Ethernet Switching
Highlighted
Ethernet Switching

PVLAN + l3-interface

‎11-22-2012 10:49 PM

Hi!

Can someone tell me, is it possible to bind to PVLAN l3-interface on ex4200? If so - how?

6 REPLIES 6
Highlighted
Ethernet Switching
Solution
Accepted by topic author dontsov@onlanta.ru
‎08-26-2015 01:27 AM

Re: PVLAN + l3-interface

‎11-24-2012 11:05 PM

Hi,

 

I don't think EX4200 is able to do what you want...

 

Regards,

Christophe

Highlighted
Ethernet Switching

Re: PVLAN + l3-interface

‎10-15-2013 11:41 PM

Hi.

 

I'm confused abou that. So, if we deploy PVLAN on EX4200, we cannot add an interface vlan for l3-interface? So, how can we do routing between Private-VLAN and normal VLAN on EX4200?

Highlighted
Ethernet Switching

Re: PVLAN + l3-interface

‎12-11-2013 06:56 AM

Unfortunately via another external L3 routing device... 

Highlighted
Ethernet Switching

Re: PVLAN + l3-interface

‎12-19-2013 08:22 PM

I've met this problem, and I hope on newer Junos OS, Juniper will overcome this shortcoming.

Highlighted
Ethernet Switching

Re: PVLAN + l3-interface

‎12-21-2013 01:34 AM

 

Limitations of Private VLANs

The following constraints apply to private VLAN configurations:

  • IGMP snooping is not supported with private VLANs.
  • Routed VLAN interfaces are not supported on private VLANs
  • Routing between secondary VLANs in the same primary VLAN is not supported.

http://www.juniper.net/techpubs/en_US/junos/topics/task/troubleshooting/private-vlans-qfx-series.htm...

 

PVLANs are isolated on Layer 2 and require that a Layer 3 device be used to route traffic among them.

What are your security requirements that want to achieve by implementing PVLAN and routing between them instead of regular VLANS? Maybe it can be acheived but it would be rough maybe using a series of RACL and VACL firewall filters.

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
Ethernet Switching

Re: PVLAN + l3-interface

‎01-11-2015 10:55 AM

Hi Guys,

 

Anyone knows if RVI support for Private Vlan feature is in the roadmap for EX series?

Based on the documentation I've found, if you want to use private vlans at the access layer, you are just turning completly off L3 swiching capabilities in EX series(except EX8200).

 

I guess it's not so critical in IPv4 since you still have port-level firewall filters, but in IPv6 you don't even have that.

 

I hope to see these features gaining traction this year. Interestingly enough, these basic security requirement are the ones to force you stick with some vendors.

Feedback