Ethernet Switching
Highlighted
Ethernet Switching

interface-range config inheritance change

‎05-25-2016 08:41 AM

There are large ex4300 stacks with hundreds of access ports.  The bulk of these ports are access ports on a single VLAN, but there are exceptions sprinkled about.

 

With Junos 13.2, the exception interfaces can be configured with a VLAN, and this specific VLAN config overrides the config inherited by the interface-range it is a part of.

 

Apparently with 14.1, the more specific config under an interface does not overrite the inheritance, but is merged with it.  So the config check will error out because it looks (for the exceptions with specific interface configs) that more than one VLAN is configured on an access port.  This looks like a backward step, making interface config more cumbersome, has anyone else run into this?

5 REPLIES 5
Highlighted
Ethernet Switching

Re: interface-range config inheritance change

‎05-27-2016 03:49 AM

We use apply groups extensively on the MX and ACX platforms.  And for safety sake always use the apply-groups-except on any element where we want to override a setting.

 

http://www.juniper.net/documentation/en_US/junos15.1/topics/task/configuration/junos-software-config...

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
Ethernet Switching

Re: interface-range config inheritance change

‎05-29-2016 08:45 PM

Hi B2,

 

 

You are correct - this behaviour has changed, however IMO this actually makes it more consistent with apply-groups, which interface-range looks to be based on.

 

 

If you're using interface-range with large port counts (eg: a virtual chassis), make sure you aren't using member-range, but instead have every relevant port configured as an independent member.  This way you can remove individual members from the interface-range.

 

Use wildcard range set when you're configuring them and it will be nice and easy to set up (even if you need to convert from member-range).

 

Then if you need to put in exceptions, you can just delete the port from the interface-range (individually) and then configure the interface however you need it.

 

Hope this helps

 

Ben Dale
JNCIP-ENT, JNCIP-SP, JNCIP-DC, JNCIE-SEC #63
Juniper Ambassador
Follow me @labelswitcher
Highlighted
Ethernet Switching

Re: interface-range config inheritance change

‎06-01-2016 01:45 PM

Thanks for the input dfex, but I'm not sure I completely follow your proposed solution.  It sounds very cumbersome, which is what I am trying to avoid.  Could you provide a few code snippets to ilustrate the technique that you are proposing?

Highlighted
Ethernet Switching

Re: interface-range config inheritance change

‎06-02-2016 06:12 PM

No problem - this is from a 4200-VC I have handy, but the principle is the same.

 

I've created an interface-range with an access VLAN specified (remember this is slightly different to 4300 config):

 

{master:0}[edit]
root@clx-lab-42vc# show interfaces 
interface-range DESKTOP-PORTS {
    unit 0 {
        family ethernet-switching {
            port-mode access;
vlan { members v100-DESKTOP; } } } }

Now I'll add all RJ45 ports on a two member VC to my DESKTOP-PORTS interface-range:

 

root@clx-lab-42vc# wildcard range set interfaces interface-range DESKTOP-PORTS member ge-[0-1]/0/[0-47]
/

I end up with:

 

{master:0}[edit]
root@clx-lab-42vc# show interfaces    
interface-range DESKTOP-PORTS {
    member ge-0/0/0;
    member ge-0/0/1;
    member ge-0/0/2;
    member ge-0/0/3;
...
    member ge-1/0/46;
    member ge-1/0/47;
    unit 0 {
        family ethernet-switching {
            port-mode access;
            vlan {
                members v100-DESKTOP;
            }
        }
    }
}

 

Now if you need to move any ports from the DESKTOP-PORTS interface-range to (say) a SERVER-PORTS interface-range you can just do:

 

{master:0}[edit]
root@clx-lab-42vc# delete interfaces interface-range DESKTOP-PORTS member ge-0/0/37

{master:0}[edit]
root@clx-lab-42vc# set interfaces interface-range SERVER-PORTS member ge-0/0/37

{master:0}[edit]
root@clx-lab-42vc# 

It's easy to fall into the trap of using the member-range option in your interface-range for lots of ports, but it becomes really convoluted to remove individual ports out of the middle of a defined range - you have to delete the original range (eg: member-range ge-0/0/0 to ge-0/0/47) and add in two ranges that exclude the port you're moving (eg: member-range ge-0/0/0 to ge-0/0/36 and then member-range ge-0/0/38 to ge-0/0/47).

 

Hope this helps

Ben Dale
JNCIP-ENT, JNCIP-SP, JNCIP-DC, JNCIE-SEC #63
Juniper Ambassador
Follow me @labelswitcher
Highlighted
Ethernet Switching

Re: interface-range config inheritance change

‎06-03-2016 11:53 AM

Thanks for laying it, that's pretty much what I had thought you were getting at.  Unfortunately it looks fairly cumbersome and I was looking to avoid having to modify the interface-ranges.  Configuring hundreds of ports in 13.2 worked so well, it feels like a dramatic step back in functionality.

Feedback