Ethernet Switching
Highlighted
Ethernet Switching

MVRP Exclusions Possible?

‎03-01-2013 11:08 AM

Hi JuniperEX Peeps!

 

I like using MVRP to propogate vlans across my trunks but I don't want my ISCSI vlan leaving my 2 specific ISCSI switches (LAG'd with an iscsi only trunk) and creating a loop.  Is there a way to enable MVRP but have it excluse a specific vlan?

 

If not, I can always disable MVRP but would obviously prefer not to!

 

Thanks

 

Mark

12 REPLIES 12
Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-01-2013 03:18 PM

Hi Mark,

 

As I understand it you should be able to exclude specific VLANs from being learned over trunks by disabling MVRP for the individual interfaces participating in those VLANs on the participating access switches. Here's an example of the syntax I believe you'll need to use:

 

{master:0}[edit]
lab@exB-1# set protocols mvrp no-dynamic-vlan interface ge-0/0/6.0 disable

 

Using the 'disable' option for port 6 will ensure this switch does not share the associated VLAN across any configured trunk ports. Note that this will need to be repeated for each interface on the access switch(es) with that VLAN.

 

Hope this helps,

 

Jared

Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-01-2013 03:22 PM

I should clarify the 'disable' option is only needed on the 'access' ports participating in the VLANs you do not want shared.

Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-02-2013 05:49 AM

Brilliant!  I will give this a shot when i get back to the office.  Thanks so much

Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-04-2013 05:24 AM

unfortunately that command can only be used on trunk interfaces, not on the access interfaces.  If i put this on my trunk it would do the same as not having MVRP enabled at all.

 

# commit

[edit protocols mvrp]

'interface ge-0/0/0.0'
MVRP can only be enabled on trunk interfaces
error: configuration check-out failed

 

Any other thoughts?

 

 

 

Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-04-2013 10:09 AM

Oh shoot! Sorry about that it's been a while since I played around with this. 🙂

 

I'll dig a bit and see if there's another option to accomplish this.

 

Jared

Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-04-2013 11:26 AM

Hi Mark,

 

After digging a bit and testing some things, it does *not* appear this is possible with MVRP (i.e. it seems to be all or nothing).

 

-Cheers,

 

Jared

Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-04-2013 11:46 AM

Well atleast I now have an answer, thanks for checking

Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-10-2013 11:21 PM

Why not remove issci interfaces that from the vlans then? The information you have provided does not give enough to go on. share teh configurations -your personal info at least for the vlans configured and which interfaces are in the vlans. Otherwise you could create a firewall filter to block the input of that vlan and apply it as an input filter on the interfaces connecting to the isscsi. maybe spell out more clearly what you want to do with the issci traffic as it relates to vlans and MVRP. Say exactly how are the interfaces connecting to the issci are configured, what you want to achieve and how MVRP is preventing you from achieving that result.

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-20-2013 04:39 AM

Thanks Lyndidon.. here is what I'm trying to accomplish in a nutshell

 

2013-03-19 15_28_09-netdiag1.png

All switches in the diagram are ex4200

 

The green links are iscsi traffic (iscsi vlan 200)
The yellow links are AE trunks with vlan members added as required
The pink links are AE trunks with mvrp

I'm setting up our new Dell EQL SAN as Dell recommends with each of the 2 active interfaces connected to a seperate switch.

The vm hosts also have 1 nic connected to each switch on the iscsi vlan and use multipathing to determine how to best reach the san.

This allows for 2 things.. 1. if a switch fails i dont lose host/san connectivity and 2. more bandwith when all switches are operational.

My problem is, when mvrp is enabled it sends iscsi traffic out to the distribution switch which I dont want, because it will create a loop and possibly confuse the vmware multipathing.

If anyone can think of a better solution than not using mvrp it would be most welcome

Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-20-2013 05:24 AM

Hi Mark,

 

I was going through the post and according to your explanation, it seems that you just want to block the iSCI traffic from going towards the distribution switch. Let me know if my understanding is correct, or if there is any catch in it which I am missing.

 

Just a thought which I would like to share. Probably the solution to this issue is we can prune the vlans on those specific links going towards distribution switch from RackSwitch1 and RackSwitch2 i;e those pink lines. With mvrp enabled we can allow only those vlans which you want to pass to the distribution layer. So manually we need to mention the allowed vlans on the trunk links. Rest will be blocked automatically.

 

Let me know your thoughts on this suggestion.

Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

‎03-20-2013 07:18 AM

Hi dipanc, your understanding is correct.

 

i'm not sure on exactly what you are suggesting though

Highlighted
Ethernet Switching

Re: MVRP Exclusions Possible?

[ Edited ]
‎03-20-2013 10:16 AM

the MVRP and ae trunks config on switch 1 and 2 that connects to the distribution switch would help.  create an input filter for the ae interfaces that would block vlan200 traffic. Or disable dynamic vlan registration on the ae ports. Or disable MVRP for the ports that connect to the iscsi. Post the config for MVRP on sw1 and sw2 (replace patter of your internal info first save that file, rollback to reset candidate config then copy the saved file and post it.

try this first

[edit protocols mvrp]

admin@SW-AS1# set interface <iscsi_interface> registration forbidden

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Feedback