ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2

last person joined: 2 days ago

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

Back to discussions

Expand all | Collapse all

ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2

Jump to Best Answer

1. ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2

0 Recommend
Erdem
Posted 05-09-2014 00:14

Reply Reply Privately
Hello all,

I´m having a open question regarding number/limit of private vlans in a virtual chasiss setup.

In my company we wanted to implement private vlans for a specific network which is defined with vlan-id 516.

I have configured a virtual chasiss with ex3300 containig 5 switches (1xRE, 1xBRE, 3xLC).

After this I have placed all GE ports in VC switch in access mode and for every port defined a private vlan.

With this setup I have 5*48=240 private vlans in VC switch (which is far less than 4094).

Placing the VC in production I have found strange issue, that ports in private vlan on Sw0 and Sw1 are working correctly but ports on Sw2 are not receiving communication over the uplink. On the uplink ae0 there are all vlans defined i.e. management with vlan-id 10, data vlans with vlan id 37 and master private vlan with vlan id 516.

Here is the actual configuration for virtual chasiss (VC) - all chasiss member are correctly configured and placed.

Uplink agg.-interface (ae0, 2x1GE) is configured on Sw0-RE port ge0/1/0 and Sw1-BRE port ge-1/1/0.

root@sw> show virtual-chassis status

Preprovisioned Virtual Chassis

Virtual Chassis ID: 70fd.43f8.3704

Virtual Chassis Mode: Enabled

                                           Mstr           Mixed Neighbor List

Member ID Status   Serial No    Model     prio Role      Mode ID Interface

0 (FPC 0) Prsnt    GB0212507879 ex3300-48p 129 Master*     NA 1 vcp-255/1/2

                                                                 4 vcp-255/1/3

1 (FPC 1) Prsnt    GA0214050124 ex3300-48t 129 Backup      NA 2 vcp-255/1/2

                                                                 0 vcp-255/1/3

2 (FPC 2) Prsnt    GA0214050392 ex3300-48t   0 Linecard    NA 3 vcp-255/1/2

                                                                 1 vcp-255/1/3

3 (FPC 3) Prsnt    GA0214020272 ex3300-48t   0 Linecard    NA 4 vcp-255/1/2

                                                                 2 vcp-255/1/3

4 (FPC 4) Prsnt    GA0214020116 ex3300-48t   0 Linecard    NA 0 vcp-255/1/2

                                                                 3 vcp-255/1/3

Here is the actual configuration for private vlans.

root@sw# show | display set | match n-av-m

set vlans n-av-m vlan-id 516

set vlans n-av-m-000 interface ge-0/0/0.0

set vlans n-av-m-000 primary-vlan n-av-m

set vlans n-av-m-001 interface ge-0/0/1.0

set vlans n-av-m-001 primary-vlan n-av-m

set vlans n-av-m-002 interface ge-0/0/2.0

set vlans n-av-m-002 primary-vlan n-av-m

set vlans n-av-m-003 interface ge-0/0/3.0

set vlans n-av-m-003 primary-vlan n-av-m

set vlans n-av-m-004 interface ge-0/0/4.0

--zip--

set vlans n-av-m-100 interface ge-1/0/0.0

set vlans n-av-m-100 primary-vlan n-av-m

set vlans n-av-m-101 interface ge-1/0/1.0

set vlans n-av-m-101 primary-vlan n-av-m

set vlans n-av-m-102 interface ge-1/0/2.0

set vlans n-av-m-102 primary-vlan n-av-m

set vlans n-av-m-103 interface ge-1/0/3.0

set vlans n-av-m-103 primary-vlan n-av-m

set vlans n-av-m-104 interface ge-1/0/4.0

set vlans n-av-m-104 primary-vlan n-av-m

set vlans n-av-m-105 interface ge-1/0/5.0

--zip--

set vlans n-av-m-147 interface ge-1/0/47.0

set vlans n-av-m-147 primary-vlan n-av-m

set vlans n-av-m-200 interface ge-2/0/0.0

set vlans n-av-m-200 primary-vlan n-av-m

set vlans n-av-m-201 interface ge-2/0/1.0

set vlans n-av-m-201 primary-vlan n-av-m

set vlans n-av-m-202 interface ge-2/0/2.0

set vlans n-av-m-202 primary-vlan n-av-m

set vlans n-av-m-203 interface ge-2/0/3.0

--zip--

set vlans n-av-m-347 interface ge-3/0/47.0

set vlans n-av-m-347 primary-vlan n-av-m

set vlans n-av-m-400 interface ge-4/0/0.0

set vlans n-av-m-400 primary-vlan n-av-m

set vlans n-av-m-401 interface ge-4/0/1.0

set vlans n-av-m-401 primary-vlan n-av-m

--zip--

set vlans n-av-m-446 interface ge-4/0/46.0
set vlans n-av-m-446 primary-vlan n-av-m
set vlans n-av-m-447 interface ge-4/0/47.0
set vlans n-av-m-447 primary-vlan n-av-m

Here is the actual configuration for a acces port.

root@deeurw037# show interfaces ge-0/0/0
unit 0 {
    family ethernet-switching {
        port-mode access;
    }
}
...

root@deeurw037# show interfaces ge-4/0/47
unit 0 {
    family ethernet-switching {
        port-mode access;
    }
}
...

root@deeurw037# show vlans
n-av-m {
    vlan-id 516;
}
n-av-m-000 {
    interface {
        ge-0/0/0.0;
    }
    primary-vlan n-av-m;
}
n-av-m-001 {
    interface {
        ge-0/0/1.0;
    }
    primary-vlan n-av-m;
}
n-av-m-002 {
    interface {
        ge-0/0/2.0;
--snip--

n-av-m-446 {
    interface {
        ge-4/0/46.0;
    }
    primary-vlan n-av-m;
}
n-av-m-447 {
    interface {
        ge-4/0/47.0;
    }
    primary-vlan n-av-m;
}
s-data {
    vlan-id 37;
}
s-mgmt {
    vlan-id 10;
    l3-interface vlan.10;
}

Can anybody point me in the right direction? What is wrong with the configuration? is there a limit of private vlans do define?

Thanks in advance.
2. RE: ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2

0 Recommend
Erdem
Posted 05-09-2014 09:11

Reply Reply Privately
Please show any other lines related to configuration of vlan 516. Thanks.
3. RE: ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2

0 Recommend
Erdem
Posted 05-13-2014 01:37

Reply Reply Privately
Hello David,

here is a show vlan command.

root@deeurw037# show vlans
n-av-m {
    vlan-id 516;
}
n-av-m-000 {
    interface {
        ge-0/0/0.0;
    }
    primary-vlan n-av-m;
}
n-av-m-001 {
    interface {
        ge-0/0/1.0;
    }
    primary-vlan n-av-m;
}
n-av-m-002 {
    interface {
        ge-0/0/2.0;

...
--snip--

...

n-av-m-446 {
    interface {
        ge-4/0/46.0;
    }
    primary-vlan n-av-m;
}
n-av-m-447 {
    interface {
        ge-4/0/47.0;
    }
    primary-vlan n-av-m;
}
s-data {
    vlan-id 37;
}
s-mgmt {
    vlan-id 10;
    l3-interface vlan.10;
}
4. RE: ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2
Best Answer

0 Recommend
Erdem
Posted 05-20-2014 00:43

Reply Reply Privately
Hello all,

The configuration of the VC with ex3300 is correct. I have found in the log of the VC switch some strange syslog messages. After this I have found that SW 0 (member 0) has had a high CPU utilisation. This has make me suspicious and I decided to reboot the VC.

After reboot of the VC, I have taken connection tests from each of the chasiss member switches and found no problems. Seems to me that SW member 0 has had an issue on the first boot process.

For the case of the number of PVLAN and VLAN tags I have found following description.

---

Configuration Guidelines for VLANs

Two steps are required to create a VLAN. You must uniquely identify the VLAN and you must assign at least one switch port interface to the VLAN for communication.

After creating a VLAN, all users all users connected to the interfaces assigned to the VLAN can communicate with each other but not with users on other interfaces in the network. To configure communication between VLANs, you must configure a routed VLAN interface (RVI). See Configuring Routed VLAN Interfaces (CLI Procedure) to create an RVI.

The number of VLANs supported per switch varies for each switch type. Use the command set vlans id vlan-id ? to discover the maximum number of VLANs allowed on a switch. You cannot exceed this VLAN limit because each VLAN is assigned an ID number when it is created. You can, however, exceed the recommended VLAN member maximum .

To determine the maximum number of VLAN members allowed on a switch, multiply the VLAN maximum obtained using set vlans id vlan-id ? times 8.

If a switch configuration exceeds the recommended VLAN member maximum, you see a warning message when you commit the configuration. If you ignore the warning and commit such a configuration, the configuration succeeds but you run the risk of crashing the Ethernet switching process (eswd) due to memory allocation failure.

---

http://junipernetworks.mobi/techpubs/en_US/junos12.3/topics/task/configuration/bridging-vlans-ex-series-cli.html

Switching

ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2

Erdem05-09-2014 00:14

Erdem05-09-2014 09:11

Erdem05-13-2014 01:37

Erdem05-20-2014 00:43Best Answer

1. ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2

2. RE: ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2

3. RE: ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2

4. RE: ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2 Best Answer

Configuration Guidelines for VLANs

4. RE: ex3300 virtual chasiss (5 member - 0,1,2,3,4) with private vlan - problem with private vlan on chasiss member 2
Best Answer