[j-nsp] Network configuration question / vlan and bridging related

zeng watchthinker watchthinker at hotmail.com
Fri Jun 24 13:54:01 EDT 2005


As I recall, there is something like L3 switch can support this feature as 
your requeset.

It can make set a vlan group with one gateway and each individual vlan can 
not communicate to each other with same subnet.

In this way, you can save your ip address without using /30 mask with a /24 
mask or so. 

>From: Steinar Torsvik <steinar at fasthost.no>
>To: juniper-nsp at puck.nether.net
>Subject: [j-nsp] Network configuration question / vlan and bridging 
related
>Date: Thu, 23 Jun 2005 18:31:15 +0200
>
>Hi,
>
>First post to this list, well here is the case:
>
>We have a customer who owns 1 Juniper M7i connected to a 700 ports
>d-link switched network. The topology is the following:
>
>   gigabit uplink
>         |
>         |
>|-------------|
>|    m7i      |
>|-------------|
>         |
>         |
>|-------------|
>| d-link core |
>|    switch   |
>|-------------|
>     |  |  |  |
>|-------------|
>|  cheap vlan |
>| capable edge|
>|    d-link   |
>|-------------|
>        |
>      client
>
>
>There are 700 edge ports who all is in one separate vlan. This making
>the traffic separated until it reaches the Juniper. The goal here is to
>get all client traffic separated so nobody can mess up / hijack ip
>addresses and so on.
>
>My question is basicly, what is the best way to administrate /
>distribute the ip addresses in a simple and easy to maintain way.
>
>I have come up with two solutions, there may be many more or better ways
>to do this so please correct me :)
>
>1) Give a /30 network to each client and configure up all 700 interfaces
>this way. This may be a nightmare to maintain and configure, even though
>most of the configuration process can be automated.
>
>2) Find a cool way to bridge all interfaces together and filtering out
>unwanted traffic, a kind of Cisco private vlan but not on the edge. The
>edge switches is not capable of this l3 filtering - so it must be solved
>in the router.
>
>Is there a way to do this on Juniper? Make a "virtual" interface and
>bridge all 700 interfaces up against this one, filter the traffic
>forcing all clients to only reach the default gw and nothing else - and
>then distribute /32 networks to each client.
>
>If the second solution is possible - I am hoping to be able to
>distribute all ip addresses with one single DHCP pool, giving also each
>client port the possibility to connect several clients at each port
>without forcing the client to do NAT (wich he must do in the first
>solution since he only gets one ip address).
>
>Anyone have any experience / ideas / pointers here? The hardware is
>pretty much set - and replacing the edge switches with someone who has
>better l3 capability is not an option.
>
>--
>Regards,
>
>Steinar Torsvik
>Fasthost AS
>Tlf: +47 22 00 88 50
>Mob: +47 99 02 99 88
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp

_________________________________________________________________
与世界各地的朋友进行交流,免费下载 MSN Messenger:  
http://messenger.msn.com/cn 



More information about the juniper-nsp mailing list