Inter-switch links among modern networks are commonly L2 trunk links in order to pass all VLAN information among multiple switches. This lab discusses and demonstrates the configuration of a Juniper EX Series trunk interface.
Whenever people mention the word “trunk” you may commonly think of a box that stores old clothes or perhaps the trunk of a vehicle but we can assure you that is not what it means when it comes to networking.
If you are famliar with Cisco and you already know how to configure a trunk interface on Cisco switches and/or routers than you should not have a problem understanding trunking but for those of you who are new to networking lets clear the air shall we?
A trunk interface is a magical interface that allows all colors of the rainbow to traverse the cable… And by the colors of the rainbow I do not mean network skittles, I mean 802.1q VLAN Tagged frames.
Trunk interfaces are commonly used on inter-switch links going from access switches to distribution or collapsed core switches. This allows for wiring closets to have the same VLAN across multiple switches in the closet and not unintentionally segregate the broadcast domain(s). If you had the same VLAN on SW1, SW2, SW3 and SW4 in a wiring closet and those switches were not connected together than how would a PC connected to SW1 send a document to the network printer on SW4 if it were on the same VLAN and subnet?
Trunk interfaces effectively allow you to bridge together the same broadcast domains across multiple switches so that you do not have segregated broadcast domains. While this may seem like a complicated concept, once you see it in action the light bulb above your head will light up…
To configure a Trunk interface on Juniper Switches, you’ll only need to use a single command. To configure an interface on an EX Series Switch, you would execute the set interfaces ge-0/0/5 unit 0 family ethernet-switching port-mode trunk command in config mode whereas Ge-0/0/5 is the physical interface and unit 0 is the logical interface. This can however be shortened to ge-0/0/5.0
Next up lets talk about the Native VLAN. A Native VLAN on 802.1q trunk links is a VLAN in which the traffic is NOT tagged. The native vlan can be unique to each trunk link however you cannot mix match native VLANs on each end of a trunk link unless you want to indirectly bridge together the broadcast domains.
Some servers and network devices must have the native vlan configured on trunk interfaces to function properly. The native vlan can be configured along with the command to configure the interface as a trunk. For example; set interfaces ge-0/0/5.0 family ethernet-switching native-vlan-id 10
Finally the last thing you should know when configuring a Trunk interface is how to limit which VLAN’s are allows to traverse which trunk interfaces. On a Cisco switch this function is known as VLAN Allowed list however on Juniper switches, this is just a normal function of the trunk configuration that you may additionally specify.
After you have configured the interface as a trunk, lets say for example you want to ONLY allow the Sales and Marketing VLAN to traverse the trunk interface Ge-0/0/5. The following command would accomplish that requirement; set interfaces ge-0/0/5.0 family ethernet-switching vlan members [Sales Marketing] You know note that if you only want to specify a single VLAN than the brackets are NOT required however if you want to specify multiple VLAN ID’s or Names you must enclose them in brackets.
Because of the beauty of Junos, you can complete all these task in a single command. You have the power to configure an interface as a trunk interface, specify the native vlan and also control which VLAN’s are permitted to traverse the trunk interface all in a single command. However with such power comes great responsibility.
Lets say you want to configure SW1 interface Ge-0/0/23 as a trunk interface with the native vlan 999 and only permit the VLAN’s PC_East and Voice_East on the trunk, the command you would use is set interfaces ge-0/0/23.0 family ethernet-switching port-mode trunk native-vlan-id 999 vlan members [PC_East Voice_East]
Now that you know how to configure the trunk interfaces you must be able to verify the configuration. For verification you’ll need to know two commands. The first command is show ethernet-switching interface ge-0/0/23 detail which displays the port mode of the interface as well as which VLAN’s are permitted on the interface.
The second command you will need to know is show ethernet-switching interfaces which displays a general summary of all ethernet-switching interfaces along with their interface state, VLAN members, tags and STP state. The following terminal window is an example of both commands being executed;
root@SW1> show ethernet-switching interfaces ge-0/0/23 detail Interface: ge-0/0/23.0, Index: 91, State: up, Port mode: Trunk Ether type for the interface: 0x8100 VLAN membership: Marketing, 802.1Q Tag: 11, tagged, msti-id: 0, unblocked Sales, 802.1Q Tag: 10, tagged, msti-id: 0, unblocked Number of MACs learned on IFL: 0 root@SW1> root@SW1> show ethernet-switching interfaces Interface State VLAN members Tag Tagging Blocking ge-0/0/0.0 down Sales 10 untagged blocked by STP ge-0/0/1.0 down Marketing 11 untagged blocked by STP ge-0/0/2.0 down default untagged blocked by STP ge-0/0/3.0 down default untagged blocked by STP ge-0/0/4.0 down default untagged blocked by STP ge-0/0/5.0 down default untagged blocked by STP ge-0/0/6.0 down default untagged blocked by STP ge-0/0/7.0 down default untagged blocked by STP ge-0/0/8.0 down default untagged blocked by STP ge-0/0/9.0 down default untagged blocked by STP ge-0/0/10.0 down default untagged blocked by STP ge-0/0/11.0 down default untagged blocked by STP ge-0/0/12.0 down default untagged blocked by STP ge-0/0/13.0 down default untagged blocked by STP ge-0/0/14.0 down default untagged blocked by STP ge-0/0/15.0 down default untagged blocked by STP ge-0/0/16.0 down default untagged blocked by STP ge-0/0/17.0 down default untagged blocked by STP ge-0/0/18.0 up default untagged unblocked ge-0/0/19.0 up default untagged unblocked ge-0/0/20.0 up default untagged unblocked ge-0/0/21.0 up default untagged unblocked ge-0/0/22.0 up default untagged unblocked ge-0/0/23.0 up Marketing 11 tagged unblocked Sales 10 tagged unblocked root@SW1>
The following physical topology is used in all labs found throughout section 4 of the Junos JNCIA Workbook.
Prior to attempting this lab you must load the following initial configurations onto their respective devices. Failure to do so may result in major frustration and you may be unable to verify the lab.
Prior to attempting this lab you’ll need to zeroize R1. This lab can be performed on the following devices; J Series Router(s), EX Series Switch(s) or SRX platforms. This device can also be a vSRX Firefly.
You need to establish a console session to R1 and log into the device using the root account or a user account with super-user privileges.
To complete this lab you will perform the following objectives;
It is recommended that you attempt to complete these lab objectives the first time without looking at the Lab Instruction section.
If you are a student preparing for the Juniper JNCIA Certification Exam than you are more likely to remember how to complete these objectives if you attempt to complete them the first time on your own with the use of the core knowledge section found in this lab. You should only resort to the Lab Instruction section to verify your work.