Konfigurasi VLAN di Juniper vQFX: Mode Access dan Trunk Port

VLAN adalah sebuah protokol yang memungkinkan pembuatan beberapa jaringan dalam satu segmen jaringan yang sama. Segmen jaringan yang sama maksudnya seperti ini. Secara physical, jika ada 6 komputer terhubung ke satu switch, berarti 6 komputer tersebut berada dalam satu jaringan yang sama. Nah, dengan VLAN kita bisa membuat 6 komputer tersebut berada di beberapa jaringan yang berbeda meski terhubung ke switch yang sama.

Penjelasan lebih lanjut mengenai VLAN silakan baca di Mengenal VLAN : Pengertian, Fungsi, dan Cara Kerjanya

Di artikel ini saya asumsikan teman-teman sudah memahami hal-hal berikut:

1. Junos initial configuration
2. VLAN: interface mode access dan trunk

Karena di artikel ini saya hanya menunjukan cara konfigurasi VLAN di perangkat Juniper vQFX. Jadi, jika kamu belum paham VLAN silakan pelajari dulu di Mengenal VLAN : Pengertian, Fungsi, dan Cara Kerjanya.

Jika kamu belum atau baru mengenal juniper, saya sarankan untuk memulai mempelajari Juniper terlebih dahulu di materi JNCIA-Junos berikut:
JNCIA-Junos (JN0-103): Introduction to Juniper Network OS

Teman-teman bisa menggunakan simulator seperti GNS3 dan EVE-NG untuk membuat lab ini. Untuk image juniper vQFX bisa kamu download melalui link berikut: Download Juniper vMX, vSRX, vQFX, vRR (Evaluation Licence).

Berikut ini adalah topologi yang akan kita gunakan:

PRECONFIG

Hostname	IP Address
PC1	192.168.10.1/24
PC2	192.168.10.2/24
PC3	192.168.10.3/24
PC4	192.168.10.4/24
PC5	192.168.10.5/24
PC6	192.168.10.6/24

lab@Switch-1> show configuration | no-more
## Last commit: 2021-01-25 05:00:11 UTC by lab
version 20191212.201431_builder.r1074901;
system {
    host-name Switch-1;
    ...
}
forwarding-options {
    storm-control-profiles default {
        all;
    }
}
protocols {
    igmp-snooping {
        vlan default;
    }
}
vlans {
    default {
        vlan-id 1;
    }
}

lab@Switch-2>
## Last commit: 2021-01-25 05:03:37 UTC by lab
version 20191212.201431_builder.r1074901;
system {
    host-name Switch-2;
    ...
}
interfaces {
    em0 {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
    em1 {
        unit 0 {
            family inet {
                address 169.254.0.2/24;
            }
        }
    }
}
forwarding-options {
    storm-control-profiles default {
        all;
    }
}
protocols {
    igmp-snooping {
        vlan default;
    }
}
vlans {
    default {
        vlan-id 1;
    }
}

Konfigurasi VLAN di Juniper vQFX

1. Membuat VLAN

[edit]
lab@Switch-1# set vlans RnD vlan-id 10
lab@Switch-1# set vlans RnD vlan-id 20

[edit]
lab@Switch-2# set vlans RnD vlan-id 10
lab@Switch-2# set vlans RnD vlan-id 20

2. Konfigurasi Interface Mode Access
Interface mode access hanya boleh memiliki satu vlan members.

[edit interfaces xe-0/0/1 unit 0 family ethernet-switching]
lab@Switch-1# set interface-mode access
lab@Switch-1# set vlan members RnD

[edit interfaces xe-0/0/2 unit 0 family ethernet-switching]
lab@Switch-1# set interface-mode access
lab@Switch-1# set vlan members RnD

[edit interfaces xe-0/0/3 unit 0 family ethernet-switching]
lab@Switch-1# set interface-mode access
lab@Switch-1# set vlan members Marketing

[edit interfaces xe-0/0/4 unit 0 family ethernet-switching]
lab@Switch-1# set interface-mode access
lab@Switch-1# set vlan members Marketing

[edit interfaces xe-0/0/1 unit 0 family ethernet-switching]
lab@Switch-2# set interface-mode access
lab@Switch-2# set vlan members Marketing

[edit interfaces xe-0/0/2 unit 0 family ethernet-switching]
lab@Switch-2# set interface-mode access
lab@Switch-2# set vlan members RnD

3. Konfigurasi Interface Mode Trunk
Interface mode trunk boleh memiliki satu atau lebih dari satu vlan members.

Jika ingin mengizinkan semua VLAN bisa melewati trunking port, maka setting vlan member ke all, contoh:

[edit interfaces xe-0/0/0 unit 0 family ethernet-switching]
lab@Switch-1# set interface-mode trunk
lab@Switch-1# set vlan members all

[edit interfaces xe-0/0/0 unit 0 family ethernet-switching]
lab@Switch-2# set interface-mode trunk
lab@Switch-2# set vlan members all

Jika ingin mengizin VLAN tertentu saja yang bisa melewati trunking port, maka setting vlan member ke VLAN tertentu saja, contoh:

[edit interfaces xe-0/0/0 unit 0 family ethernet-switching]
lab@Switch-1# set interface-mode trunk
lab@Switch-1# set vlan members [RnD Marketing]

[edit interfaces xe-0/0/0 unit 0 family ethernet-switching]
lab@Switch-2# set interface-mode trunk
lab@Switch-2# set vlan members [RnD Marketing]

4. Verifikasi Konfigurasi

Lakukan commit konfigurasi, agar konfigurasi dijalankan oleh Junos OS.

Gunakan perintah command show vlans di operational mode. Gunakan tanda tanya "?" untuk mengecek opsi perintah yang tersedia.

lab@Switch-1> show vlans ?
Possible completions:
  <[Enter]>            Execute this command
  <vlan-name>          Display information for a specified VLAN
  Marketing            tag(20)
  RnD                  tag(10)
  brief                Display brief output
  default              tag(1)
  detail               Display detailed output
  extensive            Display extensive output
  instance             Display information for a specified instance
  interface            Name of interface for which to display table
  operational          Show operational bridging instance
  |                    Pipe through a command

lab@Switch-1> show vlans detail

Routing instance: default-switch
VLAN Name: Marketing                      State: Active
Tag: 20
Internal index: 3, Generation Index: 3, Origin: Static
MAC aging time: 300 seconds
VXLAN Enabled : No
Interfaces:
    xe-0/0/0.0*,tagged,trunk
    xe-0/0/3.0*,untagged,access
    xe-0/0/4.0*,untagged,access
Number of interfaces: Tagged 1    , Untagged 2
Total MAC count: 0

Routing instance: default-switch
VLAN Name: RnD                            State: Active
Tag: 10
Internal index: 4, Generation Index: 4, Origin: Static
MAC aging time: 300 seconds
VXLAN Enabled : No
Interfaces:
    xe-0/0/0.0*,tagged,trunk
    xe-0/0/1.0*,untagged,access
    xe-0/0/2.0*,untagged,access
Number of interfaces: Tagged 1    , Untagged 2
Total MAC count: 2

Routing instance: default-switch
VLAN Name: default                        State: Active
Tag: 1
Internal index: 2, Generation Index: 2, Origin: Static
MAC aging time: 300 seconds
VXLAN Enabled : No
Number of interfaces: Tagged 0    , Untagged 0
Total MAC count: 0 

lab@Switch-2> show vlans detail

Routing instance: default-switch
VLAN Name: Marketing                      State: Active
Tag: 20
Internal index: 2, Generation Index: 2, Origin: Static
MAC aging time: 300 seconds
VXLAN Enabled : No
Interfaces:
    xe-0/0/0.0*,tagged,trunk
    xe-0/0/1.0*,untagged,access
Number of interfaces: Tagged 1    , Untagged 1
Total MAC count: 0

Routing instance: default-switch
VLAN Name: RnD                            State: Active
Tag: 10
Internal index: 3, Generation Index: 3, Origin: Static
MAC aging time: 300 seconds
VXLAN Enabled : No
Interfaces:
    xe-0/0/0.0*,tagged,trunk
    xe-0/0/2.0*,untagged,access
Number of interfaces: Tagged 1    , Untagged 1
Total MAC count: 2

Routing instance: default-switch
VLAN Name: default                        State: Active
Tag: 1
Internal index: 4, Generation Index: 4, Origin: Static
MAC aging time: 300 seconds
VXLAN Enabled : No
Number of interfaces: Tagged 0    , Untagged 0
Total MAC count: 0 

PENGUJIAN
Hasil yang diharapkan dari konfigurasi di atas adalah

• PC di VLAN "RnD" BISA berkomunikasi dengan sesama VLAN "RnD".
• PC di VLAN "Marketing" BISA berkomunikasi dengan sesama VLAN Marketing.
• PC di VLAN "RnD" TIDAK BISA berkomunikasi dengan sesama VLAN "Marketing".

PC1> ping 192.168.10.2
84 bytes from 192.168.10.2 icmp_seq=1 ttl=64 time=1.530 ms
84 bytes from 192.168.10.2 icmp_seq=2 ttl=64 time=1.779 ms

PC1> ping 192.168.10.3
host (192.168.10.3) not reachable

PC1> ping 192.168.10.4
host (192.168.10.4) not reachable

PC1> ping 192.168.10.5
host (192.168.10.5) not reachable

PC1> ping 192.168.10.6
84 bytes from 192.168.10.6 icmp_seq=1 ttl=64 time=1.398 ms
84 bytes from 192.168.10.6 icmp_seq=2 ttl=64 time=1.401 ms

PC2> ping 192.168.10.1
host (192.168.10.1) not reachable

PC2> ping 192.168.10.2
host (192.168.10.2) not reachable

PC3> PC3> ping 192.168.10.4
84 bytes from 192.168.10.4 icmp_seq=1 ttl=64 time=1.789 ms
84 bytes from 192.168.10.4 icmp_seq=2 ttl=64 time=1.471 ms


PC3> ping 192.168.20.5
84 bytes from 192.168.20.5 icmp_seq=1 ttl=64 time=1.603 ms
84 bytes from 192.168.20.5 icmp_seq=2 ttl=64 time=1.128 ms

PC2> ping 192.168.10.6
host (192.168.10.6) not reachable

POSTCONFIG

lab@Switch-1> show configuration | no-more
## Last commit: 2021-01-25 06:07:28 UTC by lab
version 20191212.201431_builder.r1074901;
system {
    host-name Switch-1;
    ...
}
interfaces {
    xe-0/0/0 {
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ RnD Marketing ];
                }
            }
        }
    }
    xe-0/0/1 {
        unit 0 {
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members RnD;
                }
            }
        }
    }
    xe-0/0/2 {
        unit 0 {
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members RnD;
                }
            }
        }
    }
    xe-0/0/3 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members Marketing;
                }
            }
        }
    }
    xe-0/0/4 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members Marketing;
                }
            }
        }
    }
    em0 {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
    em1 {
        unit 0 {
            family inet {
                address 169.254.0.2/24;
            }
        }
    }
}
forwarding-options {
    storm-control-profiles default {
        all;
    }
}
protocols {
    igmp-snooping {
        vlan default;
    }
}
vlans {
    Marketing {
        vlan-id 20;
    }
    RnD {
        vlan-id 10;
    }
    default {
        vlan-id 1;
    }
}

lab@Switch-2>
## Last commit: 2021-01-25 05:03:37 UTC by lab
version 20191212.201431_builder.r1074901;
system {
    host-name Switch-2;
    ...
}
interfaces {
    xe-0/0/0 {
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ RnD Marketing ];
                }
            }
        }
    }
    xe-0/0/1 {
        unit 0 {
            family ethernet-switching {
                interface-mode access;
                vlan {
                    members Marketing;
                }
            }
        }
    }
    xe-0/0/2 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members RnD;
                }
            }
        }
    }
    em0 {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
    em1 {
        unit 0 {
            family inet {
                address 169.254.0.2/24;
            }
        }
    }
}
forwarding-options {
    storm-control-profiles default {
        all;
    }
}
protocols {
    igmp-snooping {
        vlan default;
    }
}
vlans {
    Marketing {
        vlan-id 20;
    }
    RnD {
        vlan-id 10;
    }
    default {
        vlan-id 1;
    }
}

Berikut ini adalah artikel lain yang membahas VLAN pada Juniper.

• Konfigurasi VLAN di Juniper vQFX: Mode Access dan Trunk Port
• Inter-VLAN Routing: Menggunakan IRB/RVI pada Switch Juniper QFX series
• Inter-VLAN Routing: Menggunakan Interface Logical pada Router Juniper MX series
• Penggunaan Wildcard Operations di Junos CLI

Tags: vlan juniper, vlan junos, vlan vqfx, vlan mode access juniper, vlan mode trunk juniper, vlan trunking juniper, cara konfigurasi vlan juniper, cara konfigurasi vlan junos, cara konfigurasi vlan vqfx, vlan trunking junos, vlan mode trunk juniper, vlan mode trunk junos.