[j-nsp] DHCP snoop/DAI/IPSG and mac-based vlans?
Marco Nesler
satunz at gmail.com
Wed Oct 2 11:25:49 EDT 2013
yep all those features work with dot1x, i'm using all of them in a setup
with a mix of macauth and dot1x authenticated clients.
For example, XP client with Open1x as supplicant:
PC boot -> guest vlan
root at TEST-1x> show dhcp snooping binding
DHCP Snooping Information:
MAC address IP address Lease (seconds) Type VLAN
Interface
00:0B:5D:24:25:91 192.168.119.229 3592 dynamic guest-1x
ge-0/0/18.0
User logging in on the pc (authenticator start) -> dynamic vlan assigned
root at TEST-1x> show dhcp snooping binding
DHCP Snooping Information:
MAC address IP address Lease (seconds) Type VLAN
Interface
00:0B:5D:24:25:91 192.168.213.74 3496 dynamic mgmt
ge-0/0/18.0
ciao
marco
2013/10/1 Phil Mayers <p.mayers at imperial.ac.uk>
> Does anyone know if the layer2 security features in $subj work at the same
> time as dynamically-allocated vlans via 802.1x/macauth and RADIUS?
>
> I know of a few platforms from other vendors where this isn't the case -
> the DHCP/ARP/IPSG "punts" are bound to the static combo of port&vlan
> defined in the config - and am wondering if this is true on the EX
> switches. The docs don't really specify, and I don't have a unit to test
> (but if it *does* work, may get one ;o)
> ______________________________**_________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/juniper-nsp<https://puck.nether.net/mailman/listinfo/juniper-nsp>
>
More information about the juniper-nsp
mailing list