Ethernet Switching
Highlighted
Ethernet Switching

EX4550 with l3 interface in a Private VLAN

‎09-07-2020 12:47 PM

Hello,

 

I am trying to assess if it's possible to configure an l3.interface with a private vlan?

 

My goal is to connect a VC of EX4550 to two routers r0 and r1 via respectively ae0 and ae1. I can get the L2 part working, no problem, my configuration works as expected.

 

Now I would like to add routing between my VC private VLAN and r0 and r1 but the interface ae0 and ae1 are the primary ports and I cannot have them with two families. Also I do not seem to be able to add an l3.interface (vlan or irb) to it, nor into the secondary VLAN although my VC sw and r0 and r1 would not have their /30 to establish their OSPF.

 

Is it even doable? Can EX4550 support Private VLAN and an l3.interface?

 

Thanks.

7 REPLIES 7
Highlighted
Ethernet Switching

Re: EX4550 with l3 interface in a Private VLAN

‎09-07-2020 11:00 PM

It's not officially stated in the feature explorer and similar places, but I would expect it to work on EX4550 - try to follow these instructions and see where it gets you. Let us know of your progress 🙂

 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/routed-vlan-interfaces.html

 

 


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
Ethernet Switching

Re: EX4550 with l3 interface in a Private VLAN

‎09-08-2020 12:19 AM

Many thanks for the reply!

 

I've tried to apply, but it does not seem to work:

 

set vlans pvlan vlan-id 100

set interfaces ae1 unit 0 family ethernet-switching port-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members pvlan

set interfaces ge-0/0/24 unit 0 family ethernet-switching port-mode access
set interfaces ge-1/0/24 unit 0 family ethernet-switching port-mode access
set interfaces xe-0/0/0 unit 0 family ethernet-switching port-mode access
set interfaces xe-1/0/0 unit 0 family ethernet-switching port-mode access

set vlans pvlan no-local-switching
set vlans pvlan interface ae1.0

set vlans cust_01 interface ge-0/0/24.0
set vlans cust_01 interface ge-1/0/24.0

set vlans cust_02 interface xe-0/0/0.0
set vlans cust_02 interface xe-1/0/0.0

set vlans cust_01 primary-vlan pvlan
set vlans cust_02 primary-vlan pvlan

set interfaces vlan unit 100 family inet address 10.10.10.6/24
set interfaces vlan unit 100 proxy-arp unrestricted
set interfaces vlan unit 100 family inet no-redirects

set vlans pvlan l3-interface vlan.100

 

- When applying to primary VLAN:

{master:0}[edit]
root@switch01# commit check
[edit vlans]
'pvlan'
L3-interface cannot be specified in Private VLAN
error: configuration check-out failed

- When applying to secondary VLAN:

 

{master:0}[edit vlans cust_01]
root@switch01# commit check
[edit vlans]
'cust_01'
L3-interface cannot be specified in Private VLAN
error: configuration check-out failed

and for the sake of clarity, I am running Junos 15.1R7-S7.1.

 

Any hint would be highly appreciated.

Highlighted
Ethernet Switching

Re: EX4550 with l3 interface in a Private VLAN

‎09-08-2020 11:51 AM

Hi amn.

 

I hope everything is ok with you.

 

I checked your config and also tested in my Lab , the same commit error came up. I am afraid that what you are trying to do is not supported, L3 interface in Pvlan as you can see below, is only supported on EX8200 .

Please check this link to get further details.

 

NOTE

Only an EX8200 switch or EX8200 Virtual Chassis support the use of an RVI to route Layer 3 traffic between isolated and community VLANs in a PVLAN domain.

 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/private-vlans.html#id-creating-a-...

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too.

 

Kind regards

 

Highlighted
Ethernet Switching

Re: EX4550 with l3 interface in a Private VLAN

‎09-08-2020 12:23 PM

I have just tested the following config on a QFX5110 and has previously also used it for educational purposes on an EX3400 where it worked as expected. Please try to alter you config to match this and see if you succeed 🙂

 

user@qfx# show |compare
[edit interfaces]
+   xe-0/0/10 {
+       unit 0 {
+           family ethernet-switching {
+               vlan {
+                   members isolated-vlan;
+               }
+           }
+       }
+   }
+   xe-0/0/11 {
+       unit 0 {
+           family ethernet-switching {
+               vlan {
+                   members pvlan-primary;
+               }
+           }
+       }
+   }
+   irb {
+       unit 100 {
+           proxy-arp unrestricted;
+           family inet {
+               no-redirects;
+               address 10.10.10.6/24;
+           }
+       }
+   }
[edit vlans]
+   isolated-vlan {
+       vlan-id 110;
+       private-vlan isolated;
+   }
+   pvlan-primary {
+       vlan-id 100;
+       l3-interface irb.100;
+       isolated-vlan isolated-vlan;
+   }

{master:0}[edit]
user@qfx# commit check
configuration check succeeds

{master:0}[edit]
user@qfx#

 

 


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
Ethernet Switching

Re: EX4550 with l3 interface in a Private VLAN

‎09-08-2020 02:01 PM

Many thanks for your help again.

 

I think the platform is limited in terms of options and the command private-vlan under vlans does not exist, below are the possible options for the vlan portion. It could be that the EX4550 has indeed limitations as stated.

 

{master:0}[edit vlans isolated-vlan]
root@switch01# set ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  description          Text description of the VLAN
> dot1q-tunneling      Dot1q-tunneling parameters
> filter               Packet filtering
> interface            Name of interface that uses this VLAN
  isolation-id         Isolation VLAN tag (1..4094)
  l3-interface         Layer 3 interface for this VLAN
  l3-interface-ingress-counting  Enable ingress counting on layer 3 interface for this VLAN
> mac-limit            Number of MAC addresses allowed on this VLAN
> mac-table-aging-time  MAC aging time configuration
  no-local-switching   Disable local switching
  no-mac-learning      Disable mac learning
  primary-vlan         Primary VLAN for this community VLAN
  vlan-id              802.1q tag (1..4094)
  vlan-prune           Prune unnecessary VCP links from a VLAN
  vlan-range           VLAN range in the form '-'

 

Highlighted
Ethernet Switching

Re: EX4550 with l3 interface in a Private VLAN

‎09-08-2020 02:03 PM

Many thanks for your help.

 

I did follow this very documentation. I can configure private-vlan, but I cannot configure an irb or vlan l3 interface. I would assume this is, indeed, a platform limitation for EX4550.

 

Thanks!

Highlighted
Ethernet Switching
Solution
Accepted by topic author amn
‎09-08-2020 02:37 PM

Re: EX4550 with l3 interface in a Private VLAN

‎09-08-2020 02:14 PM

Hi amn.

 

 

Based on the link provided I'd say that all the legacy platforms like  (EX2200-Ex3300-EX4500)do not support that feature, however, as mentioned above by jonashauge it seems to work on ELS devices.

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too.

 

Cheers.

Feedback