leblanc
asked on
juniper port security piut nework down
I have a core and several access switches. I have RVI configured for my VLAN at the core. I have 1 RVI configured for each access switch for the gateway. When I configured arp-inspection and dhcp-examine for all of my VLANs. The whole network went down. The access switches do not like those port security commands for all VLANs.
I am trying to understand why my network went down when I configured those port security commands. Thx
I am trying to understand why my network went down when I configured those port security commands. Thx
ASKER
The port between access switches and the core are trunk.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That is what I did.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, did you set mac-limit per? and did you set trunk ports to be untrusted or trusted? Can you post your config?
harbor235 ;}
harbor235 ;}
ASKER
I'd like to make a correction to my problem. those port security did not put my network down. I could not access the Internet when I input those commands. I did the configuration remotely and after entering those commands, it kick my out of the telnet session. I had to be onsite to access the switches and removed those commands.
I did not set mac-limit per port because we do not want to limit the MAc address. By default the trunk are trusted so I did not configured anything. I verified the db and there are IP addresses.
I removed those commands from my switch because it crashed my network.
I did not set mac-limit per port because we do not want to limit the MAc address. By default the trunk are trusted so I did not configured anything. I verified the db and there are IP addresses.
I removed those commands from my switch because it crashed my network.
ASKER
Any thoughts?
You need to configure the ports between the access switches and core switch as TRUNK ports, which by default are "trusted" interfaces. If you do not have these as trunks (with vlan tags) then you need to manually configure the uplink ports as trusted interfaces.