Switching

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Auto Shutdown of Ports (EX2200/2300) whenever HUB is connected.

    Posted 01-27-2019 02:57

    Hello,

    i need to find out a way to auto block/shutdown a switch port if some one attaches a Hub or Physical layer switch to EX2200/EX2300 switch.

    Actually in our branch offices, staff has a practice of connecting more PC's connecting Hub in the switch port, which creates problems by introducing broadcast and congestion in the network rendering slow performance complaints of the APPLICATION. So i am curious if there is a way to configure the Switch (EX2200/2300) to auto shut the port whenever HUBs are connected and may generate alert to notify the Network Administrator. 


    #ex2200
    #Portshutdown
    #EX2300


  • 2.  RE: Auto Shutdown of Ports (EX2200/2300) whenever HUB is connected.

    Posted 01-27-2019 03:10

    Hi !

    For illegally connected switches sending BPDU, you can enable BPDU-Blocking, shut down port and get syslog when receiving any BPDU

     

    else you can use MAC-limit and limit the number of seen mac adresses to 1 or 2 ( if phones are connected in serial manner) and shut down the port and get syslog on violation.

     

    regrads

     

    alexander



  • 3.  RE: Auto Shutdown of Ports (EX2200/2300) whenever HUB is connected.
    Best Answer

    Posted 01-27-2019 06:24

    I think BPDU blocking works in case Layer-2 switch is connected . In case of HUBs which dont send BPDU messages, the only way is to allow 1 MAC per port.  



  • 4.  RE: Auto Shutdown of Ports (EX2200/2300) whenever HUB is connected.

    Posted 01-27-2019 07:04

    Hello,

    There is no simple solution for all use cases: L2 switch with STP enabled, L2 switch with STP disabled, hub, or a small router with built-in Wifi AP (like this one https://www.amazon.com/TP-Link-Wireless-Portable-Travel-Router/dp/B00TQEX8BO )

    The most secure solution is to use 802.1X port authentication - it requires a RADIUS server + compatible clients 

    https://www.juniper.net/documentation/en_US/junos/topics/concept/802-1x-overview.html

    EX model support for 802.1X feature is described here https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=802.1X%20authentication%20port-based%20network%20access%20control%20(PNAC) .

    HTH

    Thx

    Alex