I've configured 802.1Q on the internal port of a SA6000 running 6.0r5.  Check out p. 600 of the admin guide.  If you have some specific questions, maybe I can help.

Do you have to have an IVS license to do VLAN tagging? I notice that on version 6.0/6.1 there is VLAN menu but not on version 5.5 and therefore it supports it under version 6.1.

 

Thanks 

Sure looks that way, though I don't think you need to define IVSs to use VLANs.  I have a SA2000 and a SA6000 both running 6.0r5.  The SA6000 is licensed for IVS; the SA2000 is not.  VLANs do not show up on the menu on the SA2000.

Thank you for the info. Would you mind point me to any reference on how to do it? I just wanted to put any authenticated user with ip subnet 192.168.240.20.0/24 tagged with, for example, VLAN-ID=111, and subnet 192.168.250.0/24 with VLAN-ID=112.

 

 

Thank you and greatly appreciated.

 

 

Assignment to VLANs is done on a role basis.  So, you need to do the following -

1. Create the VLANs
2. Create two roles and figure out how you are going to do role-mapping for the realm
3. For each role, assign the VLAN in the VLAN/Source IP tab of the General setting for the role
4. For each role, define NC Connection profiles which assign the appropriate address pool

Thanks for the info. But how do you connect the SA400 Internal Port(which can not be tagged per your last post) to the tagged switchport on the other end? Thanks.

I'm not a switch expert, but what I remember is that the switch had an ability to tag untagged data coming from the Juniper, or to treat it like it was tagged with a "default" VLAN tag. 

Thanks again for your patience. The internal port of SA4000 does not support tagging but it can send packet OUT with tagging information, is it right? If it is, how does the internal port process the returning packet(will have tagging info) IN to it ?

 

Thank you