Switching

Hi!

Can someone tell me, is it possible to bind to PVLAN l3-interface on ex4200? If so - how?

Hi,

I don't think EX4200 is able to do what you want...

Regards,

Christophe

Hi.

I'm confused abou that. So, if we deploy PVLAN on EX4200, we cannot add an interface vlan for l3-interface? So, how can we do routing between Private-VLAN and normal VLAN on EX4200?

Unfortunately via another external L3 routing device... 

I've met this problem, and I hope on newer Junos OS, Juniper will overcome this shortcoming.

Limitations of Private VLANs

The following constraints apply to private VLAN configurations:

• IGMP snooping is not supported with private VLANs.
• Routed VLAN interfaces are not supported on private VLANs
• Routing between secondary VLANs in the same primary VLAN is not supported.

http://www.juniper.net/techpubs/en_US/junos/topics/task/troubleshooting/private-vlans-qfx-series.html

PVLANs are isolated on Layer 2 and require that a Layer 3 device be used to route traffic among them.

What are your security requirements that want to achieve by implementing PVLAN and routing between them instead of regular VLANS? Maybe it can be acheived but it would be rough maybe using a series of RACL and VACL firewall filters.

Hi Guys,

Anyone knows if RVI support for Private Vlan feature is in the roadmap for EX series?

Based on the documentation I've found, if you want to use private vlans at the access layer, you are just turning completly off L3 swiching capabilities in EX series(except EX8200).

I guess it's not so critical in IPv4 since you still have port-level firewall filters, but in IPv6 you don't even have that.

I hope to see these features gaining traction this year. Interestingly enough, these basic security requirement are the ones to force you stick with some vendors.