While introducing my Juniper switches into my home/lab network, I came across few interoperability issues with my Cisco switches. I guess I ought to give you a very brief background so you understand how this all started. I will do so, while I’ll also introduce the topology I’ll work on for this blog.

vlan-ios-junos-02

The Cisco 2960 switch is sitting behind my TV and this is currently handling my LAN/Home network.

The Juniper EX2200 is sitting in my conservatory; this will be set as my breakout Layer3 switch to/from my Lab network (I initially had a Cisco box which I got rid off on eBay – you can see my previous setup here). To achieve connectivity between the two “sites”, I’m using two TP-Link power line adapters – the result is a Layer2 pseudo wire over my home power network.

As I’m trying to trunk between these two switches, I ran into some issues … But let’s get at the command line …

Below you can see my configuration for both devices – but can you see the problem?

screenshot278 screenshot281

Well … if you can, then you are awesome! If you can’t, then I can assure you, I was in the same boat – we are still awesome though!

screenshot280

The problem is that, in regards to the native VLAN, Cisco and Juniper do not work the same way. With JunOS, in many cases, you will have to be more explicit; the defaults won’t get the job done – this is good for security; but it does add head-aches.

Notice how I’m allowing all my VLANs to the trunk – in Juniper’s world, this includes VLAN-1. Since we haven’t *explicitly* specified our native vlan, the Juniper switch will tag the frames going out this port; as far as the Juniper’s switch is concerned, vlan-1 is just another vlan! Incoming frames, will also be rejected for the same reason (notice the “Untagged 0 (Active = 0)“).

screenshot282

ok … so let’s tell the switch that VLAN-1 is the native vlan …

screenshot283 screenshot280

… and it is still *not* working! Let’s check the show vlans output again:

screenshot285

The 1st to the last line, shows the settings for outbound frames; similarly, the last line shows the settings for the inbound frames; when there is only one line present, it means that the settings are the same for incoming and outgoing frames.

What this output is telling us is that, should the switch receive an *untagged* frame, it will be assigned to VLAN-1. In case the frame is tagged with Vlan-id of 1, the switch will behave the same as for any other tagged frame – in this case, it will also get assigned to vlan VLAN-1. However, outgoing frames, will still be tagged – the default behaviour being the same as with Cisco, when the vlan dot1q tag native command is applied!

So we are still sending tagged frames which Cisco won’t like! Not good!

Now we have two options:

  1. We apply the vlan dot1q tag native command, forcing the switch to tag and accept tagged frames, even for the native vlan
  2. We get the Juniper switch not to tag frames on the native vlan

The Cisco 2960 *does not* support that command though!

To enable the 2nd option, all we need to do is remove vlan 1 from the trunk – very easy !!

screenshot286

… and now our pings work!

screenshot287

At last, let’s check what changed on the show vlans output:

screenshot288

We can now see that the switch will send vlan-1 frames, untagged; furthermore, incoming untagged frames will be assigned to vlan-1. The switch, will also accept and be able to send tagged frames – since it’s a trunk port.


Thank you,
Signature
View Rafael A Couto Cabral's profile on LinkedIn



Comments are closed.