[j-nsp] EX Switches - Internet Exchange Points

Paul Stewart paul at paulstewart.org
Thu Mar 25 15:13:31 EDT 2010 

Hi there.

 

We're originally a Cisco shop slowly converting to Juniper .

 

I'm looking for feedback from folks on the list who are service providers
and connect to peering exchange points (IE. PAIX, Equinix, LINX etc).   I'm
looking for recommended configuration for layer2 connectivity via an EX
switch towards one of these exchange points - we have been doing in Cisco so
long that I'm missing some obvious config in the Juniper's we just moved to
;)

 

Perhaps I should explain a bit better. in the Cisco world, we configure the
physical port like this:

 

interface GigabitEthernet3/3

 description xxxxx

 switchport

 switchport access vlan 61

 switchport mode access

 no ip address

 speed 100

 duplex full

 no cdp enable

 no mop enabled

 spanning-tree bpdufilter enable

 

Juniper port we migrated to:

 

ether-options {

    no-auto-negotiation;

    link-mode full-duplex;

    speed {

        100m;

    }

}

unit 0 {

    family ethernet-switching {

        port-mode access;

        vlan {

            members Peering-xxxxx;

        }

    }

}

 

protocols {

    rstp {

        interface ge-0/0/3.0 {

            disable;

        }

}

 

Then from the Juniper switch (or the Cisco that we had in place) the traffic
is trunked via a couple of other switches back to a Cisco 7600 for layer3
traffic (which hasn't changed at all):

 

interface Vlan61

 description Peering:xxxxxx

 ip address xx.xx.xxx.34 255.255.255.0

 ip access-group 199 out

 no ip redirects

 no ip proxy-arp

 ip flow ingress

 ipv6 address xx:xx:xx::34/64

 ipv6 nd ra suppress

 no ipv6 mld router

 no ipv6 redirects

 no ipv6 pim

 no mop enabled

end

 

 

The problem I'm facing we're tripping the port security on the exchange
switch:

 

Mar 24 15:36:52.773 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
violation occurred, caused by MAC address 000b.45b6.f500 on port
FastEthernet0/1.

 

It is obviously seeing several MAC addresses and doesn't like this.  so I'm
trying to adapt a "best practice" here based on what other folks have
encountered along the way as we're trying our best to learn Juniper better
;)

 

Thanks,

 

Paul

More information about the juniper-nsp mailing list