[j-nsp] Configuring in-band management over trunk interfaces in EX2200

Aaron Dewell aaron.dewell at gmail.com
Mon Mar 3 20:59:10 EST 2014


I can verify that if a VLAN is both named as a member and as a native-vlan-id, then it will accept traffic both tagged and untagged on that port for that VLAN.  However, traffic will only be sent tagged.  That can break some things (for example APs) which might work during boot but the loaded configuration after won't work.  The AP just stripped the tag during boot but did not do that after boot unless explicitly configured for tagging.

"all" means all defined VLANs on the switch.  AFAIK, if you have, say, one vlan defined, then setting "members my-vlan" and "members all" are functionally equivalent.  No tagged traffic to undefined VLANs would be accepted in either case.  The native-vlan-id issue remains the same either way I'm pretty sure.

On Mar 3, 2014, at 7:43 PM, Andrew Jones wrote:
> Paul,
> I would need to double-check the behaviour when 'all' is used for vlan members, but certainly when a list of vlans are added as members of a trunk, and then one of those is added as the native vlan as well, packets output on the interface for that vlan (137 in your example), leave the interface with a tag attached.
> 
> It may be that you were seeing this behaviour, and it could possibly be worked around by using 'vlan members except 137' rather than 'vlan members all'.
> 
>> show ethernet-switching interface ae0.0
> 
> Would show if this were the case.
> 
> Andrew
> 
> 
> On 28.02.2014 21:59, Paul S. wrote:
>> Mark,
>> 
>> It was the native-vlan-id, actually.
>> 
>> Removing it made it all start working.
>> 
>> Thank you!
>> 
>> On 2/28/2014 午後 07:58, Mark Tinka wrote:
>>> On Friday, February 28, 2014 12:31:00 PM Paul S. wrote:
>>> 
>>>> However, if I move the unit 137 stanza from vlan.137
>>>> directly to ae0 (Removing its trunk status in the
>>>> process), and config it with vlan-tagging, and vlan-id
>>>> 137 -- it becomes accessible just fine, and can route
>>>> traffic.
>>> On my EX4550's (and EX3200/4200's), the below works:
>>> 
>>> ae0 {
>>>     description "SOMETHING";
>>>     aggregated-ether-options {
>>>         link-speed 10g;
>>>         lacp {
>>>             passive;
>>>         }
>>>     }
>>>     unit 0 {
>>>         description "SOMETHING";
>>>         bandwidth 20g;
>>>         family ethernet-switching {
>>>             port-mode trunk;
>>>             vlan {
>>>                 members all;
>>>             }
>>>         }
>>>     }
>>> }
>>> 
>>> vlan {
>>>     unit 999 {
>>>         description "SOMETHING - Management VLAN";
>>>         bandwidth 20g;
>>>         family inet {
>>>             filter {
>>>                 input filter-incoming;
>>>                 output filter-outgoing;
>>>             }
>>>             address a.b.c.d/30;
>>>         }
>>>         family iso;
>>>         family inet6 {
>>>             filter {
>>>                 input filter-incoming6;
>>>                 inactive: output filter-outgoing6;
>>>             }
>>>             address aaaa:bbbb:c:d::e/126;
>>>         }
>>>     }
>>> }
>>> 
>>> vlans {
>>>     Edge-Network {
>>>         vlan-id 999;
>>>         l3-interface vlan.999;
>>>     }
>>> }
>>> 
>>> Hope this helps.
>>> 
>>> Mark.
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list