Creating a Data and Voice Vlan with SSH access

From WTFwiki
Revision as of 07:39, 18 September 2018 by Anexit (talk | contribs)
Jump to navigation Jump to search

To set-up separate VLANS for data and voice, the process is really quite simple. This will insure traffic is somewhat segregated between the two. Polish your toes and hold onto you straps as we dive into this one;

This document will be directed towards the EX line.

Login to the switch and enable cli then configure;

First we need to create the vlans;

set vlans datavlan vlan-id 10
set vlans voicevlan vlan-d 20

Next to speed things up we need to create an interface range;

set interfaces interface-range range0 member-range ge-0/0/0 to ge-0/0/23

If you have a larger switch or don't want the full range of the 24 port you can adjust this above.

Set the switch to trunk mode;

set interfaces interface-range range0 unit 0 family ethernet-switching port-mode trunk

Set interface range to be apart of both vlans (datavlan and voicevlan) and set data as native.

set interfaces interface-range range0 unit 0 family ethernet-switching vlan members voicevlan
set interfaces interface-range range0 unit 0 family ethernet-switching native-vlan-id datavlan

This is how I diced up my vlans;

root> show vlans 
Name           Tag     Interfaces
datavlan       10     
                       ge-0/0/4.0, ge-0/0/5.0, ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0, ge-0/0/11.0, ge-0/0/12.0, ge-0/0/13.0,
                       ge-0/0/14.0, ge-0/0/15.0, ge-0/0/16.0*, ge-0/0/17.0, ge-0/0/18.0*, ge-0/0/19.0, ge-0/0/20.0, ge-0/0/21.0, ge-0/0/22.0,
                       ge-0/0/23.0
default       
                       ge-0/0/0.0*, ge-0/0/1.0, ge-0/0/2.0*, ge-0/0/3.0
voicevlan      20     
                       ge-0/0/4.0, ge-0/0/5.0, ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0, ge-0/0/11.0, ge-0/0/12.0, ge-0/0/13.0,
                       ge-0/0/14.0, ge-0/0/15.0, ge-0/0/16.0*, ge-0/0/17.0, ge-0/0/18.0*, ge-0/0/19.0, ge-0/0/20.0, ge-0/0/21.0, ge-0/0/22.0,
                       ge-0/0/23.0

{master:0}

Once this is set-up we need some way to gain remote access to the switch encase we need to add additional options and or provide some management. My fist configuration of this was creating a default interface and using a port (ge-0/0/0) to tie the MGMT interface into. In the end I was using up a port and jontow came up with the below which works really well and we don't need to use MGMT(me0) at all. The below set-up is more of an inbound set-up across layer2;

First we need to enable SSH;

set system services ssh protocol-version v2
set system services netconf ssh

Once that is enabled we can add connectivity to the native vlan 10.

set interfaces vlan unit 10 family inet address 10.0.2.5/24
set vlan datavlan vlan-id 10 l3-interface vlan.10
set vlan default l3-interface vlan.0

That is it, you should be able to ping the switch from any working datavlan port.


Notes:

Since we will not be using the MGMT port we can turn the alarm off by;

  1. config mode:

set chassis alarm management-ethernet link-down ignore

  1. cli mode:

request system configuration rescue save