Ethernet Switching
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
b34ny
Visitor
b34ny
Posts: 5
Registered: ‎09-23-2009
0
Accepted Solution

VLAN on a logical unit interface or physical interface

Options

‎06-18-2010 08:55 AM

I'm actually attending a Juniper sponsored security class at the moment and our LAB books had us create two VLANs as physical interfaces for connecting to some virtual routing instance objects.  In my own work environment all of our VLANs are created as logical interfaces using RVIs.

 

Is there a district advantage to using one method or another?  Performance?  Reliability?

 

For a concrete example the LAB book suggests creating a physical VLAN interface like:

set ge-0/0/x vlan-tagging

set ge-0/0/x unit 100 vlan-id 100

set ge-0/0/x unit 100 family inet address 192.168.1.x/24

 

I learned to create VLAN interfaces logically like so:

set vlan vlan100 vlan-id 100 l3.interface vlan.100

set interface vlan unit 100 family inet address 192.168.1.x/24

set interface ge-0/0/x unit 0 family ethernet switching port-mode access vlan members vlan100

 

Thanks

Message 1 of 5 (7,393 Views)
 
Reply
Hiber
Contributor
Hiber
Posts: 35
Registered: ‎09-28-2009
0

Re: VLAN on a logical unit interface or physical interface

Options

‎06-18-2010 09:19 AM

Hi

 

The only difference I have come across is that as a physical interface no other ports on that switch can be in that vlan. But as a physical interface it is easy to get snmp stats whereas I have difficulty getting stats of an RVI

 

Hope this helps some

Message 2 of 5 (7,388 Views)
 
Reply
Distinguished Expert
Distinguished Expert
Screenie
Posts: 941
Registered: ‎01-10-2008

Re: VLAN on a logical unit interface or physical interface

Options

‎06-18-2010 12:07 PM

The big difference is the mode your using for the port layer2 vs layer3. In layer 2 you can combine switching (putting multiple ports in the same vlan) with the secuirty features of a SRX/ J-series.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 3 of 5 (7,372 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
aarseniev
Posts: 1,178
Registered: ‎08-21-2009

Re: VLAN on a logical unit interface or physical interface

[ Edited ]
Options

‎06-19-2010 04:46 AM - edited ‎06-19-2010 04:47 AM

Hello there,

First method works on any JUNOS platform I know of.

Second method works only on J-series and EX kit.

There is a third one with IRB interfaces on MX which are nearly equivalent to RVI.

If you are not doing L2 switching between interfaces I would always recommend  1st method because of:

1/ compatibility

2/ usability for redundant links design: how do plan for 2nd method if You must use 2 redundant L3 links with same VLAN tag and two different /30 subnets? AFAIK, VLAN tag push/swap is supported on IQ2 PICs and MX only

3/ 2nd method burns more IFL (subinterfaces in Cisco IOS speak) than 1st: you have to create units on physical interfaces and units on RVI interface.

HTH

Regards

Alex

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Message 4 of 5 (7,354 Views)
 
Reply
LaurentH
New User
LaurentH
Posts: 1
Registered: ‎06-25-2010
0

Re: VLAN on a logical unit interface or physical interface

Options

‎06-25-2010 01:40 AM

You have to think of what would happen to your routing and your vlan when your physical interface goes down to.

I mean as an example

Vlan 1 on interface ge/0/0 to ge/0/03

Vlan 2 in ge0/0/4 to 6

IP address of vlan 1on ge/0/0/0

ge0/0/0 goes down, you could lose you route to vlan 2

 

An rvi is almost always up, not depending on one link

Message 5 of 5 (7,257 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.