How to Configure Multiple VLANs on Junos Switches
The basic VLAN configuration that Junos switches set up automatically creates a single VLAN named default. This setup is fine for a small network, but for anything larger than that, you will want to subdivide your LAN into a number of VLANs.
In addition, when you have more than one VLAN, the switch needs a way to distinguish which packets originate where. To do so, each VLAN must have a unique name and a numeric tag, called a VLAN ID. Also, because each VLAN is a separate broadcast domain, any given IP subnet should usually not span VLANs.
As a simple example, imagine two printers connected to the same switch, one in the physics department and the other in chemistry. To configure these VLANs, follow these steps:
Configure the ports that the printers are plugged into, namely ge-0/0/1 and ge-0/0/2 (the second and third ports on the front of the switch) and associate the interfaces with the VLANs you’re about to create:
[edit interfaces] user@junos-switch# set ge-0/0/1 unit 0 family ethernet-switching vlan members physics [edit interfaces] user@junos-switch# set ge-0/0/2 unit 0 family ethernet-switching vlan members chemistry
Some people prefer an interface-centric approach to VLAN configuration, where you configure all the VLAN membership information in the interface configuration. Others prefer a VLAN-centric approach to VLAN configuration, where you configure all the VLAN membership information in the VLAN configuration. Fortunately, the Junos OS offers a CLI syntax that supports both approaches.
This example illustrates the interface-centric approach. If you instead want to use the VLAN-centric approach, you need to configure the ge-0/0/1.0 and ge-0/0/2.0 interfaces for family ethernet-switching (which is included in the factory default configuration):
[edit interfaces] user@junos-switch# set ge-0/0/1 unit 0 family ethernet-switching [edit interfaces] user@junos-switch# set ge-0/0/2 unit 0 family ethernet-switching
Configure the VLAN membership under the VLAN configuration:
[edit vlans] user@junos-switch# set physics interface ge-0/0/1.0 [edit vlans] user@junos-switch# set chemistry interface ge-0/0/2.
Say that you want the EX series switch to route traffic between these two VLANs. To do so, you must configure two VLAN Layer 3 interfaces and assign IP addresses for each VLAN interface:
[edit interfaces vlan] user@junos-switch# set unit 100 family inet address 192.0.2.1/25 [edit interfaces vlan] user@junos-switch# set unit 200 family inet address 192.0.2.129/25
Define the VLAN ID so that all packets transmitted from the physics department are marked with the VLAN ID (or tag) 100 when the switch is performing VLAN trunking, while the chemistry packets are tagged with VLAN ID 200:
[edit vlans] user@junos-switch# set physics vlan-id 100 [edit vlans] user@junos-switch# set chemistry vlan-id 200
Associate the Layer 3 interface that you created with the two VLANs:
[edit vlans] user@junos-switch# set physics l3-interface vlan.100 [edit vlans] user@junos-switch# set chemistry l3-interface vlan.200
In these two statements, the last keyword (vlan.100 and vlan.200) establishes the connection between Layer 3 routing and a VLAN, which performs Layer 2 switching.
In assigning the IP addresses, two different logical units, or logical interfaces, are used for the VLAN. For physics, the command set unit 100… creates vlan.100, so unit 100 is the logical interface specified as the physics department Layer 3 interface. For chemistry, set unit 200…creates vlan.200, so vlan.200 is specified as the logical interface.
You aren’t required to use the same numbers for the units and the VLAN IDs.
The following are common strategies for designing VLANs:
Group devices by type: In this architecture, each VLAN contains only one type of network device, meaning you have one (or more) VLAN for printers, another one for office PCs and laptops, a third one for WAPs, a fourth one for VoIP telephones, another for IP security cameras, and so on.
The advantage of this design is that the VLAN carries the same type of traffic, so less contention for bandwidth occurs among applications that use a lot of bandwidth, such as security cameras and computers simply sending e-mail to each other.
Group devices by organizational structure: This architecture segments network devices according to the organizational boundaries of your company or enterprise. For example, at a university, you can create separate VLANs for the physics, chemistry, and computer science departments when each department is responsible for procuring and maintaining their own network equipment.