Tag Archives: Bridge Table

Notas estudo JNCIS-ENT parte 1

Os guides disponibilizados pela dividem-se em Switching e Routing, eu iniciei os estudos pela componente de Switching.

Mecanismos de Bridging:
Learning – Baseado no Source Address
Forwading – Baseado no Destination Address
Flooding – mecanismo transparente para enviar pacotes para unknown MAC addresses
Filtering
Aging – By default 300sec

!Desativar o Learning de Mac na porta do switch
[email protected]#  set ethernet-switching-options interfaces ge-0/0/0.0 no?
Possible completions:
no-mac-learning      Disable mac learning for this interface

{master:0}[edit]
[email protected]#  set ethernet-switching-options mac-table-aging-time ?
Possible completions:
<mac-table-aging-time>  MAC aging time (60..1000000 seconds)
{master:0}[edit]
[email protected]#  set vlans vlan-name mac-table-aging-time ?
Possible completions:
<mac-table-aging-time>  MAC aging time (60..1000000 seconds)

3-2-1 Architecture Solutions

3-2-1 Architecture is fabric technology

Virtual-chassis – combina vários Layers em apenas um managed device

Quantum Fabric (QFabric) – combina varias funções de um Multilayer switched network em apenas um managed device

Enterprise Devices and Layer 2 Switching

As plataformas J/SRX/EX/QFX suportam operações Layer 2 switching, mas o J/SRX não suporta todas as funcionalidades.

Fixed Chassis POE:
EX2200
EX3200
EX3300
EX4200

Virtual-Chassis:
EX2200
EX3300
EX4200
EX4500

Modular EX Series
EX6210
EX8208
EX8216

Virtual-Chassis
Requer a External Routing Engine (XRE) hardware
EX8208
EX8216

Routing Engines/Switch Fabrics no mesmo modulo (SRE)
EX6210
EX8208

Control and Forwarding Functions

RE – tem a tabelas Routing/Forwarding/Bridging

PFE – tabelas Layer 2/Layer3 forwarding

Ingress Unknown Source Mac-Address

1. Frames on ingress
2. O ingress PFE faz MAC lookup e determina que o MAC e unknow
3. O ingress PFE envia para o RE o header info, onde o MAC é adicionado ou descartado (Mac limited)
4. Se o RE adicionar um novo MAC a Bridge table, os PFEs serão atualizados com esta nova entrada

Egress Unknown Destination Mac-Address

1. Frames on ingress
2. O ingress PFE faz MAC lookup e determina que o MAC é unknow e replica as frames para outros PFEs e por todas as interface no mesmo Broadcast Domain (VLAN)
3. Todos os outros PFEs replicam as frames e fazem forward para todas as portas egress no mesmo Broadcast Domain

Enabling Layer 2

Definindo interfaces individualmente

set interfaces ge-0/0/6 unit 0 family ethernet-switching

Definindo Range de interfaces

Usando comando member

set interfaces interfaces-range range-1 member ge-0/0/6
set interfaces interfaces-range range-1 member ge-0/0/7
set interfaces interfaces-range range-1 member ge-0/0/8
set interfaces interfaces-range range-1 unit 0 family ethernet-switching

Usando comando member-range

set interfaces interfaces-range range-1 member-range ge-0/0/6 to ge-0/0/8
set interfaces interfaces-range range-1 unit 0 family ethernet-switching

É possível combinar usando member e member-range

[email protected]# show
interface-range range-1 {
member ge-0/0/10;
member-range ge-0/0/6 to ge-0/0/8;
unit 0 {
family ethernet-switching;
}
}

Ethernet switching process (eswd)

Após executar o show interfaces terse na coluna Proto ,o eth-switch significa que a porta se encontra em Layer 2.

master:0}[edit]
[email protected]# run show interfaces terse
Interface               Admin Link Proto    Local                 Remote
ge-0/0/0                up    down
ge-0/0/12               up    up
ge-0/0/12.0             up    up   eth-switch

set interfaces ge-0/0/6 ether-options no-auto-negotiation link-mode full-duplex
set interfaces ge-0/0/6 ether-options speed 1g
set interfaces ge-0/0/6 unit 0 family ethernet-switching

{master:0}
[email protected]> show interfaces extensive ge-0/0/6
Physical interface: ge-0/0/6, Enabled, Physical link is Up
Interface index: 135, SNMP ifIndex: 124, Generation: 138
Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, Duplex: Full-Duplex,

Bridging Table

show ethernet-switching table

Layer 2 Forwarding Table

show route forwading-table family ethernet-switching

{master:0}
[email protected]> show route forwarding-table family ethernet-switching
Routing table: default.ethernet-switching
ETHERNET-SWITCHING:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    66     1
2, *               user     0                    comp  1304     2
2, *               intf     0                    rslv  1302     1
2, 00:26:88:02:74:86 user     0                  ucst  1303     3 ge-0/0/6.0
2, 00:26:88:02:74:87 user     0                  ucst  1305     3 ge-0/0/7.0
2, 00:26:88:02:74:88 user     0                  ucst  1306     3 ge-0/0/8.0

Defining Static Bridge Table Entries

set ethernet-switching-options static vlan default mac 00:26:88:02:74:86 next-hop ge-0/0/6.0

Access | Trunk Switchports

A default VLAN e untaged (VLAN 0)

{master:0}[edit]
[email protected]# run show vlans
Name           Tag     Interfaces
default
ge-0/0/6.0*

{master:0}[edit]
[email protected]#set vlans default vlan-id 100

[email protected]# run show vlans
Name           Tag     Interfaces
default        100
ge-0/0/6.0*

O * significa que a interface está activa

Configuring VLANs

set vlans v10 vlan-id 10
set vlans v20 vlan-id 20

Configuring Access Ports

By default as interfaces estão em access

set interface ge-0/0/8 unit 0 family ethernet-switching port-mode access vlan members v10
set interface ge-0/0/9 unit 0 family ethernet-switching port-mode access vlan members v20

Metodo Alternativo #1
{master:0}[edit vlans]
[email protected]# show
v10 {
vlan-id 10;
interface {
ge-0/0/8.0;
}
}
v20 {
vlan-id 20;
interface {
ge-0/0/9.0;
}
}

Configuring Trunk Ports

!Permitir estritamente determinadas VLANs
set interface ge-0/0/12 unit 0 family ethernet-switching port-mode trunk vlan members v10 v20

!Permitir todas as VLANs
set interface ge-0/0/12 unit 0 family ethernet-switching port-mode trunk vlan members all

Metodo Alternativo #1

[email protected]# show
v10 {
vlan-id 10;
interface {
ge-0/0/12.0;
}
}
v20 {
vlan-id 20;
interface {
ge-0/0/12.0;
}
}

{master:0}[edit]
[email protected]# run show ethernet-switching interfaces ge-0/0/12.0
Interface    State  VLAN members        Tag   Tagging  Blocking
ge-0/0/12.0  up     v10                 10    tagged   unblocked
v20                 20    tagged   unblocked

Voice VLAN

set vlans voice vlan-id 30
set vlans data vlan-id 40
set ethernet-switching-options voip interface ge-0/0/6.0 vlan voice forwarding-class assured-forwarding

{master:0}[edit]
[email protected]# show ethernet-switching-options
voip {
interface ge-0/0/6.0 {
vlan voice;
forwarding-class assured-forwarding;
}
}

set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode trunk vlan members [voice data]

{master:0}[edit]
[email protected]# show interfaces ge-0/0/12.0
family ethernet-switching {
port-mode trunk;
vlan {
members [ data voice ];
}
}

[email protected]# run show ethernet-switching interfaces ge-0/0/12.0
Interface    State  VLAN members        Tag   Tagging  Blocking
ge-0/0/12.0  up     data                40    tagged   unblocked
v10                 10    tagged   unblocked
v20                 20    tagged   unblocked
voice               30    tagged   unblocked

By default o Trunk faz drop a trafego com VLAN 0 (default) ou seja untaged, para contornar este comportamente deve ser usado o native-vlan-id

set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode trunk native-vlan-id default vlan members [default]

{master:0}[edit]
[email protected]# commit
error: Trunk/Tagged-access interface ge-0/0/12.0 should not have a vlan default with tag value 0
error: configuration check-out failed

{master:0}[edit]
[email protected]# set vlans default vlan-id 100
[email protected]# commit
configuration check succeeds
commit complete

Router VLAN Interface (RVI)

{master:0}[edit]
[email protected]# set interfaces vlan unit 10 family inet address 172.23.10.1/24
[email protected]# set vlans v10 l3-interface vlan.10
[email protected]# set interfaces vlan unit 20 family inet address 172.23.20.1/24
[email protected]# set vlans v20 l3-interface vlan.20

[email protected]# run show interfaces terse
Interface               Admin Link Proto    Local                 Remote
vlan                    up    up
vlan.10                 up    up   inet     172.23.10.1/24
vlan.20                 up    up   inet     172.23.20.1/24