since this is on an interface range should i make a filter that blocks dhcp coming into the interface range? What would that look like?
Original Message:
Sent: 01-07-2025 16:33
From: MARK JOHNS
Subject: dhcp-security and interface ranges
i can test this but its not the trunk range its the access range that is having issues.
------------------------------
MARK JOHNS
Original Message:
Sent: 01-06-2025 16:53
From: fb35523
Subject: dhcp-security and interface ranges
If it's a trunk it should be exempt. I don't know the show command to see if an interfaces is trusted, but it should be easy enough to find. What happens if you explicitly set it to trusted?
Original Message:
Sent: 01-06-2025 14:52
From: MARK JOHNS
Subject: dhcp-security and interface ranges
is it because all of our settings are set in interface ranges instead of individual interfaces?
------------------------------
MARK JOHNS
Original Message:
Sent: 01-03-2025 08:47
From: MARK JOHNS
Subject: dhcp-security and interface ranges
That's what i had thought too but i came across an instance where that didn't seem to be the case. I had a coworker prepping a firewall and had it on the network on an access port to onboard it to the management site and it started handing out dhcp to the vlan it was on.
------------------------------
MARK JOHNS
Original Message:
Sent: 01-02-2025 19:54
From: Unknown User
Subject: dhcp-security and interface ranges
It seems it is not possible to configure an interface range in that stanza. On the other hand:
"By default, all trunk ports on the switch are trusted and all access ports are untrusted for DHCP snooping."
https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/concept/port-security-dhcp-snooping-els.html
Original Message:
Sent: 12-30-2024 15:53
From: MARK JOHNS
Subject: dhcp-security and interface ranges
is there a way to apply dhcp-security to interface ranges rather then a single port?
Example:
vlan99 { description example; vlan-id 99; forwarding-options { dhcp-security { group Trusted { overrides { trusted; } interface-range Trunks; } } } }
------------------------------
MARK JOHNS
------------------------------