EX_Switch_series_Quick_Start_Training_Guide _2_

EX Switch Series Quick Start Training Guide
EX Switch series Quick Start Training Guide
This lab will prepare you on familiarizing yourself with the basic features of EX switch series. This lab will cover the following features: ? EX Basics ? Virtual Chassis ? Redundant Trunk Group (RTG) ? Port Security (DHCP Snooping, MAC Limiting) ? 802.1X (single/multiple supplicants) ? Traffic Analyzer ? J-Web
? Link Aggregation Group (LAG) /LACP ? LLDP ? VLAN and Port Modes ? Routed VLAN Interfaces (RVI) ? Spanning Tree (STP, RSTP, MSTP)
There are exercises in each section which you will walk you through configuration and interpret basic show commands for each technology/feature.
?Juniper Networks, Inc.
1

EX Switch Series Quick Start Training Guide
Setup & Lab Topology
The above diagram is the physical setup of the lab topology. Switches 1 and 2 are standalone switches and Switches 3 and 4 are Virtual Chassis via the stacking cable. All switches will be accessible via the SecureCRT from PC 4 (mgmt PC). Launch SecureCRT and there will be four saved connections to the switches. Switch login credential’s are juniper/juniper1. To get to the other PCs, there is an “Operations” on the toolbar of the applet. Under operation, highlight “Connect to Secondary” and there will be options for the other PCs. “Windows” on the applet toolbar allows you to toggle between PCs. Device DHCP/Radius Server PC 1, 2, 3 PC 5 PC 4 (mgmt PC) Switch 1 ge-0/0/23 Sales Engineering VLAN Name VLAN-ID Sales Engineering Remote 10 20 30 10 20 Subnet/IP Address 10.1.x.0/24 20.1.x.0/24 192.168.100.254/24 DHCP 20.1.x.1/24 30.1.x.5/24 192.168.100.x/24
?Juniper Networks, Inc.
2

EX Switch Series Quick Start Training Guide
Note: x denotes the Kit number. For example, if you reserve Kit 3, then the IP address scheming will be 10.1.3.0/24 for Sales and 20.1.3.0/24 for Engineering. This will be true throughout this lab.
EX Basics
There are two flavors of EX series. One is a 3200EX series, which is a standalone box, and the 4200EX can either be a standalone or Virtual Chassis system. Within each series, there is a T model (8 POE ports) and the P model (all ports are POE). The EX series switches can operate in both Layer 2 and Layer 3 environment. A new family, ethernet-switching, is introduced for Layer 2 port configuration. Layer 3 still follows the JUNOS family convention, family inet.
Objective:
Get familiar with some basic commands on a single switch and assign an IP address on the management port.
Exercise 1: Logging into the switch
When logging into the switch as root you will be placed into a shell. Step 1: Open SecureCRT and connect to Switch 1. Step 2: At the login prompt, enter “juniper”. At the password prompt enter “juniper1” Amnesiac (ttyu0) login: juniper Password: --- JUNOS 9.0R2.10 built 2008-03-06 10:31:45 UTC juniper>
Exercise 2: show commands
Step 1: From the operational mode, enter ‘show chassis hardware’ juniper> show chassis hardware Hardware inventory: Item Version Part number Chassis REV X3 750-021254 FPC 0 REV 02A 711-021263 CPU BUILTIN PIC 0 BUILTIN Power Supply 0 REV 01 740-020957 Fan Tray
Serial number BP020******* AJ020******* BUILTIN BUILTIN AT0507430371
Description EX4200-48T EX4200-48T, 8 POE FPC CPU 48x 10/100/1000 Base-T PS 320W AC Fan Tray
The above is a sample output of ‘show chassis hardware’ command. The output provides hardware information such as hardware components, serial number, and description. Although the output lists multiple components, only the power supply and fan tray are FRUABLE (replaceable). Step 2: Additional show commands to try are:
?Juniper Networks, Inc. 3

EX Switch Series Quick Start Training Guide
? ? ?
‘show chassis lcd’ this will give you the readout of the LCD front panel. ‘show version’ for software version ‘show system uptime’ for system uptime, current date and time.
Step 3: To view MAC address table, then enter the following command ‘show ethernet-switching table’ juniper> show ethernet-switching table Ethernet-switching table: 4 entries, 3 learned VLAN MAC address Type default * Flood default 00:0c:29:7b:5e:97 Learn default 00:50:56:10:00:01 Learn default 00:50:56:30:00:02 Learn NOTE: Your output will be different from the above output. The ‘show ethernet-switching table’ output lists all the mac address and their associating VLAN and interface which the mac address was last learned on.
Age 0 0 0
Interfaces All-members ge-0/0/23.0 ge-0/0/23.0 ge-0/0/23.0
Exercise 3: Configuring host-name, user, and management interface (me0), enable telnet
In JUNOS, there are two different modes: ? Operational Mode – In this mode, you can retrieve systems information such as version, statistics, forwarding table via show commands or execute operational command such as reboot, clear statistics via request. juniper> Configuration Mode – All configurations for the system are done in this mode via set or delete. juniper#
?
The prompt tells you which mode you are in. In operational mode, the prompt is “>”. If you are in the configuration mode, then the prompt will be “#”. “?” is your friend. At any given time (in either mode), you can type “?” to list possible command completion or available commands. juniper> show con? Possible completions: configuration connections juniper# set chassis ? Possible completions: > aggregated-devices > alarm + apply-groups + apply-groups-except
Show current configuration Show circuit cross-connect connections
Aggregated devices configuration Global alarm settings Groups from which to inherit configuration data Don't inherit configuration data from these groups
?Juniper Networks, Inc.
4

EX Switch Series Quick Start Training Guide
Step 1: Configuration Mode Type ‘configure’ at the operational command to enter into the configurational mode. juniper> configure Entering configuration mode [edit] juniper# Step 2: Configure host-name for Switch 1 and 2 The command to configure the hostname for the system is ‘set system host-name ’. For my lab, I’m going to name my Switch 1 “ONE” as shown below. juniper# set system host-name ONE Step 3: Configure users for Switch 1 and 2 There is an option to manually configure user, user’s privilege, and passwords on the EX series switches. The command to configure a user is ‘set system login user class authentication ’. In the example below, I created a user name “user1” with a read-only privilege using plain-text-password as the authentication method. “user1” will only be able execute limited show commands. juniper# set system login user user1 class read-only authentication plain-textpassword New password: <-- Enter password for “user1” Retype new password: <-- Re-enter password for “user1” What is the privilege level for user juniper? Step 4: Configure management interface for Switch 1 and 2. The EX series switches management port is me0. me0 is similar to fxp0 on M/MX/T series. The table below is the IP address assignment for Switch 1 and 2. Switch Switch 1 Switch 2 me0 IP Address 30.1.x.1/24 30.1.x.2/24
The command to configure the me0 interface is ‘set interface me0 unit 0 family inet address ’. The configuration below was configured on Switch 1 management interface with 30.1.1.1/24. juniper# set interfaces me0 unit 0 family inet address 30.1.1.1/24
?Juniper Networks, Inc. 5

EX Switch Series Quick Start Training Guide
The same command will need to be done on Switch 2 but with Switch 2 IP address (see Table above). Step 5: Enable telnet To enable telnet services, enter the following command ‘set system services telnet’ juniper# set system services telnet Step 6: To apply the configuration, type ‘commit’. This will apply all configurational changes to the system. juniper# commit To exit out of configuration mode, then type ‘exit’. If you want to commit and exit in a single command, then type ‘commit and-quit’. Step 7: From the PC 4 telnet to Switch 1 me0 IP address and use the user credentials you just created.
Virtual Chassis
The EX 4200 series switches can either be a standalone or interconnect to form a Virtual Chassis system. A Virtual Chassis is comprised of multiple of EX 4200 series switches connected to each other to form a logical single chassis system. The Virtual Chassis is formed either through the dedicated Virtual Chassis Ports (VCP) located in the back of the chassis or through the 10 GbE uplink ports. If the dedicated VCPs are connected, then VC will form automatically. If you want to form the Virtual Chassis from the 10 GbE uplink port, then an operational command is required, ‘request virtual-chassis vc-port set interface ’. In a Virtual Chassis there is always a master and backup Routing Engine (RE). The master RE is responsible for managing the virtual chassis and the backup is on standby in case of a master failure. For the other switch that is not a master or backup, then it takes on the role of a linecard. A switch that is acting as a linecard, can still be eligible to be a master/backup if the current ones failed. The master and backup runs the full fledge JUNOS operating system while the linecard runs the lightweight of JUNOS. The Virtual Chassis can be managed through a single IP via the Virtual Management Ethernet (vme). Also, all console connections through the non-master switches are redirected to the master RE. Objective: In this exercise, the Virtual Chassis is Switch 3 and 4; they are already connected via the dedicated VCP. Through show commands, you will be able to determine who is master and backup. You will learn how to change the mastership priority in the virtual-chassis stanza, configure vme interface, and change member-ids
?Juniper Networks, Inc.
6

EX Switch Series Quick Start Training Guide
Exercise 1: Accessing the Virtual Chassis via the console
When accessing the Virtual Chassis via the console port through a non-master switch. The connection will always get redirected to the master console. Step 1: From SecureCRT console to Switch 4. The login is juniper and password is juniper1. You should see the below output. Amnesiac (ttyu0) login: juniper Logging to master €Password: <-- console redirection
--- JUNOS 9.0R2.10 built 2008-03-06 10:31:45 UTC juniper> If you do not get the above output, then console into Switch 3. Step 2: From the operational mode, enter “show virtual-chassis status” command. juniper> show virtual-chassis status Virtual Chassis ID: 0019.e250.a280 Member ID 0 (FPC 0) 1 (FPC 1) Status Prsnt Prsnt Mastership Serial No Model priority BR020******* ex4200-24f 128 BR020******* ex4200-24f 128 Role Master* Backup Neighbor List ID Interface 1 vcp-0 0 vcp-1
Member ID for next new member: 2 (FPC 2) NOTE: The master and backup role may be reversed The ‘virtual-chassis status’ command provides basic system information such as virtual chassis id, member-id, serial number, switch role, etc. The Virtual Chassis ID (VCID) uses the master’s systems MAC address. This mac address is used by the Virtual Chassis system. To view all system MAC addresses type ‘show chassis mac-addresses’. Member-ID is assigned by the master and increments numerically from 0-9. The last line of the output tells you the next available member-id. To renumber a switch member-id, type the following command ‘request virtual-chassis renumber member-id new-member-id ’ at the operational mode. Base on the above output, Switch 3 is member-id is 0 and Switch 4 member-id is 1. In my example below, I changed Switch 4 member-id to 5. juniper> request virtual-chassis renumber member-id 1 new-member-id 5 To move configuration specific to member ID 1 to member ID 5, please use the replace command. e.g. replace pattern ge-1/ with ge-5/ Do you want to continue ? [yes,no] (yes) Notice the new member-id for Switch 4 is now 5. Also, notice the last line of the output has changed. If a new switch is added to the Virtual Chassis, then it will get assigned with a member-id of 1.
?Juniper Networks, Inc.
7

EX Switch Series Quick Start Training Guide
juniper> show virtual-chassis status Virtual Chassis ID: 0019.e250.a280 Member ID 0 (FPC 0) 5 (FPC 5) Status Prsnt Prsnt Mastership Serial No Model priority BR020******* ex4200-24f 128 BR020******* ex4200-24f 128 Role Master* Backup Neighbor List ID Interface 5 vcp-0 0 vcp-1
Member ID for next new member: 1 (FPC 1) Status gives you the current condition of the of the switch member. Present (Prsnt) is active, Not Present (NotPrsnt) member is not part of the Virtual Chassis. Mastership priority shows the current priority value of the switch. Default value is 128. This is configurable in the virtual-chassis stanza in the configuration mode. The mastership priority can be assigned between 0-255. A higher value has a higher probability of becoming the master. Role shows the current role of the switch. Possible roles are Master, Backup and Linecard. Neighbor ID/List Interface shows you the neighboring switch and local VCP connection. In the above output, Member 0’s vcp-0 is connected to Member 5.
Exercise 2: Virtual-Chassis Stanza
All Virtual Chassis related configuration is done under the virtual-chassis stanza such as mastership priority. Step 1: Change the member-id for Switch 4 back to 1. Step 2: Get into configuration mode by issuing ‘configure’ at the operational mode. Step 3: Change the priority on the Backup. The syntax to change the mastership priority is, ‘set virtual-chassis member mastershippriority ’. In my example, I’m increased the mastership priority to 130 for the “Backup RE” switch. juniper# set member 5 mastership-priority 130 [edit] juniper# commit synchronize ‘commit-synchronize’ is to commit and synchronize the configurational changes to both the master and backup REs. If ‘commit’ was only issued, then the master will only have the committed changes. Thus there will be different configuration file between the two and this will lead to undesirable results when RE fails over. If you increased the mastership-priority for the “Backup RE”, what happened? TIP: Good practice is to configure the same mastership priority for both the master and backup to avoid preemption.
?Juniper Networks, Inc.
8

EX Switch Series Quick Start Training Guide
Exercise 3: Configure host-name, user, and virtual management ethernet (vme).
Step 1: (Optional) Configure host-name and user for the Virtual Chassis. Step 2: Configure the management interface. The virtual management ethernet (vme) allows administrator to manage the Virtual Chassis by a single IP address. Assign the following IP address, 30.1.x.3/24 to the vme. NOTE: x denotes the Kit number. For example, if you are in Kit 3, then the IP address will be 30.1.3.3/24. To determine which Kit you are on, look at the top left of the PC control window (java applet). In my case, I’m in Kit 1 so my vme will be 30.1.1.3/24 as shown in the configuration below. juniper# set interfaces vme unit 0 family inet address 30.1.1.3/24 Step 3: Commit configuration changes and exit. The following warning message is expected when issuing ‘commit synchronize’, because a backup-router is not configured. Backup-router ensures the system is accessible over the network if the routing protocol process (RPD) is down. The backup-router should be the gateway of last resort on the local management subnet. You can configure one to avoid this message by entering the following command, ‘set system backup-router ’. Otherwise, just ignore the warning. juniper# commit synchronize fpc1: configuration check succeeds fpc0: [edit interfaces vme unit 0 family inet] 'address 30.1.1.3/24' warning: [edit system backup-router] not present. The default route for mgmt ethernet is not installed. commit complete fpc1: commit complete Step 4: Telnet to the vme0 address from PC 4.
Link Aggregation Group (LAG)/LACP (802.3ad)
LAG is bundling multiple physical links into one virtual bundle. This increases bandwidth and provides physical link redundancy. LAG can form either statically or dynamically via LACP. LACP is part of the IEEE specification 802.3ad that allows dynamic bundling of physical ports. JUNOS implemented a feature with LACP to provide basic-error checking for mis-configuration such as to ensure LAG is configured on both sides of the bundle. If mis-configuration is detected then the bundle will not be active.
?Juniper Networks, Inc.
9

EX Switch Series Quick Start Training Guide
On the EX series switches, LAG is configured as aggregate ethernet (ae). When forming a LAG, all links speed and duplex need to be the same. There is a maximum of 8 links in a LAG. The LAG ports do not need to be contiguous and can be across members in a Virtual Chassis. Hashing is automatically done, base on packet header. For non-IP packet, hashing is done source and destination MAC address. For IP packet, hashing is done on source and destination of MAC, IP, and if present, network ports.
Objective:
To configure aggregated ethernet and interpret basic show commands. LAG will be between Switch 1 and Virtual Chassis. The other LAG group will be between Switch 2 and Virtual Chassis.
Switch 1 Switch 2
Core/Aggregation Layer Access Layer
VC Switch = Aggregated Ethernet (ae)
Use the table below to help work through the LAG exercises.
?Juniper Networks, Inc.
10

EX Switch Series Quick Start Training Guide
Switch Switch 1 Switch 2 VC Switch
Ports ge-0/0/1, ge-0/0/2 ge-0/0/1, ge-0/0/2 ge-0/0/0, ge-1/0/0
No. of LAG 1 1 2
Aggregated Ethernet Bundle ae0 ae0 ae0 ae1
ge-0/0/1, ge-1/0/1
Exercise 1: Static Aggregated Ethernet
Manually configure LAG. Step 1: Number of LAG on a system The number of LAG needs to be defined in the system. For EX 3200, the maximum allow is 32 groups and EX 4200/Virtual Chassis is 64 groups. The following command, ‘set chassis aggregrated-devices ethernet device-count ’, defines the number of LAG. For Switch 1, I entered the below output. You will need define the number of LAG for Switch 2 and Virtual Chassis. Use the table above to determine the number of LAGs needed for the other switches. juniper# set chassis aggregated-devices ethernet device-count 1 Step 2: Removing logical interfaces By default, all ports have a logical interface (unit 0) configured. Logical interfaces cannot be part of the LAG bundle. To delete the logical interface from the port, type ‘delete interface unit ’. Below command was done on Switch 1. This needs to be done on all the interfaces that will be in LAG group. Use the table from the Objective section to determine the interfaces for the other switches. juniper# delete interfaces ge-0/0/1 unit 0 Step 3: Configure a port to be part of an aggregated ethernet bundle (ae) Aggregated ethernet is configured under the physical interface. The following command, ‘set interface ether-options 802.3ad ’ defines the physical interface to be part of the aggregated ethernet bundle. The below command was done on Switch 1. This needs to be done on all the interfaces that will be part of the aggregated ethernet bundle. Use the table from the Objective section to determine the aggregated ethernet bundle for the other switches. juniper# set interfaces ge-0/0/1 ether-options 802.3ad ae0
?Juniper Networks, Inc.
11

EX Switch Series Quick Start Training Guide
Step 4: Aggregated Ethernet Aggregated ethernet can either be a Layer 2 or Layer 3 interface. To configure ae as a Layer 2, then use family keyword “ethernet-switching”. For Layer 3, then use family keyword “inet”. In our lab, we will configure the aggregated ethernet as a Layer 2 interface. The command is ‘set interface unit 0 family ethernet-switching’. I entered the below command on Switch 1. Configure a Layer 2 aggregated ethernet interface for the other switches and commit the configurational changes. DO NOT EXIT from the configuration mode. juniper# set interfaces ae0 unit 0 family ethernet-switching Step 5: Validate the LAG Since aggregated ethernet interface is virtual interface, then ‘show interface ’ command can be used to check interface information and statistics. TIP: JUNOS allows you to run operational command from the configuration mode. To accomplish this, just type ‘run’ before any operational command. The below output was executed from the configuration mode of Switch 1. juniper# run show interfaces ae0 Physical interface: ae0, Enabled, Physical link is Up Interface index: 177, SNMP ifIndex: 136 Link-level type: Ethernet, MTU: 1514, Speed: 2000mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Minimum links needed: 1, Minimum bandwidth needed: 0 Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Current address: 02:19:e2:50:86:60, Hardware address: 02:19:e2:50:86:60 Last flapped : Never Input packets : 8088 Output packets: 22087362 Logical interface ae0.0 (Index 114) (SNMP ifIndex 137) Flags: SNMP-Traps 0x0 Encapsulation: ENET2 Statistics Packets pps Bytes Bundle: Input : 0 0 0 Output: 0 0 0 Protocol eth-switch, MTU: 0 Flags: None
bps 0 0
Exercise 2: LACP
LACP allows LAG to form dynamically. LACP works in two modes: ? Active – Sends LACP and actively tries to form bundle with neighboring device
?Juniper Networks, Inc.
12

EX Switch Series Quick Start Training Guide
?
Passive – Does not send LACP but listens for LACP. If the port receives a LACP, then it will try to form a bundle with neighboring device.
One sides need to be active in order for the bundle to be formed. This exercise only needs to be done on only one aggregated link. Choose any aggregated link. Step 1: LACP For LACP to work properly, LACP needs to be configured on both end of the bundle. The following LACP command, ‘set interface ae0 aggregated-ether-options lacp active’ is done under the main ae interface. Below is a sample configuration done on both Switch 1 and Virtual Chassis. juniper# set interfaces ae0 aggregated-ether-options lacp active Step 2: Commit, exit from configuration mode, and validate ‘show lacp interface ae0’ shows status and flags for LACP. Here is a sample output taken from the Virtual Chassis. juniper> show lacp interfaces ae0 Aggregated interface: ae0 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity ge-1/0/0 Actor No No Yes Yes Yes Yes Fast Active ge-1/0/0 Partner No No Yes Yes Yes Yes Fast Active ge-0/0/0 Actor No No Yes Yes Yes Yes Fast Active ge-0/0/0 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State ge-1/0/0 Current Fast periodic Collecting distributing ge-0/0/0 Current Fast periodic Collecting distributing In the LACP state, the interface is listed twice. The difference between the two is the role. The Actor role is local interface and Partner Role is the neighboring device. In the LACP protocol, the Receive State should be in Current, which means LAG is up.
Link Layer Discovery Protocol
LLDP is an open standard protocol that advertises basic information, such as, equipment capability, port info, etc. to the neighboring device. LLDP advertises on a well known multicast address. LLDP-MED is used to communicate with PoE capable end devices. This allows the switch to budget power consumption and to the PoE capable device. LLDP-MED also allows the switch to advertise voice VLAN and 802.1p to an IP phone. EX series switches support both LLDP and LLDP-MED and both are enabled by default. All LLDP related configuration is done at the protocol LLDP stanza
?Juniper Networks, Inc.
13

EX Switch Series Quick Start Training Guide
NOTE: For LLDP-MED, our switch will always budget a full class 3 regardless what the end device advertises. Although the switch budgets 15.4 watts, it will only send the required power for the PoE device.
Objective:
The scope of this exercise will focus only on LLDP. At the end you will be able to interpret show LLDP related command.
Exercise:
Step 1: LLDP Both LLDP and LLDP-MED are enabled by default. LLDP can be disabled on a per interface. The following command is to disable LLDP on an interface, ‘set protocols lldp interface disable’. To re-enable the interface, then change the keyword from “disable” to “enable”. Step 2: LLDP database To view the LLDP database, enter command, ‘show lldp neighbors’ at the operational mode. The below output was taken from Switch 2. juniper> show lldp neighbors LocalInterface Chassis Id Port info ge-0/0/0.0 00:19:e2:50:86:60 ge-0/0/0.0 ae0.0 00:19:e2:50:a0:00 ge-1/0/1.0 ae0.0 00:19:e2:50:a0:00 ae1.0 ae0.0 00:19:e2:50:a0:00 ge-0/0/1.0 System Name ONE Virtual_Chassis Virtual_Chassis Virtual_Chassis
Chassis ID is the system identifier. For the EX series switches, it is the system MAC address. Port Info is the neighboring port. System Name is the neighboring device Hostname Step 3: Detail LLDP information To get more detailed information, the following command, ‘show lldp neighbors interface ’ can be issued at the operational mode. The below output was taken from Switch 2. juniper> show lldp neighbors interface ge-0/0/0.0 LLDP Neighbor Information: Index: 1 Time to live: 120 Time mark: Fri Mar 7 20:41:43 2008 Age: 3 secs Local interface : ge-0/0/0.0 Chassis type : Mac address Chassis ID : 00:19:e2:50:86:60 Port type : Locally assigned Port ID : 22 Port description : ge-0/0/0.0 System name : ONE System description : Juniper Networks, Inc. ex4200-48t Latte, version 9.0R2.10 Build date: 2008-03-06 10:37:47 UTC
?Juniper Networks, Inc.
14

EX Switch Series Quick Start Training Guide
System capabilities Supported: Bridge Router Enabled : Bridge Management address Type : IPv4 Address : 30.1.1.1 The information will vary from vendor and device. For EX series switches, we advertise model, device capability (Bridge/Router), software version, management port, other basic system information.
VLAN
VLAN logically divides a Layer 2 device into separate Local Area Network (LAN) within a switch. Each VLAN confines all local traffic within its domain. On the EX series switches, you assign a VLAN to either an access or trunk port. An access port is a port that is a member to a single VLAN, which is common for a host port. A trunk port is a port that is a member to multiple VLANs, this is common for inter- switch links that need to extend multiple VLANs over a single link. When traffic traverses across a trunk port, the traffic is tagged with a VLAN identifier (802.1Q). Creating and deleting VLAN are done under the VLANs stanza.
Objective:
At the end of these exercises, you will be able to configure, assign ports to a VLAN, and interpret basic show commands.
Exercise 1: VLANs
Step 1: Enter configuration mode Step 2: Creating VLANs VLAN management is done under the VLANs stanza. The minimum configuration require for a VLAN is the name. Vlan-id is only required when the VLAN is part of a trunk. The vlan-id is the 802.1 tag id that is used to identify the traffic on the trunk link. The command to configure VLANs is ‘set vlans vlan-id ’. Configure the VLANs on all of the switches base on the table below. VLAN Name VLAN-ID Sales Engineering Remote 10 20 30
?Juniper Networks, Inc.
15

EX Switch Series Quick Start Training Guide
TIP: JUNOS is hierarchical software. To avoid repetitiveness use “edit” to configure similar syntax for a given stanza. To avoid repetitive typing of “set vlans” for each VLAN, I’m going to “edit” the VLANs stanza. The example below was done on Switch 1. Configure the VLANs on all of the other switches. juniper# edit vlans [edit vlans] juniper# set Sales vlan-id 10 [edit vlans] juniper# set Engineering vlan-id 20 [edit vlans] juniper# set Remote vlan-id 30 [edit vlans] juniper# top [edit] juniper# Step 3: Commit configurational changes and exit. Step 4: VLAN validation All VLAN related information can be derived from ‘show vlans’ command in the operational mode. juniper> show vlans Name Tag Engineering 20 Remote Sales default ae0.0*, ge-0/0/0.0*, ge-0/0/3.0, ge-0/0/4.0, ge-0/0/5.0, ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0, ge-0/0/11.0, ge-0/0/12.0, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0, ge-0/0/16.0, ge-0/0/17.0, ge-0/0/18.0, ge-0/0/19.0, ge-0/0/20.0, ge-0/0/21.0, ge-0/0/22.0, ge-0/0/23.0*, ge-0/0/24.0, ge-0/0/25.0, ge-0/0/26.0, ge-0/0/27.0, ge-0/0/28.0, ge-0/0/29.0, ge-0/0/30.0, ge-0/0/31.0, ge-0/0/32.0, ge-0/0/33.0, ge-0/0/34.0, ge-0/0/35.0, ge-0/0/36.0, ge-0/0/37.0, ge-0/0/38.0, ge-0/0/39.0, ge-0/0/40.0, ge-0/0/41.0, ge-0/0/42.0, ge-0/0/43.0, ge-0/0/44.0, ge-0/0/45.0, ge-0/0/46.0, ge-0/0/47.0

Name is the you assigned to identify the VLAN Tag is the 802.1Q tag. 30 None 10 None Interfaces None <-- this command moves you back to the top of the of the configuration hierarchy
?Juniper Networks, Inc.
16

EX Switch Series Quick Start Training Guide
Interface is a list of ports that is associated to VLAN. You have the option to view VLAN specific information by specifying the VLAN name. The syntax is ‘show vlans ’
Exercise 2: Port-Modes
By default, all ports are access-ports. Trunk ports requires configuration. Step 1: Enter into the configuration mode. Step 2: Define port mode. The command syntax to configure trunk port is, ‘set interface unit 0 family ethernet-switching port-mode trunk’. To change the port back to access mode, then change the keyword from “trunk” to “access”. Use the table below to determine the port role. Switch Switch 1 and 2 Virtual Chassis Virtual Chassis Virtual Chasis Port ge-0/0/0, ae0 ae0, ae1 ge-0/0/2 ge-1/0/2 Port Mode trunk trunk access access
Only trunk ports need to be configured. The below command was done on Switch 1. TIP: When configuring the logical interface, you can avoid typing “unit ”, by using the “.” + “unit_number” in conjunction with interface.
knurt edom-trop gnihctiws-tenrehte ylimaf 0.0/0/0-eg secafretni tes #repinuj
The above command is equivalent to, ‘set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk’ Step 3: Commit the configuration changes.
Exercise 3: VLAN Membership
Step 1: Configure VLAN membership. By default all ports are part of VLAN “default”. Assigning a port to a VLAN, can be done one of two ways: ? Interface Level, by using the following command ‘set interfaces unit 0 family ethernetswitching vlan members ’
?Juniper Networks, Inc.
17

EX Switch Series Quick Start Training Guide
?
VLAN Level, by entering the following command ‘set vlans interface ’
Below is the VLAN membership information to complete this exercise. Switch Switch 1 and 2 Port VLAN Membership
ge-0/0/0, ae0 Sales, Engineering ae0, ae1 Sales, Engineering Sales Engineering
Virtual Chassis
ge-0/0/2 ge-1/0/2
TIP: Under interface level, use “all” keyword or square brackets [ …. ] for multiple VLANs. The below command was entered on Switch 1. Configure the other interfaces according to the table above. juniper> set interfaces ae0.0 family ethernet-switching vlan members [ Sales Engineering ] Step 2: Commit configurational changes and exit. Step 3: Validate VLAN membership The VLAN output was done on the Virtual Chassis. juniper@Virtual_Chassis> show vlans Sales detail VLAN: Sales, 802.1Q Tag: 10, Admin state: Enabled Number of interfaces: 3 (Active = 3) Untagged interfaces: ge-0/0/2.0* Tagged interfaces: ae0.0*, ae1.0* Untagged - Both TX and RX the packet will not be tagged. Tagged – Both TX and RX the packet will be tagged with 802.1q. The asterisk denotes the port is active. Another useful command is ‘show ethernet-switching interface’. This command provides a summary of VLAN, interface, and forwarding status.
?Juniper Networks, Inc.
18

EX Switch Series Quick Start Training Guide
juniper> show ethernet-switching interfaces Interface State VLAN members ae0.0 up Engineering Sales ge-0/0/0.0 up Engineering Sales ge-0/0/3.0 down default ge-0/0/4.0 down default

Blocking unblocked unblocked unblocked unblocked blocked - blocked by STP/RTG blocked - blocked by STP/RTG
TIP: Cisco switches implements hybrid trunks. A hybrid trunks is a given VLAN is either tagged or untagged (native VLAN) on a trunk for transmit and receive. The command to configure native VLAN on EX sereies switches is ‘set intefaces unit 0 family ethernet-switching native-vlan-id ’ Make sure the native VLAN matches on both switches.
Routed VLAN Interface (RVI)
Routed VLAN Interface is a Layer 3 VLAN interface. This allows IP traffic to be routed between VLANs and Lay3 routed interfaces.
Objective:
At the end of this exercise, you will be able configured RVI and understand basic show commands.
Exercise: Configuring RVI
Step 1: Configuring RVI for VLANs Sales and Engineering Configuring RVI is a two step process. First, configure a Layer 3 VLAN interface under the VLAN stanza. All RVIs are done under the VLAN interface with different logical unit. The command to configure RVI is ‘set interface vlan unit family inet ’. Next, bind the RVI to the VLAN under the VLANs database. The syntax is ‘set vlans l3-interface ’. Use the table below to configure the RVIs for Switch 1 and 2. Switch Switch 1 Engineering Sales Switch 2 Engineering 20 20.1.x.253/24 20 10 20.1.x.254/24 10.1.x.253/24 VLAN Sales VLAN-ID 10 IP Address 10.1.x.254/24
Here I configured the RVI on Switch 1. Complete the remaining RVI configuration for Switch 1 and 2.
?Juniper Networks, Inc.
19

EX Switch Series Quick Start Training Guide
juniper# set interfaces vlan unit 10 family inet address 10.1.1.254/24 [edit] juniper# set vlans Sales l3-interface vlan.10 NOTE: For management simplicity, it is recommended to match the unit number with VLAN-ID Step 3: Commit and exit. Step 4: RVI validation Here are some show commands to use to validate RVI configuration, ‘show vlans detail’, ‘show interfaces vlan’ or ‘show interface terse’
Spanning-Tree Protocol
Spanning-tree is a Layer 2 protocol that ensures loop free network by blocking redundant Layer 2 paths. Communication between spanning-tree enabled switches is done through Bridge Protocol Data Unit (BPDU). EX switches support all three flavors of Spanning Tree, 802.1D (STP), 802.1w (RSTP), and 802.1s (MSTP). RSTP is enabled by default. Spanning Tree is configured under the protocol stanza. NOTE: EX STP implementation is RSTP with a forced version 0. Both STP and RSTP are a single instance of spanning-tree protocol (supports one Layer 2 forwarding topology). RSTP improves on the convergence time.
Objective:
At the end of this exercise, you will be able to configure all three flavors of spanning-tree and interpret show spanning-tree related commands.
Exercise 1: STP/RSTP
Step 1: Bridge Priority Spanning-tree relies on one bridge being the root. There is an election process for determining which switch is root. The election process is based on the bridge id. The bridge with the lowest bridge id wins. A bridge id is comprised of a bridge priority and bridge MAC address. Only the bridge priority can be manipulated. By default, all switches bridge priority is 32678. The command to change the priority is ‘set protocols bridge-priority ’. We want to Switch 1 to be the root. Enter the below command on Switch 1.
k4 ytiroirp-egdirb ptsr slocotorp tes #repinuj
NOTE: STP uses the same syntax, just change the protocol from RSTP to STP. Step 2: Commit and exit
?Juniper Networks, Inc. 20