Switching

last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  dhcp-snooping-file location remote_URL (FTP/TFTP) support ?

     
    Posted 04-10-2013 07:30

    hi,

     

    EX2200 running 11.4R5.7,  dhcp snooping with dhcp-snooping-file set to local file (/var/tmp), work fine:

     

    [edit ethernet-switching-options secure-access-port dhcp-snooping-file]
admin@EX2200# show 
location EX2200-dhcp-snooping;
write-interval 600;
timeout 30;

     

    I'm looking into changing it to remote location. Docs say: 'remote_URL —Use ftp://ip-address or ftp:// hostname/path to store database on remote location'

    http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/configuration-statement/location-edit-ethernet-switching-options-port-security-ex-series.html

     

     

    Anyway it looks like Junos does not like FTP:

     

    [edit ethernet-switching-options secure-access-port dhcp-snooping-file]
admin@EX2200# set location ftp://1.2.3.4/dhcp_file   

[edit ethernet-switching-options secure-access-port dhcp-snooping-file]
admin@EX2200# show 
location ftp://1.2.3.4/dhcp_file;
write-interval 600;
timeout 30;

[edit ethernet-switching-options secure-access-port dhcp-snooping-file]
admin@EX2200# commit check 
[edit ethernet-switching-options secure-access-port]
  'dhcp-snooping-file'
    Invalid URL format
error: configuration check-out failed

[edit ethernet-switching-options secure-access-port dhcp-snooping-file]
admin@EX2200# set location tftp://1.2.3.4/dhcp_file   

[edit ethernet-switching-options secure-access-port dhcp-snooping-file]
admin@EX2200# show 
location tftp://1.2.3.4/dhcp_file;
write-interval 600;
timeout 30;

[edit ethernet-switching-options secure-access-port dhcp-snooping-file]
admin@EX2200# commit check
configuration check succeeds

     

    Is anyone using remote_URL in dhcp-snooping-file location ? TFTP or something else ? What Junos version ?

    It's also interesting how long & how many times EX tries to load the file after switch startup.

    jtb



  • 2.  RE: dhcp-snooping-file location remote_URL (FTP/TFTP) support ?
    Best Answer

    Posted 04-11-2013 09:20

    Hello,

    If You are using FTP, You need to specify FTP username and password in the URL itself:

     

    {master:0}[edit]
aarseniev@ex4200vc# show ethernet-switching-options                                          
secure-access-port {
    dhcp-snooping-file {
        location "ftp://anonymous:emailATdomain.tld@1.2.3.4/dhcp_file";
        write-interval 600;
        timeout 30;
    }
}
storm-control {
    interface all;
}

{master:0}[edit]
aarseniev@ex4200vc# commit check 
configuration check succeeds

     Not sure how char @ in password will interact with char @ before IP address, could You please test and report back.

    HTH

    Thanks

    Alex

     

    [EDIT]

    This link http://www.cs.tut.fi/~jkorpela/ftpurl.html suggests that following might work:

     

    {master:0}[edit]
aarseniev@ex4200vc# show ethernet-switching-options                                          
secure-access-port {
    dhcp-snooping-file {
        location "ftp://anonymous:email%40domain.tld@1.2.3.4/dhcp_file";
        write-interval 600;
        timeout 30;
    }
}

     where %40 is char @ encoded as per http://www.cs.tut.fi/~jkorpela/HTML3.2/3.5.html#urlenc

    HTH

    Thanks

    Alex



  • 3.  RE: dhcp-snooping-file location remote_URL (FTP/TFTP) support ?

     
    Posted 04-12-2013 06:58

    hi Alex,

     

    it really helps to have someone else to look at your problem ...  basic staff I've missed. I tested it with scp://user : pass@1.2.3.4/, dreaming SCP works here, but forgot to add user/pass in FTP tests.

     

    I will test it, once I have access to EX I can restart. Want to know how/when EX tries to load the file, what happens if it can't access the FTP server initially.

    jtb