On Sep 20, 2022, at 1:36 PM, Chuck Anderson via juniper-nsp <juniper-nsp@puck.nether.net> wrote: > Why would you want DHCP snooping or dot1x on a campus core router? Those > functions are typically implemented at the access layer switches connected > directly to end users.
My understanding is that DHCP relay only works on layer-3 devices; all our edge switches are layer-2 (the core trunks VLANs to the edge switches; all inter-VLAN traffic is routed on the core only). Thus, the core does DHCP relay. dot1x is primarily done on our edge switches as you describe. However, we occasionally connect dumb layer 2 switches for very small closets over fiber (we're a small enough campus that all our buildings are cabled directly to the qfx), so it's nice to have the option to have a core device provide the same "edge" dot1x functionality for those devices. That one isn't as big of a deal; I could use Juniper switch with dot1x as an aggregation device if the core won't handle it. Jason _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
