J-series Advanced Switching Configuration Note Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER J-series Advanced Switching

Application Note

Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, California 94089 USA408.745.20001.888 JUNIPERwww.juniper.net

J-series Advanced Switching ConfigurationConfiguring JUNOS Software Advanced Switching on J-series Services Routers

Part Number: 350133-001 July 2008

Copyright ©2008, Juniper Networks, Inc.2

J-series Advanced Switching Configuration

Table of ContentsIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

JUNOS Software Release 9 .2 Switching Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

JUNOS Software Release 9 .2 Switching Configuration Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Enabling Enhanced Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Configuring Layer 2 Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Configuring Bridging Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Extending Bridging Domains and Configuring Tagged Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 6

Configuring Integrated Routing and Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Configuring Link Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Simple LAN Switching Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Adding VLANS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Routing Traffic Between VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Adding a Tagged Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Increasing Capacity with Link Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

About Juniper Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Copyright ©2008, Juniper Networks, Inc. 3


IntroductionJuniper Networks J-series services routers provide high-performance networking for branch-office and regional sites, integrating routing, WAN connectivity, security, LAN switching, VoIP/telephony and WAN optimization, extending enterprise applications and services to remote locations . A new family of high-density Ethernet Physical Interface Modules (PIMs) was introduced with JUNOS® software release 8 .5, which allowed small branch offices to aggregate Ethernet connections directly onto J-series routers, eliminating the need for Layer 2 switches . In medium-sized branch offices, Juniper Networks J-series routers could also now be used to aggregate traffic from multiple Layer 2 access switches .

However, to more effectively collapse part of the switching infrastructure onto J-series routers, JUNOS software has to be able to provide additional functionality that is commonly offered at the switching layer . JUNOS software release 9 .2 for J-series routers introduces much of this functionality by adding additional Layer 2 switching features, integrated routing and bridging, and support of several Layer 2 protocols .

ScopeThis application note provides an overview of the new JUNOS software Layer 2 features for J-series routers . It describes several common deployment scenarios, with detailed configurations for each scenario .

Design ConsiderationsWhen configuring JUNOS software advanced switching on J-series routers, note the hardware and software requirements and the JUNOS software 9 .2 switching features .

Hardware RequirementsJ-series services router (J2320, J2350, J4350, or J6350)•

8-port 10/100/1000Base-T -

16-port 10/100/1000Base-T -

6-port SFP (supporting T, LX, SX and LH SFPs) -

Software RequirementsJUNOS software with enhanced services release 9 .2 or later for the J-series platform•

admin

Sticky Note

Can we take out the whole design considerations. It's more applicable when we want to outline design tradeoffs. It's not really needed here. If we have to keep it, can you help us come up with a different sentence

admin

Inserted Text

effectively



JUNOS Software Release 9.2 Switching FeaturesJ-series advanced switching is based on current Juniper Networks EX-series functionality, which includes, but is not limited to:

Layer 2 switching of traffic, including support for both trunk and access ports•

Integrated routing and bridging•

Loop-avoidance protocols•

Spanning Tree Protocol -

Rapid Spanning Tree Protocol (RSTP) -

Multiple Spanning Tree Protocol (MSTP) -

Redundant trunk groups -

Link aggregation IEEE 802 .3ad - both static and using Link Aggregation Control Protocol (LACP)•

Generic Virtual LAN (VLAN) Registration Protocol (GVRP)•

Port security•

Per port MAC address limits -

IEEE 802 .1 and MAC authentication -

Dynamic Host Configuration Protocol (DHCP) snooping -

Address Resolution Protocol (ARP) inspection -

MAC spoofing protection -

Storm control•

Although advanced switching for the J-series is sourced from the EX-series product family, J-series features are a subset of those offered in the EX-series . In particular, the following features are not included in JUNOS software release 9 .2 for the J-series:

Layer 2 access control lists (ACLs)•

Layer 2 Quality of Service (QOS) for ports in switching mode•

Internet Group Management Protocol (IGMP) snooping•

SNMP MIB support (for the new Layer 2 features)•

Virtual chassis•

Future feature additions to EX-series platforms will not automatically be ported to JUNOS software for J-series routers . Layer 2 features from earlier JUNOS software releases continue to be supported for compatibility purposes .

In the current implementation, only one advanced switching uPIM is supported per J-series chassis (additional uPIMs can operate in routed mode or in legacy Layer 2 mode) . Although future versions of JUNOS software may remove this restriction, VLANs will not be able to cross uPIM boundaries as J-series routers do not have a fabric backplane, which would allow the switching of traffic between different uPIMs without sending frames to the CPU . Additionally, the designated advanced switching uPIMs is able to support a combination of switched and routed ports as necessary .

admin

Cross-Out



JUNOS Software Release 9.2 Switching Configuration ScenariosThis section discusses several deployment scenarios and their associated configurations .

Enabling Enhanced SwitchingThe first configuration step is to enable enhanced switching on the PIM, which is done at the [chassis fpc pic ethernet] level of the configuration hierarchy . For example, the following configuration enables a PIM in slot 1 .

chassis {

fpc 1 {

pic 0 {

ethernet {

pic-mode enhanced-switching;

}

}

}

}

Configuring Layer 2 SwitchingPhysical interfaces (IFDs in JUNOS software terminology) can operate in two modes . When an interface is given a Layer 3 address (such as an IPv4, IPv6, or ISO address), the interface will route traffic based on the destination address of each packet . If an interface is not given a Layer 3 address but is configured as part of the Ethernet switching protocol family, the interface will forward traffic based on the link layer destination address . The following configuration defines an interface as a switching port (note that Layer 2 configuration is limited to unit 0 of an interface) .

interface {

ge-<slot number>/0/<port number> {

unit 0 {

family ethernet-switching;

}

}

}

Configuring Bridging DomainsAs in most modern switches, bridging domains can be segmented using VLANs, an approach that allows device segmentation by assigning ports to administrative domains . Traffic can be forwarded between member interfaces of the same VLAN, but not between interfaces that belong to different VLANs, effectively allowing the same physical device to be shared between different non-connected networks (a later section of this document describes how to forward traffic between different VLANs) .

admin

Cross-Out

admin

Replacement Text

Examples



By default, all switching-enabled ports form part of the same bridging domain . If an interface is enabled for Layer 2 switching but not associated with any VLAN, it will become part of the default VLAN . To configure a new domain, a VLAN has to be defined under the [vlans] hierarchy and given a unique identifier (VLAN ID) .

vlans {

<vlan name> {

vlan-id <id>;

}

}

Additionally, you have to specify which interfaces will be part of the newly created domain . There are two ways to allocate interfaces . (These ways are identical from a functional point of view; it is up to you to choose the method you prefer) . The first way, under the [interface <name> unit 0 family ethernet-switching] hierarchy, is to declare the VLAN as part of an interface configuration .

interface {

ge-<slot number>/0/<port number> {

unit 0 {

family ethernet-switching {

vlan members <vlan name or id>

}

}

}

}

The second way, under the [vlan <name>interface] hierarchy, is to define VLAN member interfaces .

vlans {

<name> {

interfaces {

<interface name>;

<interface name>;

…

}

}

}

Both methods can be combined as long as no inconsistencies are introduced (for example, the same interface cannot be defined as a member of two or more VLANs) .

Extending Bridging Domains and Configuring Tagged InterfacesModern switching networks can be large enough to require the use of multiple switches (some require a tiered approach, with many switching layers) . When multiple bridging domains span more than one switching device, it is convenient to allow traffic from many domains to be forwarded through the same link, while still separating the traffic from different domains . VLAN tagging (IEEE 802 .1q) provides this functionality by extending the Ethernet header with a VLAN identifier (a 12-bit value) used to differentiate traffic from different VLANs . As shown in Figure 1, VLAN tagging reduces the number of interfaces needed to connect devices because a single interface can then carry traffic from multiple domains . Switching interfaces that carry tagged traffic are referred to as trunk ports .



Figure 1. VLAN Tagging

An interface can be configured as a trunk port by simply setting the port-mode value to trunk under the family ethernet-switching line . A trunk port can then be defined as part of multiple VLANs, which allows a switching port defined as a trunk port to be associated with more than one VLAN . Traffic forwarded from a trunk port will be tagged using the VLAN ID of the originating VLAN, while received traffic will be forwarded to the appropriate VLAN for distribution (Figure 2) .

interface {

ge-*/*/* {

unit 0 {


port-mode trunk;

vlan {

members [<vlan name or id> <vlan name or id> …]

}

}

}

}

}

Figure 2. Trunk and Access Ports

VLAN Orange VLAN Blue




Floor 1

Floor 2

Floor 1

Floor 2

VLAN

Ora

nge

VLAN

Blu

e

VLAN

Ora

nge

VLAN

Blu

e

EX 3200Series

EX 3200Series

EX 3200Series

EX 3200Series

Intra-VLANtraf�c locallyswitched inthe uPIM

Layer 2

VLANOrange

VLANBlue

VLANRed

ge-4/0/0Trunk

ge-4/0/1Access

ge-4/0/2Access

ge-4/0/3Access



Configuring Integrated Routing and BridgingAs previously discussed, an interface can be either configured as a routed interface (with a Layer 3 address) or a switched interface . What if you want to define a bridging domain where traffic between the member interfaces is switched, but other traffic is routed? This scenario is equivalent to placing a switch in front of a router . Traffic that is not destined for the router is switched based on the Layer 2 information, and traffic that reaches the router is forwarded based on the Layer 3 information .

Adding a Layer 3 interface to a bridging domain achieves the same result . As different bridging domains can have unique Layer 3 addresses, traffic between bridging domains can then be routed by JUNOS software provided that security policies allow it (Figure 3) .

Figure 3. Integrated Routing and Bridging

To add a Layer 3 interface to a bridging domain, a logical interface has to be created under the [interfaces vlan] hierarchy . After the logical interface is created, it must be associated with a particular VLAN using the l3-interface keyword .

interfaces {

vlan {

unit <unit number> {

family {

inet {

address <ip address>/<netmask>;

}

}

}

}

}

vlans {

<vlan name> {

l3-interfacevlan.<unitofnewlycreatedvlanifl>;

}

}

Intra-VLANtraf�c locallyswitched inthe uPIM

Layer 2

Inter-VLANrouted traf�csent to fwdd

VLANOrange

VLANBlue

VLANRed

Layer 2

ge-4/0/0Trunk

ge-4/0/1Access

ge-4/0/2Access

ge-4/0/3Access

interface vlan.2interface vlan.1

JUNOS Software fwdd

interface vlan.0



Layer 3 VLAN interfaces are no different than any other Layer 3 interface in JUNOS software and thus require the same configuration . In particular, these interfaces have to be assigned to a security zone, and security policies have to explicitly allow traffic to be forwarded between these interfaces and any other configured Layer 3 interfaces .

Configuring Link AggregationWhen connecting two switches together, sometimes it is advantageous to use two or more parallel connections, normally to provide redundancy . It is also desirable to increase bandwidth between switches . The challenge is that Layer 2 networks have to be loop free, and loop-avoidance protocols such as Spanning Tree Protocol (and all its variations and extensions such as RSTP and MSTP) will deactivate all but one of these parallel connections, allowing parallel connections to solve the redundancy problem, but not the bandwidth limitation .

The solution to this problem is to use link aggregation, which load balances traffic across multiple links (while guaranteeing that packets from a given flow will not be reordered) . The physical interfaces that form part of a link aggregation group can be statically configured or negotiated between endpoints using LACP (specified in IEEE 802 .3ad) . Endpoints are normally switches, but can be servers with multiple network interface cards, or NICs .

To configure link aggregation, first create an aggregate interface by defining the number of aggregated interfaces in the system and associate all the physical interfaces that will be part of the aggregate bundle with one of the newly created aggregated interfaces .

chassis {

aggregated-devices {

ethernet {

device-count <number of aggregated interfaces to create>;

}

}

}

Aggregate device count refers to the total number of aggregated interfaces in the system and not the number of physical interfaces per aggregate bundle .

This configuration will create aggregate interfaces named ae0 to ae<device-count -1> . After these interfaces are created, you have to associate physical interfaces with them, which you do under the gigabit-ethernet-options hierarchy .

interface {

<interface name> {

gigabit-ethernet-options {

802.3ad {

<bndle interface name>;

}

}

}

}

admin

Cross-Out

admin

Replacement Text

(

admin

Inserted Text

)



LACP is not required, but, if supported and configured, it enables automatic traffic switchover when one or more links fail . It also prevents common misconfiguration errors by confirming that both devices are set up for link aggregation . LACP can be enabled under the aggregated-ethernet-options section of the aggregated interface (make sure that at least one of the endpoints is configured as active) .

interface {

<aggregate interface name> {

aggregated-ether-options {

/*Thiscommandspecifiesthelinkspeedofeachmemberinterfacethat joins the ae*/

link-speed [100m|1g];

/*Thiscommandsspecifiestheminimumnumberofactivelinksrequiredforthe bundle to be considered “up” */

minimum-links <number from 1 to 8>;

lacp {

active|passive;

}

}

}

}

After a bundle interface is created, it can be configured just like any other interface: for example, you can enable switching, add the interface to a VLAN (or a group of VLANs), and enable VLAN tagging .

Simple LAN Switching ScenarioThis example details the configuration needed to use a J-series router as a simple Layer 2 switch . Although not a common deployment, it is useful as an instructional tool . The topology is illustrated in Figure 4 .

Figure 4. Layer 2 Switching Topology

J-seriesge-3/0/0 ge-3/0/1

ge-3

/0/2

admin

Cross-Out

admin

Replacement Text

serves as a good starting point.



The associated configuration is shown here .

chassis {

fpc 3 {

pic 0 {

ethernet {


}

}

}

}

interfaces {

ge-3/0/0 {

unit 0 {


}

}

ge-3/0/1 {

unit 0 {


}

}

ge-3/0/2 {

unit 0 {


}

}

}

Adding VLANS Now suppose that this small branch office has two departments: sales and operations . To isolate the departments and prevent traffic from leaking between domains, VLANS are added to the design, resulting in a new topology, illustrated in Figure 5 .

Figure 5. Adding Sale and Operations VLANs

ge-3/0/0

ge-3/0/1

ge-3/0/3

ge-3/0/4

Sales Operations

J-series

admin

Inserted Text

s



chassis {

fpc 3 {

pic 0 {

ethernet {


}

}

}

}

interfaces {

ge-3/0/0 {

unit 0 {


}

}

ge-3/0/1 {

unit 0 {


}

}

ge-3/0/3 {

unit 0 {


}

}

ge-3/0/4 {

unit 0 {


}

}

}

vlans {

operations {

vlan-id 11;

interface {

ge-3/0/1.0;

ge-3/0/0.0;

}

}

sales {

vlan-id 10;

interface {

ge-3/0/3.0;

ge-3/0/4.0;

}

}

}



Routing Traffic Between VLANsNow assume that this small branch needs to provide connectivity between the different business units, but that the connectivity must be controlled by assigning each business unit its own Layer 3 segment . Consequently, traffic between units is routed and inspected by the firewall module, where traffic policies can be enforced, as illustrated in Figure 6 .

Figure 6. Adding Routing Between VLANs

The following configuration adds two Layer 3 interfaces, one for each VLAN, which will serve as default gateways for the respective network segments . These new VLAN interfaces are then added to security zones, and security policies are defined to allow traffic between the zones . In this example, two security zones, Sales and Operations, are created, and FTP traffic is allowed between them .

chassis {

fpc 3 {

pic 0 {

ethernet {


}

}

}

}

interfaces {

ge-3/0/0 {

unit 0 {


}

}

ge-3/0/1 {

unit 0 {


}

}

ge-3/0/3 {

unit 0 {


}

10.1.2.110.1.1.1

ge-3/0/0

ge-3/0/1

ge-3/0/3

ge-3/0/4

Sales Operations

J-series10.1.1.0/24Network

10.1.2.0/24Network



}

ge-3/0/4 {

unit 0 {


}

}

vlan {

unit 10 {

family inet {

address 10.1.1.1/24;

}

}

unit 11 {

family inet {

address 10.1.2.1/24;

}

}

}

}

security {

zones {

security-zone Sales {

interfaces {

vlan.10;

}

}

security-zone Operations {

interfaces {

vlan.11;

}

}

}

policies {

from-zone Sales to-zone Operations {

policy Allow_ftp {

match {

source-address any;

destination-address any;

application junos-ftp;

}

then {

permit;

}

}

}

}

}

vlans {



operations {

vlan-id 11;

interface {

ge-3/0/1.0;

ge-3/0/0.0;

}

l3-interface vlan.11;

}

sales {

vlan-id 10;

interface {

ge-3/0/3.0;

ge-3/0/4.0;

}


}

}

Although not required, the VLAN interface unit number matches the vlan-id for every Layer 3 interface created, which helps make the configuration easier to read and debug if necessary .

Adding a Tagged InterfaceNow assume that the branch office has outgrown the available ports on the J-series services router . You can increase the number of interfaces by connecting an EX-series switch to the J-series router and extend the separate bridging domains using VLAN tags (Figure 7) .

Figure 7. Adding a Tagged Interface

As can be seen in Figure 7, the ge-3/0/7 interface is designed to transport traffic from both administrative domains . To implement this design, VLAN tagging is configured on the ge-3/0/7 interface .

chassis {

fpc 3 {

pic 0 {

ethernet {


10.1.2.110.1.1.1

ge-3/0/0

ge-3/0/7

ge-3/0/1

ge-3/0/3

ge-3/0/4

Sales Operations


10.1.2.0/24Network

EX-series



}

}

}

}

interfaces {

ge-3/0/0 {

unit 0 {


}

}

ge-3/0/1 {

unit 0 {


}

}

ge-3/0/3 {

unit 0 {


}

}

ge-3/0/4 {

unit 0 {


}

}

ge-3/0/7 {

unit 0 {


port-mode trunk;

}

}

}

vlan {

unit 10 {

family inet {

address 10.1.1.1/24;

}

}

unit 11 {

family inet {

address 10.1.2.1/24;

}

}

}

}

security {

zones {

functional-zone management {



interfaces {

ge-0/0/0.0;

}

host-inbound-traffic{

system-services {

all;

}

}

}


interfaces {

vlan.10;

}

}


interfaces {

vlan.11;

}

}

}

policies {


policy Allow_ftp {

match {

source-address any;



}

then {

permit;

}

}

}

}

}

vlans {

operations {

vlan-id 11;

interface {

ge-3/0/1.0;

ge-3/0/0.0;

ge-3/0/7.0;

}


}

sales {

vlan-id 10;

interface {



ge-3/0/3.0;

ge-3/0/4.0;

ge-3/0/7.0;

}


}

}

Increasing Capacity with Link AggregationAs the small branch office grows, with increasing numbers of applications requiring additional bandwidth, a bottleneck is created between the router and the switch . To alleviate this problem, link aggregation is configured, and a new link between the devices is added (Figure 8) .

Figure 8. Increasing Capacity with Link Aggregation

chassis {

aggregated-devices {

ethernet {

device-count 1;

}

}

fpc 3 {

pic 0 {

ethernet {


}

}

}

}

interfaces {

ge-3/0/0 {

unit 0 {


}

}

10.1.2.110.1.1.1

ge-3/0/0

ge-3/0/7ge-3/0/6

ge-3/0/1

ge-3/0/3

ge-3/0/4

Sales Operations


10.1.2.0/24Network

EX-series



ge-3/0/1 {

unit 0 {


}

}

ge-3/0/3 {

unit 0 {


}

}

ge-3/0/4 {

unit 0 {


}

}

ge-3/0/6 {

gigether-options {

802.3ad ae0;

}

}

ge-3/0/7 {

gigether-options {

802.3ad ae0;

}

}

ae0 {

aggregated-ether-options {

minimum-links 1;

link-speed 1g;

lacp {

active;

}

}

unit 0 {


port-mode trunk;

}

}

}

vlan {

unit 10 {

family inet {

address 10.1.1.1/24;

}

}

unit 11 {

family inet {

address 10.1.2.1/24;



}

}

}

}

routing-options {

static {

route 0.0.0.0/0 next-hop 172.19.101.1;

}

}

security {

zones {

functional-zone management {

interfaces {

ge-0/0/0.0;

}

host-inbound-traffic{

system-services {

all;

}

}

}


interfaces {

vlan.10;

}

}


interfaces {

vlan.11;

}

}

}

policies {


policy Allow_ftp {

match {

source-address any;



}

then {

permit;

}

}

}

}

}

vlans {



operations {

vlan-id 11;

interface {

ge-3/0/1.0;

ge-3/0/0.0;

ae0.0;

}


}

sales {

vlan-id 10;

interface {

ge-3/0/3.0;

ge-3/0/4.0;

ae0.0;

}


}

}

MonitoringVerifying and troubleshooting the configurations presented is easily accomplished by first looking at the interface-to-VLAN mapping and then the MAC address table as necessary .

#run show ethernet-switching interfaces

Interface State VLAN members Blocking

ae0.0 up operations unblocked

sales unblocked

ge-3/0/0.0 up operations unblocked

ge-3/0/1.0 up operations unblocked

ge-3/0/3.0 up sales unblocked

ge-3/0/4.0 up sales unblocked

run show ethernet-switching table

Ethernet-switching table: 4 entries, 1 learned

VLAN MAC address Type Age Interfaces

operations * Flood - All-members

operations 00:17:cb:30:8f:04 Static - Router

operations 00:18:ba:46:24:5e Learn 0 ge-3/0/0.0

sales 00:17:cb:30:8f:04 Static - Router

Both commands shown here include a detailed output option that displays additional information . Tracing can be enabled from the [ethernet-switching-options] hierarchy .

22

Copyright 2008 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICAJuniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100www.juniper.net

EAST COAST OFFICEJuniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886-3146 USA Phone: 978.589.5800 Fax: 978.589.0800

ASIA PACIFIC REGIONAL SALES HEADQUARTERSJuniper Networks (Hong Kong) Ltd. 26/F, Cityplaza One1111 King’s RoadTaikoo Shing, Hong KongPhone: 852.2332.3636 Fax: 852.2574.7803

EUROPE, MIDDLE EAST, AFRICA REGIONAL SALES HEADQUARTERSJuniper Networks (UK) Limited Building 1 Aviator Park Station Road Addlestone Surrey, KT15 2PG, U.K. Phone: 44.(0).1372.385500 Fax: 44.(0).1372.385501

To purchase Juniper Networks solutions, please contact your Juniper Networks sales representative

at 1-866-298-6428 or authorized reseller.


22

SummaryThe J-series services router family is a complete branch-office solution that blends sophisticated local Ethernet connectivity with the capability to extend enterprise applications and services to remote locations . Built on JUNOS software, the J-series uses the Juniper Networks extended product and partner portfolio to consolidate essential security, connectivity, application optimization, and voice over IP (VoIP) capabilities . To ensure network integrity, the J-series inseparably integrates high-performance routing with security for predictable, secure performance . Should onsite demand for Ethernet ports exceed the capacity of the J-series, the EX-series Ethernet switches (also based on JUNOS software) can meet growth needs while preserving the lower management costs of a single operating system . When demanding application performance is the issue, remote users will appreciate the application acceleration offered by integrated the Juniper Systems WX application acceleration platform technology . For survivable voice, J-series services routers support an integrated voice gateway solution from Avaya . For additional information, please refer to Juniper J-series and JUNOS software documentation .

About Juniper NetworksJuniper Networks, Inc . is the leader in high-performance networking . Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network . This fuels high-performance businesses . Additional information can be found at www .juniper .net .

Documents

J-series Advanced Switching Configuration Note Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER J-series Advanced Switching