Routing

Hi,

On my route, I have one IPMI VLan, which should be access by each interface.   And for other Vlans, I would like to limit one Interface can access one Vlan to avoid any IP conflict caused by some user who add IPs not assign to them.

But on the EX4200 switch,  I get errors when try to add more than one VLan ( IPMI Vlan and one assigned Vlan) to a physical interface.

Who knows that How to get this to work?

Thank you.

I understand what IPMI is used for. If I get you right, you have configured a VLAN that is used to access the IPMI management device. The rest is kind of cryptic. Can you post the switch configuration. Replace your IP addresses with fictitious addresses before posting it. There are a couple of ways to acheive objective, if I am understanding you, sounds like you can use PVLAN, "mapping policy" or configure that interface as a trunk port. But I am not clear on exactly what you want. So with the config posted, see if you can clarify a little bit better.

Hello sir,

For now, I have all the IP blocks in a same VLan also as the IPMI ip Block.

But I'd like to seperate them and get one server  -  one ex4200 switch port - one vlan, in that vlan with multi IP blocks for that server.

Here is one example with one Ex4200, 

I have a route trunk with the Ex4200.

from the router side interface is ae0.

root@router# show interfaces ae0
description "Trunk to EX4200";
vlan-tagging;
aggregated-ether-options {
    minimum-links 1;
    lacp {
        active;
        periodic fast;
    }
}
unit 10 {
    description "management for ex4200";
    vlan-id 10;
    family inet {
        address 1xx.xxx.xxx.xx/30;
    }
}
unit 100 {
    description "default vlan";
    vlan-id 100;
    family inet {
        address 1xx.0.16.1/27;
        address  1xx.0.16.33/28;
        address 1xx.0.17.1/27;
        address 1xx.0.17.33/29;
        address 1xx.0.20.1/29;

....

    }
}

From the EX4200 side,

root@EX4200-01# show interfaces ae0
aggregated-ether-options {
    minimum-links 1;
    lacp {
        active;
        periodic fast;
    }
}
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members all;
        }
    }
}

{master:0}[edit]

For other interfaces.

root@EX4200-01# show interfaces        
interface-range xxx-router {
    member ge-0/1/1;
    member ge-0/1/0;
    description "uplink to router (ae0)";
    ether-options {
        802.3ad ae0;
    }
}
ge-0/0/0 {
    unit 0 {
        family ethernet-switching {
            port-mode access;
            vlan {
                members default-vlan;
            }
        }
    }
}

...

ge-0/0/7 {
    unit 0 {
        family ethernet-switching {
            port-mode access;
            vlan {
                members default-vlan;
            }
        }                               
    }
}
ge-0/0/8 {
    ether-options {
        speed {
            100m;
        }
    }
    unit 0 {
        family ethernet-switching {
            port-mode access;
            vlan {
                members default-vlan;
            }
        }
    }
}
ge-0/0/9 {
    description SERVER1;
    ether-options {
        speed {
            100m;
        }
    }
    unit 0 {
        family ethernet-switching {
            port-mode access;
            vlan {
                members default-vlan;
            }
        }
    }
}
ge-0/0/10 {
    description SERVER39;
    mtu 1514;
    ether-options {
        auto-negotiation;
        flow-control;
        link-mode automatic;
        speed {
            100m;
        }
    }
    unit 0 {                            
        family ethernet-switching {
            port-mode access;
            vlan {
                members default-vlan;
            }
        }
    }
}

...

xe-0/1/0 {
    unit 0 {
        family ethernet-switching;
    }
}
xe-0/1/1 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/1/2 {
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/1/3 {                              
    unit 0 {
        family ethernet-switching;
    }
}
ae0 {
    aggregated-ether-options {
        minimum-links 1;
        lacp {
            active;
            periodic fast;
        }
    }
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members all;
            }
        }
    }
}
vlan {
    unit 10 {
        description ex4200-mgmt;
        family inet {
            address 1xx.xxx.xxx.xx/30;
        }
    }
}

{master:0}[edit]

root@EX4200-01# show vlans
default-vlan {
    description default-vlan;
    vlan-id 100;
}
ex4200-mgmt {
    description ex4200-mgmt;
    vlan-id 10;
    l3-interface vlan.10;
}

So that I would like to change something like this for a server port.

Such as

ge-0/0/9 {
    description SERVER1;
    ether-options {
        speed {
            100m;
        }
    }
    unit 0 {
        family ethernet-switching {
            port-mode access;
            vlan {
                members ipmi-vlan server1-vlan;
            }
        }
    }
}

ge-0/0/10 {
    description SERVER2;
    ether-options {
        speed {
            100m;
        }
    }
    unit 0 {
        family ethernet-switching {
            port-mode access;
            vlan {
                members ipmi-vlan server2-vlan;
            }
        }
    }
}

root@EX4200-01# show vlans
ex4200-mgmt {
    description ex4200-01-mgmt;
    vlan-id 10;
    l3-interface vlan.10;
}
ipmi-vlan {
    description "IPMI VLan";
    vlan-id 11;
}
server1-vlan {
    description SERVER1;
    vlan-id 101;
}

The router side will like 

root@router# show interfaces ae0
description "Trunk to EX4200";
vlan-tagging;
aggregated-ether-options {
    minimum-links 1;
    lacp {
        active;
        periodic fast;
    }
}
unit 10 {
    description "management for ex4200";
    vlan-id 10;
    family inet {
        address 1xx.xxx.xxx.xx/30;
    }
}

unit 11{

    description "ipmi for ex4200";
    vlan-id 11;
    family inet {
        address 1xx.xxx.xxx.xx/27;
    }

}
unit 101 {
    description "vlan for SERVER 1";
    vlan-id 101;
    family inet {
        address 1xx.0.16.1/27;
        address  1xx.0.16.33/28;

        #other address for SERVER 1
....

    }
}

Thank you very much.

okay, i see. You could do it a couple of ways.

1- you can make the port a trunk port and add the two vlans you want then to caryy

2- use a filter-based vlan assignment with a mapping policy.

Hello lyndidon, 

Thanks a lot for your advice.

For 1),  Is it bad for all the switch port to change be trunk mode?  Others have told me that trunk port usually for connect between device - device , such as switch - switch.

In this solution,  I have to change all my ex4200 port to be trunk mode... Which they are now in access mode.

For 2),  I do not know this yet. I will learn it for a while.

Thank you.

Hello sir,

I have tried to change one of the ex4200 port to be trunk mode.  But can only got the native-vlan work. The other vlan trunk to that port not pingable.

I watch this post to configurate http://forums.juniper.net/t5/Routing/VLANs-confusing/m-p/55580#M3326

Here is what I have done so far.  Could you check what's I missing? Thank you very much.

On EX4200 side,

root@EX4200-01# show interfaces ge-0/0/47
description SERVER20;
ether-options {
    speed {
        1g;
    }
}
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members 100;
        }
        native-vlan-id 120;
    }
}

root@EX4200-01# show interfaces vlan
unit 10 {
    description EX4200-mgmt;
    family inet {
        address 19x.xx.xx.50/30;
    }
}
unit 100 {
    family inet {
        address 19x.xx.16.1/27;   # this is the IPMI vlan
    }
}
unit 120 {
    family inet;  # this is the SERVER20 vlan
}

root@EX4200-01# show vlans
default-vlan {
    description default-vlan;    #  vlan.100 is for  IPMI,  it should be trunk to every port which connect a server.
    vlan-id 100;
    l3-interface vlan.100;
}
EX4200-mgmt {
    description EX4200-01-mgmt;
    vlan-id 10;
    l3-interface vlan.10;
}
v110 {
    description "v110 SERVER10";
    vlan-id 110;
}
vlan101 {
    description SERVER01;
    vlan-id 101;
}
vlan120 {
    description SERVER20;  # this vlan is the native-vlan for SERVER20.  The IP blocks learn from the Router tag 120 .
    vlan-id 120;
    l3-interface vlan.120;
}

---------------------

On the Router side,

root@Router# show interfaces ae0  
description "Trunk to EX4200 01";
vlan-tagging;
aggregated-ether-options {
    minimum-links 1;
    lacp {
        active;
        periodic fast;
    }
}
unit 10 {
    description "management for ex4200";
    vlan-id 10;
    family inet {
        address 19x.xx.xx.49/30;   # gateway for switch, EX4200 switch IP is 19x.xx.xx.50.
    }
}
unit 100 {
    description "default vlan";
    vlan-id 100;  # IPMI vlan id. tag 100
    family inet {
        address 19x.xx.16.1/27;   # this IP block used by every IPMI.  each server use 1 IP.  But the IPMI IP for SERVER20 not ping-able.
...
    }
}
unit 120 {
    description SERVER20;
    vlan-id 120; # SERVER20 vlan id. tag 120
    family inet {
        address 19x.xx.19.73/29;  # This IP block is for SERVER20,  I can ping 19x.xx.19.74, which I added to SERVER20.
    }
}

Thank you.

Hello, 

From the following status of the port 47,  there should be no problem with the configruation, why I can not ping the IPMI IP address for SERVER20 on port 47?

Should I add a VLAN ID 100 in the network setup of the SERVER20's IPMI?  So that the IP address will work with the tag vlan id 100?

Thank you.

root@EX4200-01> show ethernet-switching interfaces
Interface    State  VLAN members        Tag   Tagging  Blocking
ae0.0        up     default-vlan        100   tagged   unblocked
                    EX4200-mgmt     10    tagged   unblocked
                    v110                110   tagged   unblocked
                    vlan101             101   tagged   unblocked
                    vlan120             120   tagged   unblocked
ge-0/0/0.0   down   default-vlan        100   untagged blocked by STP
ge-0/0/1.0   down   default-vlan        100   untagged blocked by STP

...
ge-0/0/46.0  up     default-vlan        100   untagged unblocked
ge-0/0/47.0  up     vlan120             120   untagged unblocked
                    default-vlan        100   tagged   unblocked
me0.0        down   mgmt                      untagged unblocked