Pages

6/19/2013

Juniper EX mac-based VLANs

Juniper EX mac-based VLANs

Hi All,

Imagine that you have to assign a VLAN to a device that is not capable of sending a tagged frames. You can assign VLAN based on a MAC address or a MAC address OUI (first 3 octets), or mask. An example could be a VoIP phone or a set-top-box. Yes, for VoIP, you have a great functionality called Voice VLAN that could suits your scenario. But for my scenario it was not an option.
On a picture you can see three devices connected to unmanaged switch that send untagged frames. Unmanaged switch is connected to EX2200. On EX2200 you have a configuration that assign particular VLAN to specific frames:




interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members 10;
                }
            }
        }
    }
}

protocols {
    dot1x {
        authenticator {
            static {
                00:15:c5:f5:d1:d1/48 {
                    vlan-assignment 11;
                }
                00:1c:c4:00:00:00/24 {
                    vlan-assignment 78;
                }
            }

            interface {
                ge-0/0/0.0 {
                    supplicant multiple;
                }
            }
        }
    }
}
vlans {
    v11 {
        description "PHONE";
        vlan-id 11;
    v78 {
        description "VIDEO";
        vlan-id 78;
    }
}


This will "set" vlan 11 to a device with MAC 00:15:c5:f5:d1:d1 and vlan 78 to addresses 00:1c:c4:00:00:00/24. Interface is configured for mode access so PC is automatically taged to default vlan 10. Uplink port configuration is not included. To show a vlan assigment use show vlans, show dot1x interface


Here are some references.

End notes:

No comments:

Post a Comment