Switching

 View Only
last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  Disabling unused ports on EX switches for security

    Posted 8 days ago

    Hello All, we have vendors and students that can patch in to a LAN drop thoughout the district. I'd like to disable all unused ports in our IDFs. Any help is appreciated



  • 2.  RE: Disabling unused ports on EX switches for security

    Posted 7 days ago

    Each port would be disabled by setting this at the port level.

    set ge-0/0/0 disable

    https://www.juniper.net/documentation/us/en/software/junos/interfaces-ethernet-switches/topics/topic-map/switches-interface-physical.html#id-10219968



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Disabling unused ports on EX switches for security

    Posted 7 days ago

    Thanks for the reply, can this be done in a range?




  • 4.  RE: Disabling unused ports on EX switches for security

    Posted 7 days ago

    Hi Techie, 

    Here is the Juniper documentation page around the Interface Range command: 

    https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/interfaces-fundamentals/topics/task/interface-ranges.html

    I've just tested this in my lab and it works:

    set interfaces interface-range TEST member-range ge-0/0/0 to ge0/0/5

    lab@CE1# show | compare                                 
    [edit interfaces]
    +   interface-range TEST {
    +       member-range ge-0/0/0 to ge-0/0/5;
    +       disable;
    +   }

    lab@CE1# run show interfaces terse 
    Interface               Admin Link Proto    Local                 Remote
    ge-0/0/0                down  down
    ge-0/0/0.0              up    down inet     10.1.0.0/31     
                                       multiservice
    ge-0/0/1                down  down
    ge-0/0/2                down  down
    ge-0/0/2.0              up    down inet     10.1.0.4/31   

    Please reach out if you need any additional help!



    ------------------------------
    Ethan Jackson / ETH4N3T

    Disclaimer:
    I am a Juniper employee, but all opinions are my own.
    ------------------------------



  • 5.  RE: Disabling unused ports on EX switches for security

    Posted yesterday

    Thanks for the reply,

    so on one switch I want to disable the 'down' ports looks like this...is there an option to select only the 'down' ports I want to disable in a range? Thanks!

    tech@********-swi-01> show interfaces terse | match "down" 
    ge-0/0/0                up    down
    ge-0/0/0.0              up    down eth-switch
    ge-0/0/1                up    down
    ge-0/0/1.0              up    down eth-switch
    ge-0/0/2                up    down
    ge-0/0/2.0              up    down eth-switch
    ge-0/0/3                up    down
    ge-0/0/3.0              up    down eth-switch
    ge-0/0/4                up    down
    ge-0/0/4.0              up    down eth-switch
    ge-0/0/6                up    down
    ge-0/0/6.0              up    down eth-switch
    ge-0/0/13               up    down
    ge-0/0/13.0             up    down eth-switch
    ge-0/0/15               up    down
    ge-0/0/15.0             up    down eth-switch
    ge-0/0/18               up    down
    ge-0/0/18.0             up    down eth-switch
    ge-0/0/21               up    down
    ge-0/0/21.0             up    down eth-switch
    ge-0/0/22               up    down
    ge-0/0/22.0             up    down eth-switch
    ge-0/0/24               up    down
    ge-0/0/24.0             up    down eth-switch
    ge-0/0/25               up    down
    ge-0/0/25.0             up    down eth-switch
    ge-0/0/27               up    down
    ge-0/0/27.0             up    down eth-switch
    ge-0/0/28               up    down
    ge-0/0/28.0             up    down eth-switch
    ge-0/0/30               up    down
    ge-0/0/30.0             up    down eth-switch
    ge-0/0/33               up    down
    ge-0/0/33.0             up    down eth-switch
    ge-0/0/34               up    down
    ge-0/0/34.0             up    down eth-switch
    ge-0/0/35               up    down
    ge-0/0/35.0             up    down eth-switch
    ge-0/0/36               up    down
    ---(more)---




  • 6.  RE: Disabling unused ports on EX switches for security

    Posted yesterday

    Hi Techie, 

    Do you mean a single interface within the range you're going to disable? Or match the range from a given 'down' statement on the interface?

    I don't believe there is a way you can create a rule to disable the 'down' interfaces, and this must be specified with the interface you want to disable. 



    ------------------------------
    Ethan Jackson / ETH4N3T

    Disclaimer:
    I am a Juniper employee, but all opinions are my own.
    ------------------------------