Switching

Hi expert;; I have 2 vlans on my EX 3200 switch on 1st vlan IPs are alloted to customer by DHCP configured on switch , 2nd vlan require static IP on customer client.. I have also implemented DHCP snooping and ARP inspection on both vlans.. in order to implement above named port security features on 2nd vlan I have to add static IP and Mac entries on 2nd vlan under Ethernet-switching secure access port hierarchy ... Now problem is when I need to replace client on 2nd vlan (2 clients and only 2 ports aval on 2nd vlan) then I have to delete IP and MAC binding on vlan on specific port and add new client IP and MAC but if I used same interface which was being earlier used for previous client then switch do not learn MAC address and no entry in DHCP snooping database foe new IP and MAC.. I can not understand this strange behaviour .. Any solution

Dear Route Champ,

Actually DHCP Snooping database is built using DHCP traffic (lease, requests, offers, etc) only.

https://www.juniper.net/techpubs/en_US/junos9.4/topics/task/configuration/port-security-static-ip-address-cli.html

Therefore, any static entry in dhcp snooping is going to be replaced with the new entry only if, you configure the port-mac-binding using following command with ip-source-guard enabled:

[edit ethernet-switching-options secure-access port]
user@switch#set interface ge-0/0/2 static-ip 10.0.10.12 vlan data-vlan mac 00:05:85:3A:82:80

so you please post your latest configuration (ethernet-switching-options section only) and snapshot of dhcp snooping database for better comments.

kind regards

[edit Ethernet-switching-options secure-access port]
user@switch#set interface ge-0/0/2 static-ip 10.0.10.130 vlan data-vlan mac 00:05:85:3A:82:80 is exact config. Now if machine is changed and I have to change mac but same hierarchy.. After commit mac new mac is not learned/ present in MAC table and also no entry in DHCP snooping data base. But if copy same confi with new mac on another port then it work fine