[j-nsp] Filter-based VLAN membership
Pavel Lunin
plunin at senetsy.ru
Mon Jul 22 10:06:08 EDT 2013
16.07.2013 04:21, Dale Shaw wrote:
> The desktop/end-user folks are looking at using Microsoft's MED-V
> platform to support legacy apps on a new Windows 7-based SOE. From
> what I can tell, MED-V is basically an instance of Windows XP running
> in Virtual PC.
>
> The desktop guys are telling me that dot1q-tagging the traffic from
> the VM isn't supported, nor can they cope operationally with NAT
> between the guest and host, so I'm looking at other options for
> separating this traffic, if for no other reason than to avoid the need
> to re-design the IP addressing plan to support larger subnets.
Looks like you rather need MAC-based VLAN, not filter-based.
http://www.juniper.net/techpubs/en_US/junos12.2/topics/task/configuration/authentication-static-mac-bypass-ex-series-cli.html
(Despite the config stanza, it has virtually nothing to do with the 802.1X.)
Note, you can set a mask length for MACs, that will match all VMs with a
single config line. Or you can make EX to ask RADIUS for a VLAN-ID of a
given MAC.
More information about the juniper-nsp
mailing list