[j-nsp] Outgrowing a QFX5100

Jason Healy jhealy at logn.net
Wed Sep 21 09:59:26 EDT 2022


On Sep 20, 2022, at 1:36 PM, Chuck Anderson via juniper-nsp <juniper-nsp at puck.nether.net> wrote:
> Why would you want DHCP snooping or dot1x on a campus core router? Those functions are typically implemented at the access layer switches connected directly to end users.

My understanding is that DHCP relay only works on layer-3 devices; all our edge switches are layer-2 (the core trunks VLANs to the edge switches; all inter-VLAN traffic is routed on the core only).  Thus, the core does DHCP relay.

dot1x is primarily done on our edge switches as you describe.  However, we occasionally connect dumb layer 2 switches for very small closets over fiber (we're a small enough campus that all our buildings are cabled directly to the qfx), so it's nice to have the option to have a core device provide the same "edge" dot1x functionality for those devices.  That one isn't as big of a deal; I could use Juniper switch with dot1x as an aggregation device if the core won't handle it.

Jason


More information about the juniper-nsp mailing list