Mailing List Archive

enable "ip-source-guard" in one specific interface in a VLAN
Hi! Experts

We want to Could we do it? In old Non-ELS switches only interfaces
configured this knob apply the security check, but when migrate to new ELS
switches we found the behaviour is changed.

ELS switches configuration:
lab# show vlans
vlan100 {
vlan-id 100;
l3-interface irb.100;
forwarding-options {
dhcp-security {
group test {
interface ge-0/0/6.0 {
static-ip mac 84:b5:9c:ce:b9:4d;

In above configuration we found other interfaces discard all traffic due to
traffic not hit entry in the white list, we think because they are all in
untrusted role because "ip-source-guard" is configured in this VLAN. how
could we put other interfaces in trusted role or disable "ip-source-guard"
in other interfaces? Thanks for your support.


James Chen
juniper-nsp mailing list