Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX9200] Bidirectional VLAN identifier translation

0

0

Article ID: KB30331 KB Last Updated: 05 Mar 2017Version: 2.0
Summary:

This article shows you how VLAN translation allows you to configure bidirectional VLAN identifier translation on frames arriving on and leaving from a logical interface. This lets you use unique VLAN identifiers internally and maintain legacy VLAN identifiers on logical interfaces.

The following legacy KB article will not work for the EX9200 platform.
KB16755 - VLAN Translation

Symptoms:
Topology:



Scenario 1: Consider the case of two old isolated network, vlan10 and vlan20, on Source-Device with a network range of 100.10.0.0/24 (vlan10) and 100.20.0.0/24 (vlan20). We are attaching them to a working network. Similarly, on an existing Destination-Device we do have same network configured, however the vlan-id was different. 100.10.0.0/24 was used for vlan1010 and 100.20.0.0/24 was used for vlan2020 vlans respectively. On either source or destination devices, we cannot change network or vlan-id. Our task is to communicate between source and destination on vlan10 to vlan1010 and vlan20 to vlan2020.

Scenario 2: Add-on to the above situation: consider a vlan30 on both source and destination devices using same network 100.30.0.0/24. For communication on vlan30, we do not require translation and this communication should happen on the same interfaces.
Solution:
Solution for Scenario-1:

We can achieve this task by VLAN translation method on L2 EX device. As a part of VLAN translation, it is not required to configure the old vlan-id on our existing working network. Also, this example translates frame VLANs from ‘old’ to ‘new’ on ingress and ‘new’ to ‘old’ on egress (on same interface).


user1@ex9214-1> show configuration vlans
vlan1010 {
vlan-id 1010;
 }
vlan2020 {
vlan-id 2020;
 }

user1@ex9214-1> show configuration interfaces ge-0/0/3
flexible-vlan-tagging;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 1010 2020 ];
  }
vlan-rewrite {
translate 10 1010; >>>> This command will translate the incoming vlan 10 tagged frame to vlan 1010
translate 20 2020; >>>> This command will translate the incoming vlan 20 tagged frame to vlan 2020
    }
  }
}

user1@ex9214-1> show configuration interfaces ge-0/0/5
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 1010 2020 ];
    }
  }
}

user1@ex9214-1> show configuration vlans | display set
set vlans vlan1010 vlan-id 1010
set vlans vlan2020 vlan-id 2020

user1@ex9214-1> show configuration interfaces ge-0/0/3 | display set
set interfaces ge-0/0/3 flexible-vlan-tagging
set interfaces ge-0/0/3 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members 1010
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members 2020
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan-rewrite translate 10 1010
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan-rewrite translate 20 2020

user1@ex9214-1> show configuration interfaces ge-0/0/5 | display set
set interfaces ge-0/0/5 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members 1010
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members 2020

Verification:

user1@SOURCE> ping 100.10.0.2 source 100.10.0.1 count 1
PING 100.10.0.2 (100.10.0.2): 56 data bytes
64 bytes from 100.10.0.2: icmp_seq=0 ttl=64 time=4.780 ms

--- 100.10.0.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.780/4.780/4.780/0.000 ms

Packet Capture on Source-Device: (ICMP Request Out on vlan10)

01:44:45.640848 Out 00:05:86:2d:41:03 > 00:05:86:1d:22:03, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, 100.10.0.1 > 100.10.0.2: ICMP echo request, id 4632, seq 0, length 64

Packet Capture on Destination-Device: (ICMP Reply Out on vlan1010)

01:44:45.643801 Out 00:05:86:1d:22:03 > 00:05:86:2d:41:03, ethertype 802.1Q (0x8100), length 102: vlan 1010, p 0, ethertype IPv4, 100.10.0.2 > 100.10.0.1: ICMP echo reply, id 4632, seq 0, length 64

Solution for Scenario-2: Here we need to add and allow vlan30 on incoming and outgoing trunk interface (without any translation)


user1@ex9214-1# show | compare
[edit interfaces ge-0/0/3 unit 0 family ethernet-switching vlan]
- members [ 1010 2020 ];
+ members [ 30 1010 2020 ];
[edit interfaces ge-0/0/5 unit 0 family ethernet-switching vlan]
- members [ 1010 2020 ];
+ members [ 30 1010 2020 ];
[edit vlans]
+ vlan30 {
+ vlan-id 30;
+ }

[edit]
user1@ex9214-1# show vlans | display set
set vlans vlan1010 vlan-id 1010
set vlans vlan2020 vlan-id 2020
set vlans vlan30 vlan-id 30

[edit]
user1@ex9214-1# show interfaces ge-0/0/3 | display set
set interfaces ge-0/0/3 flexible-vlan-tagging
set interfaces ge-0/0/3 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members 30
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members 1010
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members 2020
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan-rewrite translate 10 1010
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan-rewrite translate 20 2020

[edit]
user1@ex9214-1# show interfaces ge-0/0/5 | display set
set interfaces ge-0/0/5 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members 30
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members 1010
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members 2020

Verification:

user1@SOURCE> ping 100.30.0.2 source 100.30.0.1 count 1
PING 100.30.0.2 (100.30.0.2): 56 data bytes
64 bytes from 100.30.0.2: icmp_seq=0 ttl=64 time=4.623 ms

--- 100.30.0.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.623/4.623/4.623/0.000 ms

Packet Capture on Source-Device: (ICMP Request Out on vlan30)

03:16:06.806906 Out 00:05:86:2d:41:03 > 00:05:86:1d:22:03, ethertype 802.1Q (0x8100), length 102: vlan 30, p 0, ethertype IPv4, 100.30.0.1 > 100.30.0.2: ICMP echo request, id 64308, seq 0, length 64

Packet Capture on Destination-Device: (ICMP Reply Out on vlan30)

03:16:06.810296 Out 00:05:86:1d:22:03 > 00:05:86:2d:41:03, ethertype 802.1Q (0x8100), length 102: vlan 30, p 0, ethertype IPv4, 100.30.0.2 > 100.30.0.1: ICMP echo reply, id 64308, seq 0, length 64
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search