[j-nsp] EX4200: Ricoh printers, DHCP Snooping, dot1x Dynamic VLAN assignments
Chuck Anderson
cra at WPI.EDU
Mon Jul 10 20:22:36 EDT 2017
Is anyone using EX4200 with DHCP Snooping + dot1x Dynamic VLAN
assignments? I appear to be hitting bugs where some devices can't
DHCP (such as Ricoh printer/copier/fax/scanners), or once they do DHCP
they can't communicate through the EX4200 switch port. It seems I can
make things work better by statically configuring the VLAN on the port
rather than relying on dot1x RADIUS to dynamically assign the VLAN.
I've also discovered that all VLANs that might end up being assigned
to a port either statically or dynamically or via the VOIP VLAN
feature must have matching examine-dhcp/ip-source-guard/arp-inspection
settings under ethernet-switching-options secure-access-port. The
easiest way to accomplish this is to use "ethernet-switching-options
secure-access-port vlan all" rather than specifiy individual VLANs.
But even then I'm still having problems when combined with RADIUS
Dynamic VLANs. I'm using 12.3R12-S3.1.
Thanks.
More information about the juniper-nsp
mailing list