Table of Contents
Advertisement
Creating a Private VLAN on a Single EX Series Switch (CLI Procedure)
Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
Understanding Virtual Routing Instances on EX Series Switches on page 1511
For security reasons, it is often useful to restrict the flow of broadcast and unknown
unicast traffic and to even limit the communication between known hosts. The private
VLAN (PVLAN) feature on EX Series switches allows an administrator to split a broadcast
domain into multiple isolated broadcast subdomains, essentially putting a VLAN inside
a VLAN. This task describes how to configure a PVLAN on a single switch.
Before you begin, make sure you set up the VLANs. See "Configuring VLANs for EX Series
Switches (CLI Procedure)" on page 1600 or "Configuring VLANs for EX Series Switches
(J-Web Procedure)" on page 1597.
NOTE: Configuring a voice over IP (VoIP) VLAN on PVLAN interfaces is not
supported.
To configure a private VLAN on a single switch:
Set the primary VLAN to have no local switching:
1.
NOTE: The primary VLAN must be a tagged VLAN.
[edit vlans]
user@switch# set primary-vlan-name no-local-switching
For each community VLAN, configure access interfaces:
2.
NOTE: The secondary VLANs should be untagged VLANs. It does not
impair functioning if you tag the secondary VLANS. However, the tags are
not used when a secondary VLAN is configured on a single switch.
[edit vlans]
user@switch# set community-vlan-name interface interface-name
For each community VLAN, set the primary VLAN:
3.
[edit vlans]
user@switch# set community-vlan-name primary-vlan primary-vlan-name
For each isolated VLAN, add the interface to the primary VLAN:
4.
[edit vlans]
user@switch# set primary-vlan-name interface interface-name
Example: Configuring a Private VLAN on a Single EX Series Switch on page 1571
Creating a Private VLAN Spanning Multiple EX Series Switches (CLI Procedure)
Chapter 65: Configuring Bridging and VLANs
1607
Advertisement
Chapters
Table of Contents
Troubleshooting
