We help IT Professionals succeed at work.

Juniper EX switch port security best practice

I know that there are a lot of port security features, including DIA, dhcp-trusted, examine-dhcp. Do I need to use them all? Is there any information on Juniper switch port security best practice?
Is auto-negotiate the default setting for the access ports? In other words, if I connect a trunk port from another switch to the access port of this switch, will the port becomes a trunk?
Watch Question

Auto negotiate is the default, you may need to change it for compatibility or security.  It is best to use any and all security features, unless a specific port has a device attached that is not compatible with a certain feature.  Juniper has many white papers and articles, is there anything specific you are looking for?


I have about 50 48-port Juniper EX switches on my network and there is no port security configured and I'd like to secure my ports as much as possible. I am new to Juniper, so I'd like to know if there is any white papers on Juniper EX switch port security best practice.

Will "port mode access" command on access ports disable auto negotiate?
Let say I want to mitigate rogue DHCP server on my network, do I have to configure no-dhcp-trust on all of my access ports, except the ones where my "real" DHCP servers are connected to?  Is this what it is typically configured? Thx