Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] VLAN Translation

0

0

Article ID: KB16755 KB Last Updated: 29 Sep 2017Version: 3.0
Summary:

Starting with Junos 10.0, EX3200/EX4200 switches allow the incoming packets’ VLAN tags to be swapped/translated with a new VLAN tag.

Symptoms:

How to allow the incoming packets’ VLAN tags to be swapped/translated with a new VLAN tag.


 
Solution:

Use the mapping keyword under the interface within the VLAN stanza:

  • "swap" configuration can only be enabled on dot1q-tunneling access ports
  • 1:1 translation from c-vlan to s-vlan and vice versa
  • Multiple pairs of c-vlan <-> s-vlan translation can be supported on a single dot1q-tunneling access port as long as these c-vlan and s-vlan are unique

Note:  Dot1p values are reserved

A packet received on a physical port is only accepted for processing if the VLAN tags of the received packet match the VLAN tags associated with one of the logical interfaces configured on the physical port. The VLAN tags of the received packet are translated only if they are different than the normalized VLAN tags. For the translation case, the vlan-id or vlan-tags statements specify the normalized VLAN. For this case, the terms "learn VLAN" and "normalized VLAN" can be used interchangeably.

Specify the normalized VLAN using one of the following configuration statements:

  • vlan-id vlan-number
  • vlan-id none
  • vlan-tags outer outer-vlan-number inner inner-vlan-number

VLAN TRANSLATION CAVEATS:
 
  1. "swap" and "policy" cannot coexist
  2. "swap" and "push" cannot coexist
  3. "swap" cannot be used with "native"

VLAN-ID TRANSLATION EXAMPLE WITHOUT "DOT1Q-TUNNELING" KEYWORD

  • Only packets with vlan-id of 30 will be swapped with vlan-id 300
  • Other non-matching packets are subjected to be dropped, unless another “mapping” is configured on a different VLAN
root@access> show configuration vlans
vlan-300 {
   vlan-id 300;
   interface {
      ge-0/0/0.0 {
         mapping {
            30 {
               swap;
            }
         }
      }
   }
}

VLAN-ID TRANSLATION EXAMPLE WITH SINGLE TAGGED FRAME


  • Only packets with vlan-id of 20 and 30 will be swapped with vlan-id 200 and 300 respectively
  • Other non-matching packets are subjected to be dropped, unless another “mapping” is configured on a different s-VLAN
   root@access> show configuration vlans
   vlan-200 {
      vlan-id 200;
      interface {
         ge-0/0/0.0 {
            mapping {
               20 {
                  swap;
               }
            }
         }
      }
       dot1q-tunneling;
   }
   vlan-300 {
      vlan-id 300;
      interface {
         ge-0/0/0.0 {
            mapping {
               30 {
                  swap;
               }
            }
         }
      }
       dot1q-tunneling;
   }

 

VLAN-ID TRANSLATION EXAMPLE WITH DOUBLE TAGGED FRAME

  • Only packets with vlan-id of 20 and 30 will be swapped with vlan-id 200 and 300 respectively
  • Other non-matching packets are subjected to be dropped, unless another “mapping” is configured on a different s-VLAN
   root@access> show configuration vlans
   vlan-200 {
      vlan-id 200;
      interface {
         ge-0/0/0.0 {
            mapping {
               20 {
                  swap;
                }
             }
          }
       }
        dot1q-tunneling;
    }
    vlan-300 {
       vlan-id 300;
       interface {
          ge-0/0/0.0 {
             mapping {
                30 {
                   swap;
                }
             }
          }
       }
        dot1q-tunneling;
    }
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search