Category Archives: switching

Q-in-Q in EX switch

I have prepared a small setup to test Q-in-Q or formally known as IEEE 802.1ad. There are several names given to this technique but the ones I prefer most are Provider Bridging or Stacked VLANs but I think most common name is QinQ. Anyway, I have set up the following lab.

q-in-q-lab

This is the physical setup:) but below is the topology I have set up by using these devices. I wish to add one more EX2200 to make the setup more realistic but I have spent too much for these boxes so far for my lab purposes. No new purchases in the near future:) Let’s see the topology and explain what it really does;

q-in-q-topology2

Continue reading

Trunk between Cisco,EX switch and SRX

cisco2950switchex2200com

Today I needed to test communication between a Cisco switch and EX switch to carry traffic via a trunk port from a PC to
the final destination SRX device. I thought it is worth putting my config here for future reference as I am not working with cisco/ex switches much.
Above is my exact topology and I carry traffic from a PC in Vlan 200 to the port fe-0/0/7 in SRX which is in vlan 200 as well. Here is the config from Cisco switch till to SRX.

Continue reading

Effect of MRU setting on EX Switch

MRU (Maximum Receive Unit) has a close relation to MTU but as far as I can see it has different effects in various active devices.
For example setting an MTU value of 1000 on an Ethernet interface of a Linux machine or an SRX box doesn’t prevent the larger packet from being accepted. However if the very same interface tries to return a similar size packet then it has to be fragmented. However on EX switch I saw something else. Let me explain;

I connected two PCs to my ex2200 test switch’s ge-0/0/8 and 9 port and assigned to the same vlan. Then I pinged from the PC connected to the port 8 to PC on 9. port with size 1000bytes and it worked. Then I set the interface MTU of port 8 to 900bytes and checked the MRU value.

As it can be seen MRU is 908 since Junos adds 8 bytes to calculate this value. After this setting I again tried to send a ping with 1000 size but no success. Here is the point because it is a switch and also it is MRU but not MTU your sender won’t get notified by any ICMP message even if you have PMTU discovery is turned on. You can literally beat the air if you have a small MRU setting on the switch this is my humble opinion:)

Port mirroring in EX switches and SRX

If you want to mirror traffic entering and exiting a specific port (e.g ge-0/0/11.0) you can use the following configuration to mirror the traffic to any other port (e.g ge-0/0/10.0)

Here is the configuration I wrote in an ex2200 switch.

Port mirroring in EX switches

Port mirroring is pretty simple in EX switches compared to SRX series. You just specify input interface and direction of the traffic (ingress,egress) then the output interface which will receive the mirrored traffic.

Continue reading

Native vlan ID in EX switches

I would like to show an example how we can use native vlan id in an EX switch. Normally if you set the port mode of an interface as trunk in EX switch, untagged traffic can’t pass through this interface. You have to tell Junos how it should behave on untagged frames.

This is my setup in which ge-0/0/0 port of an EX2200 is connected to an ESX server
I have untagged traffic to ESX server but tagged traffic to the VM cloud inside the host machine. I have two VLANs (101,103) for Virtual Machines inside this host. If I set the ge-0/0/0 as an access port, I can’t forward my frames tagged with these vlans. If I set it as trunk, I can’t reach ESX because it is an end host for my switch (though you can set vlan in ESX host interface, I am not doing for the demonstration purpose)

The config for EX switch for the port ge-0/0/0:

By the configuration statement “native-vlan-id default“, we instruct the switch to accept untagged frames. Our default vlan is really untagged? Let’s see:

As you can see although OSlab and vms vlans have tags 101,103, default vlan has no tag assigned which means any untagged frame received by this trunk interface will be in default vlan.