Latest

Home / Juniper / Networks / How to configure Private VLANs on Juniper Switches

How to configure Private VLANs on Juniper Switches

October 28, 2020 ,

VLANs : Virtual Local Area Networks
VLANs is the way to partition the various Layer 2 network with in one Local Area Network which simply means that if you want to isolate two different department in one LAN you can isolate these by using the two VLANs. Let me give you an example, We have two departments and they are Finance and HRA. 

We want to separate both traffic with each other, then we can define the Finance in VLAN 3 and HRA in VLAN 4. Now by using these VLANs you can separate the traffic. But still if you want to can have a communication between Finance and HRA departments.

Private VLANs
Here we divided the VLANs in Primary and Secondary and you can provide the isolation between the ports in the secondary VLANs within the same Private VLAN. I already put a link on Private VLAN above. Please go through it for further understanding

So now talk about the Topology and the configuration of the Private VLANs on Juniper Switches as a reference model. It can be different as per the network and the design in your environment.


Fig 1.1- Private VLANs Topology- Juniper Switches


Above is the Topology we are using and below is the configuration associated with the above topology 

Setting the VLAN ID
NDNA@switch#set vlans pvlan vlan-id 1000

Setting Interfaces and Port modes
NDNA@switch#set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
NDNA@switch#set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members pvlan
NDNA@switch#set interfaces ge-1/0/0 unit 0 family ethernet-switching port-mode trunk
NDNA@switch#set interfaces ge-1/0/0 unit 0 family ethernet-switching vlan members pvlan
NDNA@switch#set interfaces ge-0/0/11 unit 0 family ethernet-switching port-mode access
NDNA@switch#set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode access
NDNA@switch#set interfaces ge-0/0/13 unit 0 family ethernet-switching port-mode access
NDNA@switch#set interfaces ge-0/0/14 unit 0 family ethernet-switching port-mode access
NDNA@switch#set interfaces ge-0/0/15 unit 0 family ethernet-switching port-mode access
NDNA@switch#set interfaces ge-0/0/16 unit 0 family ethernet-switching port-mode access

Setting down the Primary VLAN with no Local Switching
NDNA@switch#set vlans pvlan no-local-switching

Adding trunk Interfaces
NDNA@switch#set vlans pvlan interface ge-0/0/0.0
NDNA@switch#set vlans pvlan interface ge-1/0/0.0

Configure the secondary VLANs with VLAN IDs and interfaces
NDNA@switch#set vlans hr-comm vlan-id 400
NDNA@switch#set vlans hr-comm interface ge-0/0/11.0
NDNA@switch#set vlans hr-comm interface ge-0/0/12.0
NDNA@switch#set vlans finance-comm vlan-id 300
NDNA@switch#set vlans finance-comm interface ge-0/0/13.0
NDNA@switch#set vlans finance-comm interface ge-0/0/14.0

Setting up Community Private VLANs
NDNA@switch#set vlans hr-comm primary-vlan pvlan
NDNA@switch#set vlans finance-comm primary-vlan pvlan

Setting up the Isolated VLANs further
NDNA@switch#set vlans pvlan interface ge-0/0/15.0
NDNA@switch#set vlans pvlan interface ge-0/0/16.0

By doing the above configuration, you are set with the Private VLANs in your environment of Juniper Switches. I will come up with the Cisco and Huawei Switches as well where i can explain the Private VLANs configurations.