dynamic vlan assignment juniper

Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

For Ethernet, Fast Ethernet, Tri-Rate Ethernet copper, Gigabit Ethernet, 10-Gigabit Ethernet, and aggregated Ethernet interfaces supporting VPLS, Junos OS supports a subset of the IEEE 802.1Q standard for channelizing an Ethernet interface into multiple logical interfaces. Many hosts can be connected to the same Gigabit Ethernet switch, but they cannot be in the same routing or bridging domain.

To identify VLANs statically, you can reference a static VLAN interface in a dynamic profile. To identify subscribers dynamically, you use a variable to specify an 802.1Q VLAN that is dynamically created when a subscriber accesses the network.

You can configure the router to dynamically create VLANs when a client accesses an interface and requests a VLAN ID that does not yet exist. When a client accesses a particular interface, the router instantiates a VLAN dynamic profile that you have associated with the interface. Using the settings in the dynamic profile, the router extracts information about the client from the incoming packet (for example, the interface and unit values), saves this information in the routing table, and creates a VLAN or stacked VLAN ID for the client from a range of VLAN IDs that you configure for the interface.

Dynamic VLAN configuration supports the creation of IPv4 (inet), DHCPv4, IPv6 (inet6), and DHCPv6 VLANs.

Dynamic VLAN and dynamic stacked VLAN configuration supports mixed (or flexible) VLAN ranges. When you configure dynamic mixed VLAN ranges, you must create separate dynamic profiles for VLANs and stacked VLANs. Table 1 lists all valid combinations for the maximum number of dynamic profiles and VLAN and stacked VLAN ranges on a single underlying interface.

Table 1 shows the valid maximums for the following dynamic mixed VLAN range configuration scenarios, in this order:

Configurations that require up to 128 VLAN ranges and up to 128 stacked VLAN ranges on a single underlying interface. You must create one VLAN dynamic profile and one stacked VLAN dynamic profile, each with a maximum of 128 ranges per profile.

Configurations that require up to 32 VLAN ranges and up to 32 stacked VLAN ranges on a single underlying interface. You can configure up to 16 VLAN dynamic profiles and up to 16 stacked VLAN dynamic profiles, each with a maximum of 32 ranges per profile.

Configurations that consist of one VLAN dynamic profile with a maximum of 128 ranges, and up to 16 stacked VLAN dynamic profiles with 32 ranges each.

Configurations that consist of up to 16 VLAN dynamic profiles with 32 ranges each, and one stacked VLAN dynamic profile with a maximum of 128 ranges.

The following guidelines apply to the limits in Table 1 when you configure VLAN ranges and S-VLAN ranges for use with dynamic profiles:

These limits apply to both single-tagged and double-tagged dynamic VLAN ranges.

These limits apply only to MX Series routers with MPCs. For MX Series routers with Enhanced Queuing IP Services DPCs (DPCE-R-Q model numbers) or Enhanced Queuing Ethernet Services DPCs (DPCE-X-Q model numbers), the maximum number of VLAN ranges for a dynamic profile on an underlying interface remains unchanged at 32 VLAN ranges and 32 S-VLAN ranges.

These limits have no effect on the maximum number of VLAN IDs on a given underlying interface. The valid range of ID values for a dynamic VLAN range or dynamic S-VLAN range remains unchanged at 1 through 4094.

Related Documentation

Configuring Interfaces to Support Both Single and Stacked VLANs

[Subscriber Management] Configuration Example - end-to-end IPv6 or Dual-Stack IPoE Subscriber

This article provides an example on how to configure an end-to-end simplified IPv6 or Dual-Stack IPoE Subscribers on MX BNG node with generic requirements such as firewall filter, fixed/dynamic IP address pool, framed-route etc.

The example:

Includes both dynamic VLAN (dot1q & q-in-q) configuration options for IPoE subscriber interface.
Does not include any QOS treatment for subscriber traffic, so all traffics are treated as best-effort.
Uses Freeradius radius server. Freeradius user example with multiple radius attributes are also included.
In this example, MX is acts as Local DHCP Server. In case separate DHCP server available, dhcp-relay configuration can be used for IPoE address assignment instead of local DHCP server.
The dynamic-profile In this example is configured such a way that the same dynamic-profile can be used for both IPv6 only & Dual-Stack IPoE Subscriber provisioning.
The dynamic-profile in this example is configured in such a way (predefined-variable-defaults) that in case radius does not send some of the mandatory attributes like filter name, etc. the subscriber will be coming up with default filter name.
In case VRF name, IP Pool name/Fixed IP or Framed-route etc. are not sent from radius server the subscriber will be coming up with default VRF(Global routing instance), default pool (as per 'access domain map default' configuration). Except Username and Password, all other attributes are optional.

IPv4/IPv6/Dual-Stack IPoE subscriber <----> ([vlan 3320] ge-0/0/2) MX (ge-0/0/0) <----> Radius Server(192.168.40.26)

Radius Server(@192.168.40.26) is reachable via global routing instance inet.0 table.

WAN link addressing—For the WAN interface on the CPE (CPE upstream interface).
Subscriber LAN addressing—For devices connected to the CPE on the subscriber LAN (CPE downstream interfaces).

The following methods can be used for assigning IPv6 addresses:

For WAN link addressing, use ND/RA or DHCPv6 IA_NA to provision a global IPv6 address.
For subscriber LAN addressing, use DHCPv6 prefix delegation to provision global IPv6 addresses to subscribers on the LAN.

IPv6 IPoE subscriber(WAN link’s IPv6 address assignment of CPE) can be deployed in two ways:

Via ND/RA messages
Via DHCPv6 IA_NA or PD

MX (BNG) Configuration Steps for IPv4 / IPv6 / Dual-stack IPoE Subscriber (with local-dhcp-server)

Configure common Dynamic Profile “ DHCP-PROFILE ” for both IPv4, IPv6/Dual-stack IPoE subscriber
Configure Access Profile “ ACCESS-FTTH ” for subscriber CPE authentication via radius server
Configure IPv4 Address Pool “ dhcpv4-pool ”(default pool) & “ V4-IP-POOL ”(user defined – used via radius attribute “Framed-Pool”)
Configure IPv6 Address Pool “ V6-DHCP-POOL ”(default pool) & “ IP-POOL-V6 ”(user defined – used via radius attribute “Framed-IPv6-Pool”)
Configure domain map “ default ” & “ ftth.c ”(specific for IPoE via dhcp/dhcpv6 mac auth.) with default dynamic-profile, access-profile & address-pool mapping.
Configure IPv4 firewall filter “ default ” & IPv6 firewall filter “ default-v6 ” to be used by the dynamic-profile “ DHCP-PROFILE ” as default in/out firewall filter(in case not provided via radius attribute).
Configure MX as DHCP server ( dhcp-local-server group “ V4 ” & dhcp-local-server dhcpv6 group “ V6 ”) for IPoE subscriber address assignment.
Configure Dynamic Profile “ AUTO-VLAN ”(dot1q) or “ AUTO-VLAN-STACK ”(q-in-q) for dynamic vlan IPoE subscriber interface.
Finally configure the Physical Interface with auto-configure (with dynamic profile “ AUTO-VLAN ” / ” AUTO-VLAN-STACK ” ) to activate dynamic VLAN based IPoE subscribers.

Configuration:

Dynamic-profile configuration for IPv4 only, IPv6(ND/RA, DHCPv6 IA_NA / PD) & Dual-Stack(ND/RA, DHCPv6 IA_NA / PD) IPoE ( dot1q / single vlan ) subscriber deployment:

Extra dynamic-profile & interface configs for q-in-q / Stacked vlan IPv4 IPoE subscriber deployment:

Radius User Configuration:

Radius Attributes specific to IPv6:

Jnpr-IPv6-Ingress-Policy-Name
Jnpr-IPv6-Egress-Policy-Name
Framed-IPv6-Prefix
Framed-IPv6-Pool
Delegated-Ipv6-Prefix
Framed-IPv6-Route

Radius user example specific for IPv6 / Dual-Stack User(can be used along with IPoE IPv4 attributes): (CPE mac address: 52:54:00:f9:c0:81)

Fixed IA_NA IPv6 /128 IPv6 Address User Example: ( for IA_NA address disable dynamic-profiles > protocols > router-advertisement )
NDRA/IPv6 Prefix Address assignment(Dual-Stack) User Example:
IPv6 Address assignment via IPv6 Pool name User Example:
IPv6 Prefix Delegation Address Assignment User Example:
No domain name/only MAC IPv6 prefix delegation address assignment user example: