Today I am going to talk about the Private VLANs configuration on the Juniper Switches. Earlier I wrote a article where i talk about the basics of the Private VLANs and the vendors supported to Private VLANs. If you want to have a look on that article, please go through the below mentioned link for the Private VLANs
Basics of Private VLANs
VLANs : Virtual Local Area Networks
VLANs is the way to partition the various Layer 2 network with in one Local Area Network which simply means that if you want to isolate two different department in one LAN you can isolate these by using the two VLANs. Let me give you an example, We have two departments and they are Finance and HRA. We want to separate both traffic with each other, then we can define the Finance in VLAN 3 and HRA in VLAN 4. Now by using these VLANs you can separate the traffic. But still if you want to can have a communication between Finance and HRA departments.
Private VLANs
Here we divided the VLANs in Primary and Secondary and you can provide the isolation between the ports in the secondary VLANs within the same Private VLAN. I already put a link on Private VLAN above. Please go through it for further understanding
So now talk about the Topology and the configuration of the Private VLANs on Juniper Switches as a reference model. It can be different as per the network and the design in your environment.
Above is the Topology we are using and below is the configuration associated with the above topology
Basics of Private VLANs
I am sure after reading the above article you will come to know about the basics of the Private VLANs. In this article I am going to cover the Configurational part of the Private VLANs on Juniper Switches, as it is demanded by some of the candidates on the blogs.
I will soon come up the configuration and the topology for the Private VLANs on Cisco and Huawei as well in another article.
A lot of people asking me about the VLANs, before starting with the configuration of the Private VLANs, let me quickly go through the VLANs and Private VLANs.
VLANs : Virtual Local Area Networks
VLANs is the way to partition the various Layer 2 network with in one Local Area Network which simply means that if you want to isolate two different department in one LAN you can isolate these by using the two VLANs. Let me give you an example, We have two departments and they are Finance and HRA. We want to separate both traffic with each other, then we can define the Finance in VLAN 3 and HRA in VLAN 4. Now by using these VLANs you can separate the traffic. But still if you want to can have a communication between Finance and HRA departments.
Private VLANs
Here we divided the VLANs in Primary and Secondary and you can provide the isolation between the ports in the secondary VLANs within the same Private VLAN. I already put a link on Private VLAN above. Please go through it for further understanding
So now talk about the Topology and the configuration of the Private VLANs on Juniper Switches as a reference model. It can be different as per the network and the design in your environment.
 |
| Private VLANs Topology- Juniper Switches |
Setting the VLAN ID
ttlbits@switch#set vlans pvlan vlan-id 1000
Setting Interfaces and Port modes
ttlbits@switch#set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
ttlbits@switch#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members pvlan
ttlbits@switch#set interfaces ge-1/0/0 unit 0 family ethernet-switching port-mode trunk
ttlbits@switch#set interfaces ge-1/0/0 unit 0 family ethernet-switching vlan members pvlan
ttlbits@switch#set interfaces ge-0/0/11 unit 0 family ethernet-switching port-mode access
ttlbits@switch#set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode access
ttlbits@switch#set interfaces ge-0/0/13 unit 0 family ethernet-switching port-mode access
ttlbits@switch#set interfaces ge-0/0/14 unit 0 family ethernet-switching port-mode access
ttlbits@switch#set interfaces ge-0/0/15 unit 0 family ethernet-switching port-mode access
ttlbits@switch#set interfaces ge-0/0/16 unit 0 family ethernet-switching port-mode access
Setting down the Primary VLAN with no Local Switching
ttlbits@switch#set vlans pvlan no-local-switching
Adding trunk Interfaces
ttlbits@switch#set vlans pvlan interface ge-0/0/0.0
ttlbits@switch#set vlans pvlan interface ge-1/0/0.0
Configure the secondary VLANs with VLAN IDs and interfaces
ttlbits@switch#set vlans hr-comm vlan-id 400
ttlbits@switch#set vlans hr-comm interface ge-0/0/11.0
ttlbits@switch#set vlans hr-comm interface ge-0/0/12.0
ttlbits@switch#set vlans finance-comm vlan-id 300
ttlbits@switch#set vlans finance-comm interface ge-0/0/13.0
ttlbits@switch#set vlans finance-comm interface ge-0/0/14.0
Setting up Community Private VLANs
ttlbits@switch#set vlans hr-comm primary-vlan pvlan
ttlbits@switch#set vlans finance-comm primary-vlan pvlan
Setting up the Isolated VLANs further
ttlbits@switch#set vlans pvlan interface ge-0/0/15.0
ttlbits@switch#set vlans pvlan interface ge-0/0/16.0
By doing the above configuration, you are set with the Private VLANs in your environment of Juniper Switches. I will come up with the Cisco and Huawei Switches as well where i can explain the Private VLANs configurations.
0 comments:
Post a Comment