VLAN

You can use this interface type for management of Layer 2 switches or for Zero-Touch onboarding of newly deployed devices.

For more information on Zero-Touch onboarding, see Zero Touch Capabilities.

Note

Note

The VLAN Segmented Management Instance is not supported on VSP 8600 Series.

The following list defines the abilities of this interface type:

Co-Existence Restrictions

IPv4 and IPv6 address co-existence for both a VOSS routing VLAN and VLAN Management Instance is supported, however you must manually match both IP address configurations between the VLANs.

If you configure the VLAN Management Instance with a manual IPv4 address and a DHCP IPv4 address first, you cannot add a IPv4 address to a VOSS routing VLAN.

If you configure the VLAN Management Instance with an IPv6 address first, you can only add one IPv6 global address to a VOSS routing VLAN.

The following restrictions apply when a VLAN Management Instance coexists with a port-based VLAN or with a brouter port:

Configuration Example - Coexistence with Port-Based VLAN

The following example shows how the VLAN Management Instance can be configured to share the same IP address as a routing port-based VLAN.

You can configure the VOSS VLAN first and then configure the VLAN Management Instance or vice versa. You can remove or add the coexistence at anytime.

Note

Note

With the coexistence between VOSS routing stack and the VLAN Management Instance, packets sent to the VLAN Management Instance IP address must ingress the switch from a VLAN port (or contain the VLAN ID) associated with the VLAN Management Instance. The system does not route packets between the VOSS routing VLAN and the VLAN Management Instance.

Example

IPv4
vlan create 10 type port-mstprstp 0
vlan members add 10 1/1
interface vlan 10
ip address 192.0.2.0/24
exit
mgmt vlan 10
ip address 192.0.2.0/24
ip route 0.0.0.0/0 next-hop 192.0.2.1
enable
IPv6
vlan create 10 type port-mstprstp 0
vlan members add 10 1/1
interface vlan 10
ipv6 interface address 2001:DB8::/32 
ipv6 interface enable
exit
mgmt vlan 10
ipv6 address 2001:DB8::/32 
ipv6 route 0::0/0 next-hop 2001::1
enable

Configuration Example - Coexistence with Port-Based VLAN Zero Touch Deployment

For XA1400 Series branch deployments, the VOSS routing IP stack requires the VLAN Management Instance to work in coexistence mode where both the management IP stack and the routing IP stack share the same IP address and default routes. This configuration is required if you need to use the management IP as IPsec source address.

You can manually configure the coexistence as in the preceding example, or you can use the propagate-to-routing command to propagate the management VLAN IP and static routes from the management IP stack to the VOSS routing IP stack on the same VLAN ID. If you do not include the VRF name, the system uses the existing VRF of the VOSS routing VLAN.

Example

IPv4
mgmt vlan 10 
enable
exit
mgmt dhcp-client vlan
mgmt vlan
propagate-to-routing vrf vrf24

Configuration Example - Coexistence with Brouter Port

The following example shows how the VLAN Management Instance can be configured to share the same IP address as a brouter interface.

You must configure the brouter interface before you enable the VLAN Management Instance. When the VLAN Management Instance is enabled, you must disable the VLAN Management Instance before you disable the brouter port.

Example

IPv4

interface GigabitEthernet 1/1
no shutdown
brouter port 1/1 vlan 10 subnet 192.0.2.0/24
mgmt vlan 10
ip address 192.0.2.0/24
enable 

IPv6

interface GigabitEthernet 1/1
no shutdown
ipv6 interface vlan 10
ipv6 interface address 2001:DB8::/32
ipv6 interface enable
mgmt vlan 10
ipv6 address 2001:DB8::/32
enable