Day One Tips
Highlighted
Day One Tips

VLAN-Retagging between two trunk ports on an EX-switch

[ Edited ]
‎11-23-2010 07:37 AM

VLAN-Retagging between two trunk ports on an EX-switch
Sometimes it's necessary to connect two VLANs with different VLAN-IDs - let's say switch SW1 has VLAN 1 and 2 attached and a trunk port configured, that carries pakets with VLAN Tags 1 and 2.
There's a second switch sw2 that has VLANS 11 and 12 attached and owns a trunkport with both vlans tagged. Now systems from VLAN 1 must talk to systems in VLAN 11 and Systems in VLAN 2 must talk to Systems in VLAN 12. There's a KB-Article explaining retagging on an EX-switch, but only, if one port is an access port. But we have sw1 and sw2 both attached via trunk ports to our EX to e..g ge-0/0/2 and ge-0/0/3.
The trick here is to make one trunk port an access port although it actually stays a trunk port and assign a dummy-vlan - let's say 99:

{master:0}[edit interfaces]
root@ex2# show ge-0/0/2
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members [ 11 12 ];
        }
    }
}

root@ex2# show ge-0/0/3
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members 99;
        }
    }
}

Then configure the 4 + 1 dummy vlan and use the swap-statement as described in the KB-article:

{master:0}[edit vlans]
root@ex2# show
:
vlan1 {
   vlan-id1;
}
vlan11 {
    vlan-id 11;
    interface {
        ge-0/0/3.0 {
            mapping {
                1 {
                    swap;
                }
            }
        }
    }
}
vlan12 {
    vlan-id 12;
    interface {
        ge-0/0/3.0 {
            mapping {
                2 {
                    swap;
                }
            }
        }
    }
}
vlan2 {
    vlan-id 2;
}
vlan99 {
    vlan-id 99;
}

With this configuration, pakets entereing the switch with tag 11 will leave it with tag 1 and vice versa and paket entering with tag 12 will leave with tag 2.
Caution:mirroring the swap-port will show the wrong VLAN-ID. An analyzer seems to always grab the packet BEFORE swapping. That's OK for an ingress-paket, but misleading for an egress-packet!
Special Thanks to Marc H. from TLK for showing me this 'how to'

Feedback