Is anyone using EX4200 with DHCP Snooping + dot1x Dynamic VLAN assignments? I appear to be hitting bugs where some devices can't DHCP (such as Ricoh printer/copier/fax/scanners), or once they do DHCP they can't communicate through the EX4200 switch port. It seems I can make things work better by statically configuring the VLAN on the port rather than relying on dot1x RADIUS to dynamically assign the VLAN.
I've also discovered that all VLANs that might end up being assigned to a port either statically or dynamically or via the VOIP VLAN feature must have matching examine-dhcp/ip-source-guard/arp-inspection settings under ethernet-switching-options secure-access-port. The easiest way to accomplish this is to use "ethernet-switching-options secure-access-port vlan all" rather than specifiy individual VLANs. But even then I'm still having problems when combined with RADIUS Dynamic VLANs. I'm using 12.3R12-S3.1. Thanks. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp