Junos
Highlighted
Junos

dynamic vlans ip source guard

‎01-17-2018 06:47 AM

Dear all,

 

I have some virtual chassis ex4200. I have configured dot1x authentication with radius server based on mac addresses. Additionaly on all those vlans i have enabled ip-source-guard,examine dhcp, arp-inspection. On each port i have enabled:mac-radius restirct,suplicant multiple,guest vlan.Even though in junos guide line says that all these ports should only me configured with port mode access it doesnot work, In order for this configuration to work i have to put these ports in access mode and at least in one vlan. The strange thing is that some time works for some ports and for some times for other ports doesnot work. specialy when i have on the same port both telephone and user pc the behavius is very strange, running the command "show ethernet-switching table |match ge-3/0/14" i can see that mac address of the phone is puted on phone vlan and mac address of the user pc is puted on user vlan. I can also see from the dhcp address leases on dhcp server that both devices obtain ip from the coresponding pool of the dhcp server. But only one of tthese 2 devices working. On the same virtual chassis i have other ports with same configuration and working both devices. I have tried many things but i cannot find what is wrong. The junos version i ran is 15.1R6.7  any help is realy apriciated

 

Regards

pantelis