We only want to enable "ip-source-guard" in one specific interface in a VLAN. could we do it? In old Non-ELS switches only interfaces configured this knob apply the security check, but when migrate to new ELS switches we found the behaviour is changed.
ELS switches configuration:
lab# show vlans
vlan100 {
vlan-id 100;
l3-interface irb.100;
forwarding-options {
dhcp-security {
ip-source-guard;
group test {
interface ge-0/0/6.0 {
static-ip 192.168.100.100 mac 84:b5:9c:ce:b9:4d;
}
}
}
}
In above configuration we found other interfaces discard all traffic due to traffic not hit entry in the white list, we think because they are all in untrusted role because "ip-source-guard" is configured in this VLAN. how could we put other interfaces in trusted role or disable "ip-source-guard" in other interfaces? Thanks for your suuport.