Ethernet Switching
Showing results for 
Search instead for 
Do you mean 
Reply
New User
Posts: 1
Registered: ‎09-19-2016
0 Kudos

Same Vlan on multiple switches EX2200 - guest wifi setup

Hi guys,

I am pretty new to the world of networking and especially Juniper switching. 

 

I have following situation I need your help with. I have 2 48P EX2200 switches, one SW01 that is fully managed by me and the other one SW02 managed by a third part and I only have read access.

 

SW01 is pretty much configured only with the default settings at this point in time with the default untagged vlan.

The main switch is the 3rd party managed one and SW01 is connected to it on port 1. 

 

I want to setup a guest wifi in a different vlan SW01 but since the VLAN exists already on SW02 I am not able to configure it on SW01.

 

3 access points are connected on port 19/21/23 on SW01.

 

As far as I understand I need to setup two vlans on those ports the default one and another one for guests. 

Secondly, I need to make sure that the guest vlan is giving out IPS via DHCP as well I.

 

Hope anyone has a similar setup and can help me with that?

 

SW01 Vlans

Vlan:

root@SW01> show vlans
Name           Tag     Interfaces
default
                       ge-0/0/0.0, ge-0/0/1.0*, ge-0/0/2.0, ge-0/0/3.0, ge-0/0/4.0, ge-0/0/5.0*,
                       ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0, ge-0/0/11.0,
                       ge-0/0/12.0, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0, ge-0/0/16.0, ge-0/0/17.0,
                       ge-0/0/18.0, ge-0/0/19.0, ge-0/0/20.0, ge-0/0/21.0, ge-0/0/22.0, ge-0/0/23.0,
                       ge-0/0/24.0, ge-0/0/25.0*, ge-0/0/26.0, ge-0/0/27.0*, ge-0/0/28.0, ge-0/0/29.0*,
                       ge-0/0/30.0, ge-0/0/31.0, ge-0/0/32.0, ge-0/0/33.0, ge-0/0/34.0, ge-0/0/35.0,
                       ge-0/0/36.0, ge-0/0/37.0, ge-0/0/38.0, ge-0/0/39.0, ge-0/0/40.0, ge-0/0/41.0,
                       ge-0/0/42.0, ge-0/0/43.0, ge-0/0/44.0, ge-0/0/45.0, ge-0/0/46.0, ge-0/0/47.0

SW01 current configuration

root@SW01> show configuration
## Last commit: 2016-09-19 05:56:54 UTC by root
version 10.4R1.9;
system {
    host-name SW01;
    root-authentication {
SECRET-DATA
    }
    login {
        user admin {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password 
            }
        }
    }
    services {
        ssh;
        web-management {
            http;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/3 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/4 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/5 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/6 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/7 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/8 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/9 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/10 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/11 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/12 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/13 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/14 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/15 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/16 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/17 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/18 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/19 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/20 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/21 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/22 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/23 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/24 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/25 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/26 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/27 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/28 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/29 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/30 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/31 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/32 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/33 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/34 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/35 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/36 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/37 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/38 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/39 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/40 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/41 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/42 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/43 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/44 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/45 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/46 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/47 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/0 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/1 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/3 {
        unit 0 {
            family ethernet-switching;
        }
    }
    me0 {
        unit 0 {
            family inet {
                address 192.168.1.249/24;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 192.168.100.1/24;
            }
        }
    }
}
forwarding-options {
    helpers {
        bootp {
            server 192.168.1.20;
            interface {
                vlan.0;
            }
        }
    }
}
snmp {
    name SW01;
    description "Juniper EX2200 48P";
    location "IT cabinet";
    community SW01 {
        authorization read-only;
    }
    health-monitor {
        interval 200;
        rising-threshold 80;
        falling-threshold 70;
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 192.168.1.3;
    }
}
protocols {
    igmp-snooping {
        vlan all;
    }
    rstp;
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
}
ethernet-switching-options {
    storm-control {
        interface all {
            level 50; ## Warning: 'level' is deprecated
        }
    }
}
poe {
    interface all;
}

 

SW02 vlans

 

BOE@SW02> show vlans
Name           Tag     Interfaces
default
                       None
vl-1           1
                       ge-0/0/0.0*, ge-0/0/1.0*, ge-0/0/2.0*, ge-0/0/3.0*,
                       ge-0/0/4.0*, ge-0/0/5.0*, ge-0/0/6.0*, ge-0/0/7.0*,
                       ge-0/0/8.0*, ge-0/0/9.0*, ge-0/0/10.0*, ge-0/0/11.0*,
                       ge-0/0/12.0*, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0,
                       ge-0/0/16.0*, ge-0/0/17.0*, ge-0/0/18.0*, ge-0/0/19.0*,
                       ge-0/0/20.0*, ge-0/0/21.0, ge-0/0/22.0*, ge-0/0/24.0*,
                       ge-0/0/25.0*, ge-0/0/26.0*, ge-0/0/27.0, ge-0/0/28.0*,
                       ge-0/0/29.0*, ge-0/0/30.0*, ge-0/0/31.0, ge-0/0/32.0,
                       ge-0/0/33.0*, ge-0/0/34.0*, ge-0/0/35.0*, ge-0/0/36.0*,
                       ge-0/0/37.0*, ge-0/0/38.0, ge-0/0/39.0*, ge-0/0/40.0*,
                       ge-0/0/41.0, ge-0/0/42.0, ge-0/0/43.0*, ge-0/0/44.0*,
                       ge-0/0/45.0*, ge-0/0/47.0*
vl-100         100
                       ge-0/0/0.0*, ge-0/0/22.0*, ge-0/0/44.0*, ge-0/0/45.0*,
                       ge-0/0/47.0*
vl-50          50
                       ge-0/0/0.0*, ge-0/0/1.0*, ge-0/0/2.0*, ge-0/0/3.0*,
                       ge-0/0/4.0*, ge-0/0/5.0*, ge-0/0/6.0*, ge-0/0/7.0*,
                       ge-0/0/8.0*, ge-0/0/9.0*, ge-0/0/10.0*, ge-0/0/11.0*,
                       ge-0/0/12.0*, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0,
                       ge-0/0/16.0*, ge-0/0/17.0*, ge-0/0/18.0*, ge-0/0/19.0*,
                       ge-0/0/20.0*, ge-0/0/21.0, ge-0/0/22.0*, ge-0/0/23.0,
                       ge-0/0/24.0*, ge-0/0/25.0*, ge-0/0/26.0*, ge-0/0/27.0,
                       ge-0/0/28.0*, ge-0/0/29.0*, ge-0/0/30.0*, ge-0/0/31.0,
                       ge-0/0/32.0, ge-0/0/33.0*, ge-0/0/34.0*, ge-0/0/35.0*,
                       ge-0/0/36.0*, ge-0/0/37.0*, ge-0/0/38.0, ge-0/0/39.0*,
                       ge-0/0/40.0*, ge-0/0/41.0, ge-0/0/42.0, ge-0/0/43.0*,
                       ge-0/0/44.0*, ge-0/0/45.0*, ge-0/0/46.0*, ge-0/0/47.0*
vl-99          99
                       ge-0/0/0.0*, ge-0/0/22.0*, ge-0/0/44.0*, ge-0/0/45.0*,
                       ge-0/0/47.0*

 

 

 

 

 

Highlighted
Distinguished Expert
Posts: 4,616
Registered: ‎03-30-2009
0 Kudos

Re: Same Vlan on multiple switches EX2200 - guest wifi setup

Welcome to the networking world.  This will be the basic process for you to add an isolated guest wireless VLAN to your setup.

 

  • Identify where the default gateway for this subnet is going to be.  You CANNOT put this as a layer 3 interface on the switch.  The layer 3 switch interfaces get direct acces to each other as the switch is NOT a firewall.  So you will need an upstream firewall that will have the guest wireless default gateway and this VLAN on the switches will be strictly layer 2.
  • On the firewall create the gateway interface and zone for the guest wireless.  Likely this will also be where you will do DHCP for this zone.  Create the security access rules for the guest wireless zone
  • On the switch connected to the firewall:  Select a new VLAN tag for wireless and add this tag to the trunk port facing the firewall.
  • On the switch ports facing the other two swiches from this switch add the VLAN tag to the trunk port
  • On the ports connected to the WAPs:  Add a tagged VLAN sub interface with this same VLAN for the guest traffic
  • On the WAP:  Create the mgmt address on the untagged VLAN in the range of your default VLAN for mgmt on your network
    Create the SSID and assign to the VLAN tag created
Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home