monotux.tech

EX2200-C12P switch primer

networking, primer

I bought an old Juniper EX2200-C12P switch a couple of months ago but didn't really put it to use for a while (hello family commitments!), until recently. So here's a short primer on how I did set it up!

The switch is pretty nice. It's compact, all silent, can be configured with both ssh, web-ui and over serial - and it has 100W of PoE! It was also quite cheap (less than 100 USD). Another bonus is that it runs FreeBSD. :-)

Here's a snapshot of the rack today - it's a bit messy, but it's getting there! I really liked putting it together.

Current state of the rack

Switch configuration

The switch configuration is pretty basic. I don't use any L3 routing, ACLs or similar - just a few VLANs, some trunk ports and PoE where I can.

The switch is reachable on my management subnet, but that's mostly so it can reach my NTP server, I've only used serial to configure it.

The setup which is pretty much what I use:

  # Setup some VLANs
  set vlans management-vlan vlan-id 3
  set vlans services-vlan vlan-id 100
  set vlans clients-vlan vlan-id 150
  set vlans guests-vlan vlan-id 200
  set vlans iot-vlan vlan-id 250

  # Router connected on port 0-3, with a bunch of VLANs tagged on port 0.
  set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk vlan members management-vlan iot-vlan
  set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members clients-vlan
  set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members services-vlan
  set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members guests-vlan

  # Some computers from the services network
  set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members services-vlan
  set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members services-vlan
  set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members services-vlan
  set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members services-vlan

  # Some client computers
  set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members clients-vlan
  set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members clients-vlan

  # Two wireless access points
  set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk vlan members [ clients-vlan iot-vlan management-vlan ]
  set interfaces ge-0/0/11 unit 0 family ethernet-switching port-mode trunk vlan members [ clients-vlan iot-vlan management-vlan ]

  # Uplink ports, to other switches
  set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk vlan members all
  set interfaces ge-0/1/1 unit 0 family ethernet-switching vlan members all

  # Setup an L3 interface on the management network, give it an IP & a
  # static route to the gateway
  set interfaces vlan unit 3 family inet address 192.168.1.2/24
  set vlans management-vlan l3-interface vlan.3
  set routing-options static route 0.0.0.0/0 next-hop 192.168.1.1

  # NTP, the lo0 interface is needed to make ntpq even start!
  set system ntp server 192.168.1.1
  set interfaces lo0 unit 0 family inet address 127.0.0.1/32

  # SNMP
  set snmp community change-me-please authorization read-only

Power over Ethernet

The default configuration enables PoE on all ports, which is nice. The only downside of this is that PoE is like a hammer - now everything you see is a nail! Especially armed with PoE splitters (like this TP-Link product) or adapters (like this noname product).

I currently have 6 devices powered with PoE - four SBCs, one switch and one wireless access point. Only the WAP is designed to be powered this way - the others use adapters (the SBCs) or PoE splitters (once you realize that nearly all 12v appliances can be powered this way…). It's still well within my power budget:

  root> show poe controller
  Controller  Maximum   Power         Guard    Management   Status        Lldp
  index       power     consumption   band                                Priority
     0        100.00W   22.00W          0W     Class        AT_MODE       Disabled

I should really, really setup SNMP monitoring of my power budget.

Update - LACP

I recently (as in an hour ago) setup an aggregated ethernet link between my EX2200-C12P and my Zyxel 1920-24. I used the last two non-PoE ports, which is ge-0/1/0 and ge-0/1/1 in this case.

  # First, delete the current configuration for the ports in question
  delete interfaces ge-0/1/0
  delete interfaces ge-0/1/1

  set interfaces ge-0/1/0 ether-options 802.3ad ae0
  set interfaces ge-0/1/1 ether-options 802.3ad ae0
  set interfaces ae0 description "Zyxel 1920-24"
  set interfaces ae0 aggregated-ether-options lacp active
  set interfaces ae0 aggregated-ether-options lacp periodic slow

  # Now ae0 works like any other interface, so adding vlans here
  set interfaces ae0 unit 0 family ethernet-switching port-mode trunk native-vlan-id default vlan members all

  # Don't forget this, and increase it according to how many LACPs you have
  set chassis aggregated-devices ethernet device-count 1

Then, to check how the interface is doing:

  root> show lacp interfaces
  root> show lacp statistics interfaces
  Aggregated interface: ae0
      LACP Statistics:       LACP Rx     LACP Tx   Unknown Rx   Illegal Rx
        ge-0/1/0                 350         363            0            0
        ge-0/1/1                 349         359            0            0

  root> show interfaces terse | match ae0
  ge-0/1/0.0              up    up   aenet    --> ae0.0
  ge-0/1/1.0              up    up   aenet    --> ae0.0
  ae0                     up    up
  ae0.0                   up    up   eth-switch