Do you mean a single interface within the range you're going to disable? Or match the range from a given 'down' statement on the interface?
I don't believe there is a way you can create a rule to disable the 'down' interfaces, and this must be specified with the interface you want to disable.
I am a Juniper employee, but all opinions are my own.
Original Message:
Sent: 12-02-2024 12:35
From: Unknown User
Subject: Disabling unused ports on EX switches for security
Thanks for the reply,
so on one switch I want to disable the 'down' ports looks like this...is there an option to select only the 'down' ports I want to disable in a range? Thanks!
tech@********-swi-01> show interfaces terse | match "down"
ge-0/0/0 up down
ge-0/0/0.0 up down eth-switch
ge-0/0/1 up down
ge-0/0/1.0 up down eth-switch
ge-0/0/2 up down
ge-0/0/2.0 up down eth-switch
ge-0/0/3 up down
ge-0/0/3.0 up down eth-switch
ge-0/0/4 up down
ge-0/0/4.0 up down eth-switch
ge-0/0/6 up down
ge-0/0/6.0 up down eth-switch
ge-0/0/13 up down
ge-0/0/13.0 up down eth-switch
ge-0/0/15 up down
ge-0/0/15.0 up down eth-switch
ge-0/0/18 up down
ge-0/0/18.0 up down eth-switch
ge-0/0/21 up down
ge-0/0/21.0 up down eth-switch
ge-0/0/22 up down
ge-0/0/22.0 up down eth-switch
ge-0/0/24 up down
ge-0/0/24.0 up down eth-switch
ge-0/0/25 up down
ge-0/0/25.0 up down eth-switch
ge-0/0/27 up down
ge-0/0/27.0 up down eth-switch
ge-0/0/28 up down
ge-0/0/28.0 up down eth-switch
ge-0/0/30 up down
ge-0/0/30.0 up down eth-switch
ge-0/0/33 up down
ge-0/0/33.0 up down eth-switch
ge-0/0/34 up down
ge-0/0/34.0 up down eth-switch
ge-0/0/35 up down
ge-0/0/35.0 up down eth-switch
ge-0/0/36 up down
---(more)---
Original Message:
Sent: 11-26-2024 10:22
From: Ethan Jackson
Subject: Disabling unused ports on EX switches for security
Hi Techie,
Here is the Juniper documentation page around the Interface Range command:
https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/interfaces-fundamentals/topics/task/interface-ranges.html
I've just tested this in my lab and it works:
set interfaces interface-range TEST member-range ge-0/0/0 to ge0/0/5
lab@CE1# show | compare
[edit interfaces]
+ interface-range TEST {
+ member-range ge-0/0/0 to ge-0/0/5;
+ disable;
+ }
lab@CE1# run show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 down down
ge-0/0/0.0 up down inet 10.1.0.0/31
multiservice
ge-0/0/1 down down
ge-0/0/2 down down
ge-0/0/2.0 up down inet 10.1.0.4/31
Please reach out if you need any additional help!
------------------------------
Ethan Jackson / ETH4N3T
Disclaimer:
I am a Juniper employee, but all opinions are my own.
Original Message:
Sent: 11-26-2024 09:53
From: techie211
Subject: Disabling unused ports on EX switches for security
Thanks for the reply, can this be done in a range?
Original Message:
Sent: 11-25-2024 19:47
From: spuluka
Subject: Disabling unused ports on EX switches for security
Each port would be disabled by setting this at the port level.
set ge-0/0/0 disable
https://www.juniper.net/documentation/us/en/software/junos/interfaces-ethernet-switches/topics/topic-map/switches-interface-physical.html#id-10219968
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 11-25-2024 14:31
From: techie211
Subject: Disabling unused ports on EX switches for security
Hello All, we have vendors and students that can patch in to a LAN drop thoughout the district. I'd like to disable all unused ports in our IDFs. Any help is appreciated