Hi there, I’m somewhat of a j-noob, so please forgive any obvious errors or omissions.
I’m trying to migrate a snippet of a Cisco configuration over to an EX9200 running 14.2R4.9. The configuration snippet incorporates private VLANs, DHCP snooping, DIA, and IP Source Guard. Reviewing the Configuration Guidelines of the Understanding Private VLANs on EX Series Switches chapter of JunOS 14.2 for EX switches[1], it would seem that a 1:1 configuration:feature swap is impossible due to the EX9200 not supporting DHCP Security features or IRB. If this is indeed the case, are there any other ways I can get the EX to do what I’m doing on this Cisco 4500? ! ip arp inspection vlan 4001 logging dhcp-bindings all ip dhcp snooping vlan 3001 ! vlan 3001 private-vlan primary private-vlan association 4001 ! vlan 4001 private-vlan isolated ! ip dhcp pool clients vrf clients network 172.23.254.0 255.255.255.0 ! interface Vlan3001 ip vrf clients ip address 172.23.254.1 255.255.255.0 private-vlan mapping 4001 ! interface GigabitEthernet1/1 switchport private-vlan trunk native vlan 4001 switchport private-vlan trunk allowed vlan 4001 switchport private-vlan association trunk 3001 4001 switchport mode private-vlan trunk ! Thanks in advance! (If it helps, here’s the JunOS configuration I’ve built) set interfaces ge-0/2/2 speed 1g set interfaces ge-0/2/2 hold-time up 10000 set interfaces ge-0/2/2 hold-time down 0 set interfaces ge-0/2/2 ether-options auto-negotiation set interfaces ge-0/2/2 ether-options no-flow-control set interfaces ge-0/2/2 unit 0 family ethernet-switching interface-mode access set interfaces ge-0/2/2 unit 0 family ethernet-switching vlan members CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED set interfaces ge-0/2/2 unit 0 family ethernet-switching storm-control DEFAULT set interfaces ge-0/2/2 unit 0 family ethernet-switching recovery-timeout 60 set interfaces irb unit 3000 family inet address 3.3.3.1/24 set forwarding-options storm-control-profiles DEFAULT all bandwidth-percentage 1 set routing-instances INET instance-type vrf set routing-instances INET system services dhcp-local-server group CUSTOMER-BUSINESS-DYNAMIC interface irb.3000 set routing-instances INET access address-assignment pool CUSTOMER-BUSINESS-DYNAMIC family inet network 3.3.3.0/24 set routing-instances INET access address-assignment pool CUSTOMER-BUSINESS-DYNAMIC family inet range CUSTOMER-BUSINESS-DYNAMIC low 3.3.3.2 set routing-instances INET access address-assignment pool CUSTOMER-BUSINESS-DYNAMIC family inet range CUSTOMER-BUSINESS-DYNAMIC high 3.3.3.254 set routing-instances INET access address-assignment pool CUSTOMER-BUSINESS-DYNAMIC family inet dhcp-attributes router 3.3.3.1 set routing-instances INET interface irb.3000 set routing-instances INET route-distinguisher 4:4 set routing-instances INET vrf-target target:4:4 set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED vlan-id 4000 set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED forwarding-options dhcp-security arp-inspection set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED forwarding-options dhcp-security ip-source-guard set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED private-vlan isolated set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-PRIMARY vlan-id 3000 set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-PRIMARY l3-interface irb.3000 set vlans CUSTOMER-COMMERCIAL-INET-DYNAMIC-PRIMARY isolated-vlan CUSTOMER-COMMERCIAL-INET-DYNAMIC-ISOLATED [1] http://www.juniper.net/documentation/en_US/junos14.2/topics/concept/private-vlans-ex-series-els.html _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp