 - untagged

VLAN 10 - tagged

 

The other non-uplink ports on the Procurve should not matter as far as tagged/untagged goes but the Juniper wants the default-VLAN on the Procurve side to be untagged.

 

On Juniper ge-0/1/1 (assuming this connects to Procurve):

 

trunk mode should be set on this interface (already done)

set interface ge-0/1/1 unit 0 family ethernet-switching vlan members LAN (already done)

set interface ge-0/1/1 unit 0 family ethernet-switching native-vlan-id default (already done)

commit

 

I'm going to lab this setup sometime this morning and see what I can come up with.

Please attach upstream HP switch config.

Hello NateK,

 

All the non-trunk ports that should be in vlan10 (LAN) on the Procurve switch are untagged, this vlan is then tagged sent over the uplink ... (if it is between 2 procurve switches the default vlan and the LAN vlan are both tagged). 

 

I've set the default vlan on the trunk port on the Procurve switch to untagged, the LAN vlan remains tagged, but when I connect the uplink (trunk) to ge-0/1/1 I can't get traffic to flow (ie: can't ping gateway or any other server on vlan LAN or the default vlan for that matter).

 

So yes, vlan 1 - untagged and vlan 10 - tagged 

 

When I connect the uplink to another Procurve it works. If I connect a normal access port from the juniper to the uplinked procurve I can reach everything without a problem.

 

I can't get to the Procurve switches at the moment, so I can't upload the config if need be ... 

 

I'm sure it will be something small ... But I can't pinpoint it at the moment ... 

So besides the trunk/uplink not working ... Does the rest of the config look ok? (besides the access ports not being configured of course).

 

Thanks again!!

Well ... Still can't get this to work ... Though I'm beginning to suspect the stupid HP switch, it's one of those cheapest ones, only manageable through webinterface ...

 

I'll have to look for another one to test though ... 

 

I tried disabling STP among others but that didn't help, unless someone else has any ideas ...

 

 

As luck would have it, on an EX switch, an access port can, in fact, have two VLANs on it for (intended) use of VoIP. Configure your interfaces as regular access interfaces, being members of you "data" VLAN. Then take a look at the "ether-switching-option voip" configuration section. It basically puts a 2nd VLAN (tagged) on specified interfaces.

This achieves the same result as far as VLANs are concerned, but having access ports actually in access mode is beneficial when configuring other features, such as 802.1x, which, by default, does not do authentication on trunk-mode ports.