Hi guys,
first: I'm totally new to Juniper and CLI-only enterprise switches - condemn me, but I prefer a web-based GUI for our humble needs... ;-)
Our newly installed EX4300-48MP does routing between VLANs that are connected to the device and I don't know why. I actually know the concept of VLANs differently: hosts of a VLAN are able to communicate with each other, but traffic between VLANs needs a routing instance. I hope you can help me with that.
The initial scenario: One Cisco SG500 in L3 mode doing the routing between VLANs (and a few other things like ACLs and DHCP). Two "stupid" Cisco SG300 in L2 mode. If VLAN 20 wants to communicate with VLAN 100 (even on the same switch), the traffic needs to be routed by the L3 switch.
New scenario: Unfortunately, the EX4300-48MP seems to be a bit smarter than the SG300... VLAN 20 can communicate with VLAN 100 and vice versa when connected to the EX4300-48MP. There are some ACLs on the SG500 that are bypassed if the EX does this type of Inter-VLAN Switching/Routing.
How do I force the traffic between VLANs to be routed only by the Cisco SG500?
The current configuration (I just created the VLANs and assigned them to some access ports and one trunk port):
root> show configuration | display set
set version 18.4R2-S2.3
set system root-authentication encrypted-password "xxx"
set system services ssh protocol-version v2
set system services netconf ssh
set system services web-management http
set system time-zone Europe/Berlin
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system processes dhcp-service traceoptions file dhcp_logfile
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag packet
set interfaces ge-0/0/0 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/1 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members guests
set interfaces ge-0/0/2 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/3 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members guests
set interfaces ge-0/0/3 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members guests
set interfaces ge-0/0/4 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/5 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/6 unit 0 family ethernet-switching storm-control default
...
set interfaces ge-0/0/23 unit 0 family ethernet-switching storm-control default
set interfaces mge-0/0/24 unit 0 family ethernet-switching interface-mode access
set interfaces mge-0/0/24 unit 0 family ethernet-switching vlan members servers
set interfaces mge-0/0/24 unit 0 family ethernet-switching storm-control default
set interfaces mge-0/0/25 unit 0 family ethernet-switching interface-mode access
set interfaces mge-0/0/25 unit 0 family ethernet-switching vlan members servers
set interfaces mge-0/0/25 unit 0 family ethernet-switching storm-control default
set interfaces mge-0/0/26 unit 0 family ethernet-switching storm-control default
set interfaces mge-0/0/27 unit 0 family ethernet-switching storm-control default
...
set interfaces mge-0/0/47 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/0 native-vlan-id 1
set interfaces xe-0/2/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/2/0 unit 0 family ethernet-switching vlan members guests
set interfaces xe-0/2/0 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/2/0 unit 0 family ethernet-switching vlan members servers
set interfaces xe-0/2/0 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/1 native-vlan-id 1
set interfaces xe-0/2/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/2/1 unit 0 family ethernet-switching vlan members guests
set interfaces xe-0/2/1 unit 0 family ethernet-switching vlan members default
set interfaces xe-0/2/1 unit 0 family ethernet-switching vlan members servers
set interfaces xe-0/2/1 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/2 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/3 unit 0 family ethernet-switching storm-control default
set interfaces vme unit 0 family inet address 192.168.1.9/24
set forwarding-options storm-control-profiles default all
set routing-options static route 0.0.0.0/0 next-hop 192.168.1.2
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan default
set protocols rstp interface all
set vlans default vlan-id 1
set vlans guests vlan-id 20
set vlans servers vlan-id 100
set poe interface all192.168.1.2 is the Cisco SG500 L3 Switch and all hosts are using it as their gateway.
Thanks a lot in advance!!!