Switching

Hello!

Is port security supported on trunk ports on EX switches?

I had to edit my post.

Correct answer is it depends.

DHCP snooping or (Trust DHCP) is allowed on trunk interfaces, but mac limit is not.

Check out: http://www.juniper.net/techpubs/en_US/junos9.3/topics/concept/port-security-overview.html

and

http://www.juniper.net/techpubs/en_US/junos9.3/topics/task/configuration/port-security-cli.html

Hello again!

I couldn't make DHCP snooping work on trunk ports. I've got a single EX2200  in my lab, and the problems are:

1. DHCP server connected to a trunk port is always trusted.

2. DHCP client connected to a trunk port isn't seen in DHCP snooping database.

The links you provided don't discuss trunk ports. Please, can you give me any working examples?

TIA.

Why is #1 a problem? If the DHCP server isn't trusted then the DHCP Offer messages will be blocked. To change this behavior simply:

set ethernet-switching-options secure-access-port interface *name* no-dhcp-trusted

Did you enable DHCP Snooping for all VLANs that pass on your trunk port, or at least all the VLANs that matter?

This comes from Junos 9.3: http://www.juniper.net/techpubs/en_US/junos9.3/topics/example/port-security-configuring.html

Ah, thanks for no-dhcp-trusted That's what I need!! It solves both #1 & #2.