[j-nsp] EX Switches - Internet Exchange Points
Paul Stewart
paul at paulstewart.org
Thu Mar 25 15:13:31 EDT 2010
Hi there.
We're originally a Cisco shop slowly converting to Juniper .
I'm looking for feedback from folks on the list who are service providers
and connect to peering exchange points (IE. PAIX, Equinix, LINX etc). I'm
looking for recommended configuration for layer2 connectivity via an EX
switch towards one of these exchange points - we have been doing in Cisco so
long that I'm missing some obvious config in the Juniper's we just moved to
;)
Perhaps I should explain a bit better. in the Cisco world, we configure the
physical port like this:
interface GigabitEthernet3/3
description xxxxx
switchport
switchport access vlan 61
switchport mode access
no ip address
speed 100
duplex full
no cdp enable
no mop enabled
spanning-tree bpdufilter enable
Juniper port we migrated to:
ether-options {
no-auto-negotiation;
link-mode full-duplex;
speed {
100m;
}
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members Peering-xxxxx;
}
}
}
protocols {
rstp {
interface ge-0/0/3.0 {
disable;
}
}
Then from the Juniper switch (or the Cisco that we had in place) the traffic
is trunked via a couple of other switches back to a Cisco 7600 for layer3
traffic (which hasn't changed at all):
interface Vlan61
description Peering:xxxxxx
ip address xx.xx.xxx.34 255.255.255.0
ip access-group 199 out
no ip redirects
no ip proxy-arp
ip flow ingress
ipv6 address xx:xx:xx::34/64
ipv6 nd ra suppress
no ipv6 mld router
no ipv6 redirects
no ipv6 pim
no mop enabled
end
The problem I'm facing we're tripping the port security on the exchange
switch:
Mar 24 15:36:52.773 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
violation occurred, caused by MAC address 000b.45b6.f500 on port
FastEthernet0/1.
It is obviously seeing several MAC addresses and doesn't like this. so I'm
trying to adapt a "best practice" here based on what other folks have
encountered along the way as we're trying our best to learn Juniper better
;)
Thanks,
Paul
More information about the juniper-nsp
mailing list