[j-nsp] IOS to JunOS clarification
Jason Lixfeld
jason-jnsp at lixfeld.ca
Thu Jun 30 13:55:47 EDT 2016
Hi there,
I’m somewhat of a j-noob, so please forgive any obvious errors or omissions.
I’m trying to migrate a snippet of a Cisco configuration over to an EX9200 running 14.2R4.9. The configuration snippet incorporates private VLANs, DHCP snooping, DIA, and IP Source Guard.
Reviewing the Configuration Guidelines of the Understanding Private VLANs on EX Series Switches chapter of JunOS 14.2 for EX switches[1], it would seem that a 1:1 configuration:feature swap is impossible due to the EX9200 not supporting DHCP Security features or IRB.
If this is indeed the case, are there any other ways I can get the EX to do what I’m doing on this Cisco 4500?
!
ip arp inspection vlan 4001 logging dhcp-bindings all
ip dhcp snooping vlan 3001
!
vlan 3001
private-vlan primary
private-vlan association 4001
!
vlan 4001
private-vlan isolated
!
ip dhcp pool clients
vrf clients
network 172.23.254.0 255.255.255.0
!
interface Vlan3001
ip vrf clients
ip address 172.23.254.1 255.255.255.0
private-vlan mapping 4001
!
interface GigabitEthernet1/1
switchport private-vlan trunk native vlan 4001
switchport private-vlan trunk allowed vlan 4001
switchport private-vlan association trunk 3001 4001
switchport mode private-vlan trunk
!
Thanks in advance!
(If it helps, here’s the JunOS configuration I’ve built)
set interfaces ge-0/2/2 speed 1g
set interfaces ge-0/2/2 hold-time up 10000
set interfaces ge-0/2/2 hold-time down 0
set interfaces ge-0/2/2 ether-options auto-negotiation
set interfaces ge-0/2/2 ether-options no-flow-control
set interfaces ge-0/2/2 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/2/2 unit 0 family ethernet-switching vlan members CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED
set interfaces ge-0/2/2 unit 0 family ethernet-switching storm-control DEFAULT
set interfaces ge-0/2/2 unit 0 family ethernet-switching recovery-timeout 60
set interfaces irb unit 3000 family inet address 3.3.3.1/24
set forwarding-options storm-control-profiles DEFAULT all bandwidth-percentage 1
set routing-instances INET instance-type vrf
set routing-instances INET system services dhcp-local-server group CUSTOMER-BUSINESS-DYNAMIC interface irb.3000
set routing-instances INET access address-assignment pool CUSTOMER-BUSINESS-DYNAMIC family inet network 3.3.3.0/24
set routing-instances INET access address-assignment pool CUSTOMER-BUSINESS-DYNAMIC family inet range CUSTOMER-BUSINESS-DYNAMIC low 3.3.3.2
set routing-instances INET access address-assignment pool CUSTOMER-BUSINESS-DYNAMIC family inet range CUSTOMER-BUSINESS-DYNAMIC high 3.3.3.254
set routing-instances INET access address-assignment pool CUSTOMER-BUSINESS-DYNAMIC family inet dhcp-attributes router 3.3.3.1
set routing-instances INET interface irb.3000
set routing-instances INET route-distinguisher 4:4
set routing-instances INET vrf-target target:4:4
set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED vlan-id 4000
set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED forwarding-options dhcp-security arp-inspection
set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED forwarding-options dhcp-security ip-source-guard
set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED private-vlan isolated
set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-PRIMARY vlan-id 3000
set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-PRIMARY l3-interface irb.3000
set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-PRIMARY isolated-vlan CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED
[1]
http://www.juniper.net/documentation/en_US/junos14.2/topics/concept/private-vlans-ex-series-els.html
More information about the juniper-nsp
mailing list