I have 6 Juniper switches (EX - 2200) connected to each other as shown in the network topology.
I have two PC's that I am using
PC1 - (used for configuring the 6 switches via minicom) PC2 - to monitor the traffic between the switches via the Ports that are marked with arrows in the diagram.
STEP 1:
I create a new vlan On Switch 3 (SW3) that includes Port 12 and Port 22. I also assign l3-interface to the vlan (vlan_2) with ip address - 192.168.1.7.
Now I plug-in Port 0 of Switch 3 on PC2.
Now I try pinging 192.168.1.7 from PC2 (192.168.1.10)
I want to know what will happen? My postulation is that I will not be able to ping SW3 from PC2.This is because SW3 (Port 12 and Port 22) is a part of a vlan_2 and vlan_2 logically breaks up broadcast domains and so 192.168.1.7 will not be reachable from 192.168.1.10.
Now I have an l3-interface on SW1 with IP 192.168.1.1 using default vlan( vlan-id 0).
Similarly I have enabled IP on SW2 - 192.168.1.2
SW3 - 192.168.1.3
SW4 - 192.168.1.4
SW5 - 192.168.1.5
SW6 - 192.168.1.6
all using default vlan.
Now I plug in Port 12 of SW3 (blue cable) into the PC2.
I try to ping 192.168.1.1 from PC2.
What will happen at this stage.?
My postulation is that I will be able to ping switch 1.Is this correct?
Also another question is that can a single port on a Switch be added multiple VLANS?
I am a beginner at network configuration? Any help would be highly appreciated.
(Please ignore the CISCO symbol on the switches in the diagram.All swithes are Junper EX 22-00.)
Intra-VLAN Routing
In your first question, your correct in your first assumption that users in
VLAN 0won’t be able to contact users inVLAN 2, to include thel3-interfaceyou have set up onSW3, but only because you haven’t set up a default-gateway onPC2orSW3.What is the next thing a host does if it sends out a broadcast on its VLAN and receives nothing? It sends it to its default gateway, which you don’t have set up in this instance. Remember, your switch isn’t just a switch anymore; it’s a layer 3 switch, which means it routes.
VLAN Switching
Your second question seems pretty simple given a few more things happen. As long as
ge-0/0/12is setup for an access port, then you should have simple layer 2 connectivity.Multi-VLAN Ports
A single switch port, in access mode, cannot be set up for multiple VLAN access. You could set the port up for 802.1q, trunking, and span all the VLANs to it; this would require you to have the proper software and a compatible NIC on your machine though. On Linux, check out
vconfig.I can see two orders of problems with this setup:
The theory behind point 1 is that VLAN traffic can only pass through a trunk. These stops "client" devices (such as your PC2) from seeing traffic that doesn't belong to them.
You seem familar at least in principles with the concept of "broadcast domain". You should also know that the only device that can traverse multiple broadcast domain is a Layer3 or higher device. It seems to me that these switches are managed L2 devices. You need a router and a good bit of vlan theory :) Later tonight i'll post a quick sketch with all the bits needed to get this working.
Your second question: "Can a port be added to multiple vlans?" No it can't. In port-based vlans, such as the ones you're using, it's a moot point. THere are different flavors of VLANs. If you need more than one vlan to go through that port, again, you need a trunk and a capable device on the other end that can handle them. But i doubt that is your requirement.
You should stick to port-based vlans since they're the most common form, the easiest to setup and the one most people use.
Why do you need more than one vlan on a client port? what kind of device do you have on that port? The only common use case is a virtualization Hypervisor. In that case, you need a trunk on that port.
Also: Unrelated but i felt i needed to point it out. Your topology is very prone to failure. If top or bottom switches should die, a big chunk of your network would collapse. Consider a different topology and some spanning-tree.