Switching

last person joined: 20 hours ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  VPLS on EX4600 switch

    Posted 12-31-2019 17:10
    Hi everyone,
    Please consider following set up:
    host--tagged traffic v8-----ge0/0/0 EX4600SW--ae0------trunk---ae0 Router
    Above EX 4600 is layer 2 switch, router is gateway for host
    Security requirement:
    Traffic arriving from host,  on ge0/0/0 on EX 4600, must use routing instance to separate  the layer2 traffic. Simply segementing traffic using vlan alone is not enough for security folks.
     
    EX4600 does not support routing-instance tpe Virtual switch, so I am looking into VPLS to provide switching and also separation 
    Below is my config:
    set routing-intsance LEE instance-type vrf
    set routing-intsance LEE protocol vpls
    set routing-intsance LEE instance-type vrf interface ge-0/0/0
    set routing-intsance LEE instance-type vrf interface ae0
    set routing-intsance LEE route-distinguisher 1234
    set routing-intsance LEE vrf-target target:1234:1234
     
    set interface ge-0/0/0 vlan-tagging
    set interface ge-0/0/0 unit 0 vlan-id 8
    set interface ae0 vlan-tagging
    set interface ae0  unit 0 vlan-id 8
     
    is my config correct,  as far VPLSconfig  is concerned on EX 4600 switch?
     
    Thanks and happy holidays!!
     
     
     
     
     
     
     
     


  • 2.  RE: VPLS on EX4600 switch
    Best Answer

    Posted 01-01-2020 03:27

    Hello,

     

    @sarahr202 wrote:
    Hi everyone,
    Please consider following set up:
    host--tagged traffic v8-----ge0/0/0 EX4600SW--ae0------trunk---ae0 Router
    Above EX 4600 is layer 2 switch, router is gateway for host
    Security requirement:
    Traffic arriving from host,  on ge0/0/0 on EX 4600, must use routing instance to separate  the layer2 traffic. Simply segementing traffic using vlan alone is not enough for security folks.

     

    Let me guess what these security folks are afraid of - is it VLAN hopping? 

    Then VPLS does not improve it compared to plain VLAN bridging/switching.

     

     

    @sarahr202 wrote:

    EX4600 does not support routing-instance tpe Virtual switch, so I am looking into VPLS to provide switching and also separation 

     

    As I mentioned above, separation with VPLS is no better than with plain VLAN bridging/switching. 

    Anyway - VPLS is not supported on EX4600 switch, only L2circuit and EVPN-VXLAN. Please check out JUNOS feature explorer 

    https://apps.juniper.net/feature-explorer/select-platform.html?category=Switching&typ=1#family=&pid=30504600&platform=EX4600&rel=19.3R1&sid=921&stat=0.8082232711341943&swName=Junos%20OS

     

    HTH

    Thx

    Alex