Re: [j-nsp] Filter-based VLAN membership
16.07.2013 04:21, Dale Shaw wrote: The desktop/end-user folks are looking at using Microsoft's MED-V platform to support legacy apps on a new Windows 7-based SOE. From what I can tell, MED-V is basically an instance of Windows XP running in Virtual PC. The desktop guys are telling me that dot1q-tagging the traffic from the VM isn't supported, nor can they cope operationally with NAT between the guest and host, so I'm looking at other options for separating this traffic, if for no other reason than to avoid the need to re-design the IP addressing plan to support larger subnets. Looks like you rather need MAC-based VLAN, not filter-based. http://www.juniper.net/techpubs/en_US/junos12.2/topics/task/configuration/authentication-static-mac-bypass-ex-series-cli.html (Despite the config stanza, it has virtually nothing to do with the 802.1X.) Note, you can set a mask length for MACs, that will match all VMs with a single config line. Or you can make EX to ask RADIUS for a VLAN-ID of a given MAC. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Filter-based VLAN membership
Hi all, I'm exploring the possibility of using filter-based VLAN membership on our EX4200 edge switches. The desktop/end-user folks are looking at using Microsoft's MED-V platform to support legacy apps on a new Windows 7-based SOE. From what I can tell, MED-V is basically an instance of Windows XP running in Virtual PC. The desktop guys are telling me that dot1q-tagging the traffic from the VM isn't supported, nor can they cope operationally with NAT between the guest and host, so I'm looking at other options for separating this traffic, if for no other reason than to avoid the need to re-design the IP addressing plan to support larger subnets. There doesn't seem to be a lot of documentation out there about this feature but in playing around in the lab I have encountered a constraint that may be a showstopper for me. It doesn't seem as though a L2 VLAN can be defined with both a mapping policy statement and an RVI attached (l3-interface). Does that mean that filter-based VLAN membership can only be configured on L2-only switches? We have a number of offices where individual floors/levels are fed via L3/routed uplinks, so there are lots of RVIs defined on edge switches. Cheers, Dale ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp