Junos VLAN & Trunking

Today, I’m going to give a quick introduction to VLANs and trunking in JUNOS. VLANs in JUNOS work almost opposite like they do in IOS. You first create a VLAN with a vlan-name and then you assign a vlan-id (dot1q tag). By default all switch-ports are assigned to the ‘default’ vlan which is untagged (no vlan-id is assigned).

To create a VLAN:

set vlans <vlan-name> vlan-id <#>

You then assign interfaces to a VLAN individually:

set interfaces <interface-name> unit 0 family ethernet-switching
vlan members <vlan-name>

Fairly straight-forward right? Now on to trunking, which differs a good bit from what we are used to with IOS. By default, JUNOS does not specify a native-vlan. Trunks, by default, do not support any (allow) any VLANs. Trunks also do no auto-negotiate by default.

To set an interface as a trunk:

set interfaces <interface-name> unit 0 family ethernet-switching
port-mode trunk

You can then either explicitly allow individual VLANs, or you can allow all VLANs on the trunk:

set interfaces <interface-name> unit 0 family ethernet-switching
vlan members all

If you would like to trunk to a Cisco device, you must first create a “native” vlan (it would help to name it ‘native’) with a vlan-id of 1 (unless you’ve changed the native-vlan on the Cisco device). You can then specify the native-vlan on the trunk interface:

set interfaces <interface-name> unit 0 family ethernet-switching
native-vlan-id <#>

I know that this does not appear to be a very easy way of assigning interfaces to VLANs, but at this point in my study it’s all that I’ve got. I am going to do some more research into this, as I’m sure there is a more efficient way of doing things.

----------------------------------------------------------------------------------------------------------------------------

That’s actually a pretty easy way to configure VLANs. But FYI, the Juniper recommended best practice (which I 100% agree with) for configuring VLANs is that you configure untagged (access) VLANs under the VLAN itself, and tagged (trunked) VLANs under the interface.

For example, to accomplish the following:
- create VLANs 10 and 20
- set ge-0/0/0 & ge-0/0/1 as untagged VLAN 10
- set ge-0/0/2 & ge-0/0/3 as untagged VLAN 20
- set ge-0/0/47 as tagged (trunked) with VLANs 10 and 20

you would do the following:

set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/47 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members [ VLAN10 VLAN20 ]
set vlans VLAN10 vlan-id 10
set vlans VLAN20 vlan-id 20
set vlans VLAN10 interface ge-0/0/0.0
set vlans VLAN10 interface ge-0/0/1.0
set vlans VLAN20 interface ge-0/0/2.0
set vlans VLAN20 interface ge-0/0/3.0

Much easier (and cleaner) to configure the untagged VLANs under the VLAN itself.

Also, to create RVIs (the equivalent of SVIs in IOS), you’d simply do:
set interfaces vlan unit 10 family inet 10.10.10.0/24
set interfaces vlan unit 20 family inet 20.20.20.0/24
set vlans VLAN10 l3-interface vlan.10
set vlans VLAN20 l3-interface vlan.20