Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX/SRX] What are the two switch port modes in VLAN tagging for EX Series switches and SRX firewalls?

0

0

Article ID: KB11234 KB Last Updated: 09 Oct 2019Version: 6.0
Summary:

This article provides information about the two switch port modes in VLAN tagging for EX Series switches and SRX firewalls.

Symptoms:
  • A VLAN is a collection of network nodes that are logically grouped together to form separate broadcast domains.

  • A VLAN has the same general attributes as a physical LAN, but it allows all nodes for a particular VLAN to be grouped together, regardless of the physical location.

  • Connectivity within a VLAN is established and maintained through software configuration, which makes VLANs such a dynamic and flexible option in today’s networking environments.

  • The ports or interfaces on a switch operate in either the access or trunk mode.

  • The information below describes the Access and Trunk port modes and the differences between them.

Solution:

The VLAN tag is a 4-byte tag inserted into Ethernet frames with a maximum size of 1522 bytes, and is used to consistently associate traffic with a particular VLAN. The individual frames must be tagged as they are passed throughout a network.

When assigning a VLAN to a switching port on the switch/firewall, users can assign either of the following modes:

  • Access Mode

  • Trunk Mode

Access mode - also known as untagged mode:

  • This mode is used to connect network devices, such as desktop computers, IP telephones, printer, and file servers.

  • The port receives and transmits untagged Ethernet frames from the network devices.

  • The port that belongs to a single VLAN is also known as native VLAN.

  • This mode is the default mode for all switching ports.

  • Example of switch port configuration in the access mode:

}
ge-0/0/10 {
    unit 0 {
        family ethernet-switching {
            vlan {
                members blue;
            }
        }
    }
}

Trunk mode - also known as tagged mode:

  • This mode is used to connect to other switches or routers.

  • The port transmits and receives Ethernet frames with VLAN tags for multiple VLANs.

  • The port must be explicitly configured in trunk mode.

  • Example of a switch port configured in trunk mode:

ge-0/0/12 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ blue yellow ];
            }
        }
    }
}        

Example of a VLAN configuration:   

vlans {
    blue {
        vlan-id 30;
    }
    green {
        vlan-id 10;
    }
    red {
        vlan-id 40;
    }
    yellow {
        vlan-id 20;
    }
}
Modification History:

2019-10-09: Minor, non-technical updates made; SRX firewall information included because the article applies to SRX firewalls as well.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search