Switching

Expand all | Collapse all

Auto Shutdown of Ports (EX2200/2300) whenever HUB is connected.

Jump to Best Answer
  • 1.  Auto Shutdown of Ports (EX2200/2300) whenever HUB is connected.

    Posted 01-27-2019 02:57

    Hello,

    i need to find out a way to auto block/shutdown a switch port if some one attaches a Hub or Physical layer switch to EX2200/EX2300 switch.

    Actually in our branch offices, staff has a practice of connecting more PC's connecting Hub in the switch port, which creates problems by introducing broadcast and congestion in the network rendering slow performance complaints of the APPLICATION. So i am curious if there is a way to configure the Switch (EX2200/2300) to auto shut the port whenever HUBs are connected and may generate alert to notify the Network Administrator. 


    #ex2200
    #Portshutdown
    #EX2300


  • 2.  RE: Auto Shutdown of Ports (EX2200/2300) whenever HUB is connected.

    Posted 01-27-2019 03:10

    Hi !

    For illegally connected switches sending BPDU, you can enable BPDU-Blocking, shut down port and get syslog when receiving any BPDU

     

    else you can use MAC-limit and limit the number of seen mac adresses to 1 or 2 ( if phones are connected in serial manner) and shut down the port and get syslog on violation.

     

    regrads

     

    alexander



  • 3.  RE: Auto Shutdown of Ports (EX2200/2300) whenever HUB is connected.
    Best Answer

    Posted 01-27-2019 06:24

    I think BPDU blocking works in case Layer-2 switch is connected . In case of HUBs which dont send BPDU messages, the only way is to allow 1 MAC per port.  



  • 4.  RE: Auto Shutdown of Ports (EX2200/2300) whenever HUB is connected.

    Posted 01-27-2019 07:04

    Hello,

    There is no simple solution for all use cases: L2 switch with STP enabled, L2 switch with STP disabled, hub, or a small router with built-in Wifi AP (like this one https://www.amazon.com/TP-Link-Wireless-Portable-Travel-Router/dp/B00TQEX8BO )

    The most secure solution is to use 802.1X port authentication - it requires a RADIUS server + compatible clients 

    https://www.juniper.net/documentation/en_US/junos/topics/concept/802-1x-overview.html

    EX model support for 802.1X feature is described here https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=802.1X%20authentication%20port-based%20network%20access%20control%20(PNAC) .

    HTH

    Thx

    Alex