Two Ways of Setting Up VLANs on Juniper Switches

With Cisco IOS, when it comes to setting up a VLAN and VLAN Membership, the process is in fact very straight forward. JunOS give us two ways of setting up a VLAN’s membership – regardless the method you use, the result will be exactly the same.

Q: Isn’t this already explained on Juniper’s website?
A: Yes, it is!
Q: So why would you carry on reading?
A: I reckon that, on Juniper’s website some things are not clear. Secondly, I will be showing you a few  gotchas which Juniper doesn’t mention either – this will mostly relate to the implementation logic.

As usually, let’s see a diagram:

So we will setup two VLANs – there is one way only for creating a VLAN; we will use the following set commands:

root# run show configuration vlans
VLAN-10;
vlan-20 {
    vlan-id 20;
}

{master:0}[edit]
root# run show configuration vlans | display set
set vlans VLAN-10
set vlans vlan-20 vlan-id 20

Few things already to observe here:

1. When creating a VLAN, we give it a name, a vlan-id, or both! Should a vlan-id not be specified, that vlan will handle untagged frames. On Juniper’s website it is mentioned that the vlan-id is automatically generated – I could not verify this, as shown below. You can see that tagging is only enabled for VLAN-20.
2. Another thing we notice is that by default, there is already a VLAN setup on the switch – this is called the default vlan and it carries untagged frames. Unlike Cisco switches, it *does not* have the vlan-id 1. Here is something very cool: even though both vlans (default & vlan-10) carry untagged frames, the broadcast domain is still separate!

{master:0}[edit]
root# run show vlans detail
VLAN: VLAN-10, 802.1Q Tag: Untagged, Admin State: Enabled

VLAN: default, 802.1Q Tag: Untagged, Admin State: Enabled

VLAN: vlan-20, 802.1Q Tag: 20, Admin State: Enabled

{master:0}[edit]
root# run show vlans extensive
VLAN: VLAN-10, Created at: Fri Sep 13 07:32:47 2013
Internal index: 4, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 0 (Active = 0)

VLAN: default, Created at: Fri Sep 13 06:41:28 2013
Internal index: 3, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 0 (Active = 0)

VLAN: vlan-20, Created at: Fri Sep 13 07:32:47 2013
802.1Q Tag: 20, Internal index: 5, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 0 (Active = 0)

Let’s now move onto the two methods of creating the VLAN membership – i.e., which ports belong to which vlan.

METHOD I

The configuration logic allows to specify under the vlans configuration hierarchy, which interfaces are part of that particular vlan. In our case, I want to add interfaces go-0/0/10 & go-0/0/11 to vlan 10. So all I need to do is “drill down” into the vlan-10 configuration hierarchy and add the relevant interfaces. I will call this Juniper’s way!
Now watch this:

{master:0}[edit]
root# edit vlans
{master:0}[edit vlans]
root# edit VLAN-10
root# set interface ?
Possible completions:
<interface_name> Interface name that uses this VLAN
vcp-255/0/0.32768
vcp-255/0/1.32768
bme0.32768
bme0.32770
lo0.16384
me0.0
…

So where the heck are my Gigabit interfaces!?
Here is the thing: you can only work with Layer2 interfaces. The reason why our interfaces are not listed is very simple! As far as JunOS is concerned, the gigabit interfaces are not currently setup for switching.

NOTE that by default, all switch ports are configured for switching. I have however removed the default configuration in order to make a point! It is useful to know this because you may come across scenarios where a specific port was configured for a different purpose …

Since we’ll use a total of four interfaces as Layer2 switching ports, let’s just configure them as such:

{master:0}[edit]
root# run show configuration interfaces | display set
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set interfaces ge-0/0/11 unit 0 family ethernet-switching
set interfaces ge-0/0/20 unit 0 family ethernet-switching
set interfaces ge-0/0/21 unit 0 family ethernet-switching
root# run show configuration interfaces
ge-0/0/10 {
   unit 0 {
      family ethernet-switching;
   }
}
ge-0/0/11 {
   unit 0 {
      family ethernet-switching;
    }
}
ge-0/0/20 {
    unit 0 {
      family ethernet-switching;
    }
}
ge-0/0/21 {
    unit 0 {
       family ethernet-switching;
    }
}

Following the actions above, let’s try again make ge-0/0/10 – 11 interfaces, part of vlan 10:

{master:0}[edit]
root# edit vlans
{master:0}[edit vlans]
root# edit VLAN-10
{master:0}[edit vlans VLAN-10]
root# set interface ?
Possible completions:
<interface_name> Interface name that uses this VLAN
vcp-255/0/0.32768
vcp-255/0/1.32768
ge-0/0/10.0
ge-0/0/11.0
ge-0/0/20.0
ge-0/0/21.0
bme0.32768
bme0.32770
lo0.16384
me0.0
{master:0}[edit vlans VLAN-10]
root# set interface ge-0/0/10
{master:0}[edit vlans VLAN-10]
root# set interface ge-0/0/11
{master:0}[edit vlans VLAN-10]
root# show
interface {
    ge-0/0/10.0;
    ge-0/0/11.0;
}

… and the relevant set commands:

{master:0}[edit vlans VLAN-10]
root# run show configuration vlans | display set
set vlans VLAN-10 interface ge-0/0/10.0
set vlans VLAN-10 interface ge-0/0/11.0
set vlans vlan-20 vlan-id 20

METHOD II

METHOD II 
The second method attaches a vlan to a specific interface; hence the configuration is done within the interfaces hierarchy. This is more like Cisco way of doing it …  Let’s use this method to configure membership for vlan-20:

{master:0}[edit]
root# show interfaces | display set
[...] set interfaces ge-0/0/20 unit 0 family ethernet-switching vlan members vlan-20
set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members vlan-20
root# show interfaces
[...] ge-0/0/20 {
     unit 0 {
        family ethernet-switching {
            vlan {
                members vlan-20;
             }
         }
    }
}
ge-0/0/21 {
      unit 0 {
         family ethernet-switching {
             vlan {
                 members vlan-20;
             }
         }
     }
}

This is it! In a way, using the 2nd method, the vlan becomes a kind-of property of the ether-switching feature.
Let’s run two show commands:

{master:0}[edit]
root# run show vlans extensive
VLAN: VLAN-10, Created at: Fri Sep 13 07:32:47 2013
Internal index: 4, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 2 (Active = 0)
ge-0/0/10.0, untagged, access
ge-0/0/11.0, untagged, access
VLAN: default, Created at: Fri Sep 13 06:41:28 2013
Internal index: 3, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 0 (Active = 0)
VLAN: vlan-20, Created at: Fri Sep 13 07:32:47 2013
802.1Q Tag: 20, Internal index: 5, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 2 (Active = 0)
ge-0/0/20.0, untagged, access
ge-0/0/21.0, untagged, access

Also notice that these ports are not actually active – this is because there are no hosts attached to them.

Thank you,
source: http://blogbt.net/index.php/2014/09/two-ways-setting-vlans-juniper-switches/