Switching

Hello,

i need to find out a way to auto block/shutdown a switch port if some one attaches a Hub or Physical layer switch to EX2200/EX2300 switch.

Actually in our branch offices, staff has a practice of connecting more PC's connecting Hub in the switch port, which creates problems by introducing broadcast and congestion in the network rendering slow performance complaints of the APPLICATION. So i am curious if there is a way to configure the Switch (EX2200/2300) to auto shut the port whenever HUBs are connected and may generate alert to notify the Network Administrator. 

Hi !

For illegally connected switches sending BPDU, you can enable BPDU-Blocking, shut down port and get syslog when receiving any BPDU

else you can use MAC-limit and limit the number of seen mac adresses to 1 or 2 ( if phones are connected in serial manner) and shut down the port and get syslog on violation.

regrads

alexander

I think BPDU blocking works in case Layer-2 switch is connected . In case of HUBs which dont send BPDU messages, the only way is to allow 1 MAC per port.  

Hello,

There is no simple solution for all use cases: L2 switch with STP enabled, L2 switch with STP disabled, hub, or a small router with built-in Wifi AP (like this one https://www.amazon.com/TP-Link-Wireless-Portable-Travel-Router/dp/B00TQEX8BO )

The most secure solution is to use 802.1X port authentication - it requires a RADIUS server + compatible clients 

https://www.juniper.net/documentation/en_US/junos/topics/concept/802-1x-overview.html

EX model support for 802.1X feature is described here https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=802.1X%20authentication%20port-based%20network%20access%20control%20(PNAC) .

HTH

Thx

Alex