[j-nsp] enable "ip-source-guard" in one specific interface in a VLAN
Chen Jiang
ilovebgp4 at gmail.com
Wed Jul 7 10:45:54 EDT 2021
Hi! Experts
We want to Could we do it? In old Non-ELS switches only interfaces
configured this knob apply the security check, but when migrate to new ELS
switches we found the behaviour is changed.
ELS switches configuration:
lab# show vlans
vlan100 {
vlan-id 100;
l3-interface irb.100;
forwarding-options {
dhcp-security {
ip-source-guard;
group test {
interface ge-0/0/6.0 {
static-ip
192.168.100.100 mac 84:b5:9c:ce:b9:4d;
}
}
}
}
In above configuration we found other interfaces discard all traffic due to
traffic not hit entry in the white list, we think because they are all in
untrusted role because "ip-source-guard" is configured in this VLAN. how
could we put other interfaces in trusted role or disable "ip-source-guard"
in other interfaces? Thanks for your support.
--
BR!
James Chen
More information about the juniper-nsp
mailing list