Creating a Data and Voice Vlan with SSH access
To set-up separate VLANS for data and voice, the process is really quite simple. This will insure traffic is somewhat segregated between the two. Polish your toes and hold onto you straps as we dive into this one;
This document will be directed towards the EX line.
Login to the switch and enable cli then configure;
First we need to create the vlans;
set vlans datavlan vlan-id 10 set vlans voicevlan vlan-d 20
Next to speed things up we need to create an interface range;
set interfaces interface-range range0 member-range ge-0/0/0 to ge-0/0/23
If you have a larger switch or don't want the full range of the 24 port you can adjust this above.
Set the switch to trunk mode;
set interfaces interface-range range0 unit 0 family ethernet-switching port-mode trunk
Set interface range to be apart of both vlans (datavlan and voicevlan) and set data as native.
set interfaces interface-range range0 unit 0 family ethernet-switching vlan members voicevlan set interfaces interface-range range0 unit 0 family ethernet-switching native-vlan-id datavlan
This is how I diced up my vlans;
root> show vlans Name Tag Interfaces datavlan 10 ge-0/0/4.0, ge-0/0/5.0, ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0, ge-0/0/11.0, ge-0/0/12.0, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0, ge-0/0/16.0*, ge-0/0/17.0, ge-0/0/18.0*, ge-0/0/19.0, ge-0/0/20.0, ge-0/0/21.0, ge-0/0/22.0, ge-0/0/23.0 default ge-0/0/0.0*, ge-0/0/1.0, ge-0/0/2.0*, ge-0/0/3.0 voicevlan 20 ge-0/0/4.0, ge-0/0/5.0, ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0, ge-0/0/11.0, ge-0/0/12.0, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0, ge-0/0/16.0*, ge-0/0/17.0, ge-0/0/18.0*, ge-0/0/19.0, ge-0/0/20.0, ge-0/0/21.0, ge-0/0/22.0, ge-0/0/23.0 {master:0}
Once this is set-up we need some way to gain remote access to the switch encase we need to add additional options and or provide some management. My fist configuration of this was creating a default interface and using a port (ge-0/0/0) to tie the MGMT interface into. In the end I was using up a port and jontow came up with the below which works really well and we don't need to use MGMT(me0) at all. he below set-up is more of an inbound set-up;
First we need to enable SSH;
set system services ssh protocol-version v2 set system services netconf ssh
Once that is enabled we can add connectivity to the native vlan 10.
set interfaces vlan unit 10 family inet address 10.0.2.5/24 set vlan datavlan vlan-id 10 l3-interface vlan.10 set vlan default l3-interface vlan.0
That is it, you should be able to ping the switch from any working datavlan port.
Notes:
Since we will not be using the MGMT port we can turn the alarm off by;
- config mode:
set chassis alarm management-ethernet link-down ignore
- cli mode:
request system configuration rescue save