For per-interface MAC limited on EX4300 (ELS) see:

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/port-security-mac-limiting-cli-els.html

Got there from your initial link, . . .

why is this so confusing ?????

ON 2200 3300 that was a way simple; here is a lot of confusion and OS language is not the same.

I understand I have to use:

set interfaces ge-0/0/2 unit 0 accept-source-mac mac-address 00:05:85:3A:82:80

but these two dont work:

set interfaces ge-0/0/0.0 unit 0 accept-source-mac mac-limit 2 action drop 

set interfaces ge-0/0/0.0 unit 0 accept-source-mac persistent-learning 

I am trying to limit mac addresses to specific address and limit 2 

While this works on 2200 or 3300 

https://www.juniper.net/documentation/en_US/junos/topics/example/port-security-configuring.html

it does not work on EX 4300 

https://www.juniper.net/customers/support/configtools/elstranslator/index.jsp translator does not work either.

What I have done so far on EX4300:

set interfaces ge-3/0/25 unit 0 accept-source-mac mac-address 00:04:f2:ed:6f:36

[edit switch-options]
user@switch# set interface interface-name interface-mac-limit limit packet-action action

But that seems not to work. I am trying to limit one mac address on a specific port so if something else is connected the port should be down, later if connecting with 00:04:f2:ed:6f:36 port should be up. 

I have done this on 2200 and 3300 and works but on 4300 having problems.

Here is the scenario- We've got a new voip phone system going into one of our small branch offices.

EX-4300 48P will be connected to a Cisco ASA 5505 firewall, currently the Firewall will be serving DHCP for the Lan/Guest Wifi. I'm starting the to build the EX config for Voip but having a hard time figuring out what to do with the DHCP. I'm not opposed to moving the DHCP to the EX4300 - would probably be better that way, but not sure how to do it, thinking of something like this.

ASA - 10.90.16.1

EX4300 - 10.90.16.2

Vlan 100 - Data, DHCP Pool 10.90.16.100-200 (Currently on ASA)

Vlan 105 - Voice, DHCP Pool 10.90.17.100-200 (Doesn't Exist)

Vlan 110 - Guest Wifi, DHCP Pool 192.168.90.50-192.168.90.100 (Currently on ASA)

Here is my config, I think I need a bit of help here, fairly new to Juniper

set version 14.1X53-D46.7
set groups qos-voip class-of-service classifiers dscp qos-dscp-classifier import default
set groups qos-voip class-of-service classifiers dscp qos-dscp-classifier forwarding-class qos-voice-fc loss-priority low code-points 101110
set groups qos-voip class-of-service forwarding-classes class qos-voice-fc queue-num 5
set groups qos-voip class-of-service scheduler-maps qos-voip-sched-maps forwarding-class qos-voice-fc scheduler qos-voice-scheduler
set groups qos-voip class-of-service schedulers qos-voice-scheduler buffer-size percent 20
set groups qos-voip class-of-service schedulers qos-voice-scheduler priority strict-high
set apply-groups qos-voip
set system host-name WestchesterSW
set system auto-snapshot
set system time-zone America/New_York
set system authentication-order password
set system root-authentication encrypted-password 
set system name-server 10.60.19.107
set system name-server 68.237.161.12
set system name-server 8.8.8.8
set system login message "NOTICE TO USERS\n\n  This computer system is for authorized use only. Users (authorized or unauthorized) have no explicit\nor implicit expectation of privacy.\n\n  Any or all uses of this system and all files on this system may be intercepted,\nmonitored, recorded, copied, audited, inspected, and disclosed to authorized\nsite, law enforcement personnel, as well as\nauthorized officials of other agencies, both domestic and foreign. By using\nthis system, the user consents to such interception, monitoring, recording,\ncopying, auditing, inspection, and disclosure at the discretion of authorized\npersonnel.\n\n  Unauthorized or improper use of this system may result in administrative\ndisciplinary action and civil and criminal penalties. By continuing to use this\nsystem you indicate your awareness of and consent to these terms and conditions\nof use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in\nthis warning.\n"
set system login class ssh idle-timeout 30
set system login user admin uid 2002
set system login user admin class super-user
set system login user admin authentication encrypted-password 
set system services ssh root-login deny
set system services ssh protocol-version v2
set system services telnet
set system services netconf ssh
set system services web-management http
set system services web-management https system-generated-certificate
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system commit synchronize
set chassis alarm management-ethernet link-down ignore
set interfaces ge-0/0/0 description uplink
set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/1 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/2 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/3 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/3 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/4 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/5 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/5 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/6 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/6 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/7 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/7 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/8 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/8 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/9 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/9 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/10 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/10 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/11 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/11 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/12 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/12 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/13 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/13 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/14 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/14 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/14 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/15 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/15 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/15 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/16 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/16 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/16 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/17 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/17 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/17 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/18 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/18 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/18 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/19 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/19 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/19 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/20 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/20 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/20 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/21 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/21 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/22 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/22 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/22 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/23 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/23 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/24 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/24 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/24 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/25 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/25 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/25 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/26 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/26 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/26 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/27 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/27 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/27 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/28 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/28 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/28 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/29 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/29 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/29 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/30 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/30 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/30 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/31 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/31 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/31 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/32 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/32 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/32 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/33 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/33 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/33 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/34 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/34 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/34 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/35 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/35 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/35 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/36 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/36 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/36 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/37 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/37 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/37 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/38 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/38 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/38 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/39 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/39 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/39 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/40 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/40 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/40 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/41 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/41 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/41 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/42 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/42 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/42 unit 0 family ethernet-switching vlan members GUESTWIFI
set interfaces ge-0/0/42 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/43 description WAP1
set interfaces ge-0/0/43 native-vlan-id 1
set interfaces ge-0/0/43 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/43 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/43 unit 0 family ethernet-switching vlan members GUESTWIFI
set interfaces ge-0/0/44 description "Security System"
set interfaces ge-0/0/44 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/44 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/45 description "Phone System"
set interfaces ge-0/0/45 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/45 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/46 description "AD Server"
set interfaces ge-0/0/46 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/46 unit 0 family ethernet-switching vlan members DATA
set interfaces ge-0/0/47 description "GuestWifi Uplink"
set interfaces ge-0/0/47 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members GUESTWIFI
set interfaces ge-0/2/0 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/0 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/1 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/1 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/2 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/2 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/2/3 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/2/3 unit 0 family ethernet-switching storm-control default
set interfaces irb unit 0 family inet dhcp vendor-id Juniper-ex4300-48p
set interfaces irb unit 100 family inet address 10.90.16.2/24
set snmp location westchester
set snmp contact IT
set forwarding-options storm-control-profiles PORTSTORMCONTROL all bandwidth-level 5000
set forwarding-options storm-control-profiles PORTSTORMCONTROL all no-registered-multicast
set forwarding-options storm-control-profiles PORTSTORMCONTROL action-shutdown
set forwarding-options storm-control-profiles default all
set event-options policy PORTSTORMCONTROL events eswd_st_ctl_bw_info
set event-options policy PORTSTORMCONTROL events eswd_st_ctl_error_disabled
set event-options policy PORTSTORMCONTROL events eswd_st_ctl_error_enabled
set event-options policy PORTSTORMCONTROL events eswd_st_ctl_error_in_effect
set event-options policy PORTSTORMCONTROL then raise-trap
set event-options policy archive-set-configuration events ui_commit
set event-options policy archive-set-configuration then execute-commands commands "show configuration | display set"
set event-options policy archive-set-configuration then execute-commands output-filename set-confg
set event-options policy archive-set-configuration then execute-commands destination 10.60.19.105
set event-options policy archive-set-configuration then execute-commands output-format text
set event-options policy archive-xml-configuration events ui_commit
set event-options policy archive-xml-configuration then execute-commands commands "show configuration | display xml"
set event-options policy archive-xml-configuration then execute-commands output-filename xml-confg
set event-options policy archive-xml-configuration then execute-commands destination 10.60.19.105
set event-options policy archive-xml-configuration then execute-commands output-format xml
set event-options destinations 10.60.19.105 transfer-delay 60
set event-options destinations 10.60.19.105 archive-sites "scp://hwkconfig@10.60.19.105/tftpboot" password "$9$UljHmn6AO1EM84JGD.mhcylWLX7-dwYu0"
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan default
set protocols layer2-control bpdu-block disable-timeout 60
set protocols vstp bpdu-block-on-edge
set protocols vstp interface ge-0/0/0
set protocols vstp interface ge-0/0/1 edge
set protocols vstp interface ge-0/0/2 edge
set protocols vstp interface ge-0/0/3 edge
set protocols vstp interface ge-0/0/4 edge
set protocols vstp interface ge-0/0/5 edge
set protocols vstp interface ge-0/0/6 edge
set protocols vstp interface ge-0/0/7 edge
set protocols vstp interface ge-0/0/8 edge
set protocols vstp interface ge-0/0/9 edge
set protocols vstp interface ge-0/0/10 edge
set protocols vstp interface ge-0/0/11 edge
set protocols vstp interface ge-0/0/12 edge
set protocols vstp interface ge-0/0/13 edge
set protocols vstp interface ge-0/0/14 edge
set protocols vstp interface ge-0/0/15 edge
set protocols vstp interface ge-0/0/16 edge
set protocols vstp interface ge-0/0/17 edge
set protocols vstp interface ge-0/0/18 edge
set protocols vstp interface ge-0/0/19 edge
set protocols vstp interface ge-0/0/20 edge
set protocols vstp interface ge-0/0/21 edge
set protocols vstp interface ge-0/0/22 edge
set protocols vstp interface ge-0/0/23 edge
set protocols vstp interface ge-0/0/24 edge
set protocols vstp interface ge-0/0/25 edge
set protocols vstp interface ge-0/0/26 edge
set protocols vstp interface ge-0/0/27 edge
set protocols vstp interface ge-0/0/28 edge
set protocols vstp interface ge-0/0/29 edge
set protocols vstp interface ge-0/0/30 edge
set protocols vstp interface ge-0/0/31 edge
set protocols vstp interface ge-0/0/32 edge
set protocols vstp interface ge-0/0/33 edge
set protocols vstp interface ge-0/0/34 edge
set protocols vstp interface ge-0/0/35 edge
set protocols vstp interface ge-0/0/36 edge
set protocols vstp interface ge-0/0/37 edge
set protocols vstp interface ge-0/0/38 edge
set protocols vstp interface ge-0/0/39 edge
set protocols vstp interface ge-0/0/40 edge
set protocols vstp interface ge-0/0/41 edge
set protocols vstp interface ge-0/0/42 edge
set protocols vstp interface ge-0/0/43
set protocols vstp interface ge-0/0/44
set protocols vstp interface ge-0/0/45
set protocols vstp interface ge-0/0/46
set protocols vstp interface ge-0/0/47
set protocols vstp vlan 100
set protocols vstp vlan 105
set protocols vstp vlan 110
set switch-options voip interface ge-0/0/1.0 vlan VOICE
set switch-options voip interface ge-0/0/1.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/2.0 vlan VOICE
set switch-options voip interface ge-0/0/2.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/3.0 vlan VOICE
set switch-options voip interface ge-0/0/3.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/4.0 vlan VOICE
set switch-options voip interface ge-0/0/4.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/5.0 vlan VOICE
set switch-options voip interface ge-0/0/5.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/6.0 vlan VOICE
set switch-options voip interface ge-0/0/6.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/7.0 vlan VOICE
set switch-options voip interface ge-0/0/7.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/8.0 vlan VOICE
set switch-options voip interface ge-0/0/8.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/9.0 vlan VOICE
set switch-options voip interface ge-0/0/9.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/10.0 vlan VOICE
set switch-options voip interface ge-0/0/10.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/11.0 vlan VOICE
set switch-options voip interface ge-0/0/11.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/12.0 vlan VOICE
set switch-options voip interface ge-0/0/12.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/13.0 vlan VOICE
set switch-options voip interface ge-0/0/13.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/14.0 vlan VOICE
set switch-options voip interface ge-0/0/14.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/15.0 vlan VOICE
set switch-options voip interface ge-0/0/15.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/16.0 vlan VOICE
set switch-options voip interface ge-0/0/16.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/17.0 vlan VOICE
set switch-options voip interface ge-0/0/17.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/18.0 vlan VOICE
set switch-options voip interface ge-0/0/18.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/19.0 vlan VOICE
set switch-options voip interface ge-0/0/19.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/20.0 vlan VOICE
set switch-options voip interface ge-0/0/20.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/21.0 vlan VOICE
set switch-options voip interface ge-0/0/21.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/22.0 vlan VOICE
set switch-options voip interface ge-0/0/22.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/23.0 vlan VOICE
set switch-options voip interface ge-0/0/23.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/24.0 vlan VOICE
set switch-options voip interface ge-0/0/24.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/25.0 vlan VOICE
set switch-options voip interface ge-0/0/25.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/26.0 vlan VOICE
set switch-options voip interface ge-0/0/26.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/27.0 vlan VOICE
set switch-options voip interface ge-0/0/27.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/28.0 vlan VOICE
set switch-options voip interface ge-0/0/28.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/29.0 vlan VOICE
set switch-options voip interface ge-0/0/29.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/30.0 vlan VOICE
set switch-options voip interface ge-0/0/30.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/31.0 vlan VOICE
set switch-options voip interface ge-0/0/31.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/32.0 vlan VOICE
set switch-options voip interface ge-0/0/32.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/33.0 vlan VOICE
set switch-options voip interface ge-0/0/33.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/34.0 vlan VOICE
set switch-options voip interface ge-0/0/34.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/35.0 vlan VOICE
set switch-options voip interface ge-0/0/35.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/36.0 vlan VOICE
set switch-options voip interface ge-0/0/36.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/37.0 vlan VOICE
set switch-options voip interface ge-0/0/37.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/38.0 vlan VOICE
set switch-options voip interface ge-0/0/38.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/39.0 vlan VOICE
set switch-options voip interface ge-0/0/39.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/40.0 vlan VOICE
set switch-options voip interface ge-0/0/40.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/41.0 vlan VOICE
set switch-options voip interface ge-0/0/41.0 forwarding-class expedited-forwarding
set switch-options voip interface ge-0/0/45.0 vlan VOICE
set vlans DATA vlan-id 100
set vlans DATA l3-interface irb.100
set vlans GUESTWIFI vlan-id 110
set vlans VOICE vlan-id 105
set vlans default vlan-id 1
set vlans default l3-interface irb.0
set poe interface all

What I have done:

set interfaces ge-3/0/25 unit 0 accept-source-mac mac-address 00:04:f2:ed:6f:36

[edit switch-options]
user@switch# set interface interface-name interface-mac-limit limit packet-action action

from what I see it does not work

Commit full worked on the first try.  

You don't have to answer. just wondering why it wouldn't go with a regualr commit.

Thank you

Here is my firewall configuration, with 2 terms sharing same counter name "profile1"

family inet {
    filter filter1 {
        term 1 {
            from {
                source-address {
                    198.27.134.230/32;
                }
                destination-address {
                    10.2.3.3/32;
                }
                dscp 10;
                protocol tcp;
                source-port 20;
                destination-port 1-65535;
            }
            then {
                count profile1;
                accept;
                dscp af11;
            }
        }
        term 0 {
            from {
                dscp 10;
                source-port 10-3;
            }
            then {
                count profile1;
                discard;
            }
        }
    }
}

From operational mode when I do: show firewall: I get: 

Filter: filter1
Counters:
Name                                                Bytes              Packets
profile1                                              0                    0

Does this mean the profile1 stats will add-up the matches from both term 0 and term 1 ??

Thank you. 

In case, someone is looking for the same:

set interfaces so-0/1/0 unit 0 family inet filter input filter1 
set interfaces so-0/1/0 unit 0 family inet filter output filter1

Here the input and output define the directions.

Hello,

Correct.

Moreover, if You assign this filter to >1 logical interface, the matching pkt/byte stats from all interfaces with this filter attached  will be accumulated in this single counter.

HTH

Thx
Alex

What would be port setting from EX side if I would like to add small (unmanaged) switch ? Thank you

Really having a difficult time getting DHCP running on the EX4300.

What I'd like to do is this-

ASA 10.90.16.1 is plugged into Port 0 on the EX4300
ASA 192.168.90.1 us plugged into Port 47 on the EX4300

I need to setup the following Scopes-

Scope 1 - DATA
Scope 10.90.16.100 - 200

Gateway 10.90.16.1

Vlan 100 / Irb 100

Scope 2 - Voice

Scope 10.90.17.100 - 200

Gateway 10.90.16.1

Vlan 105 / Irb 105

Scope 3 - GuestWifi

Scope 192.168.90.100 - 200

Gateway 192.168.90.1

Vlan 110 / Irb 110

Any help would be greatly appreciated. I keep finding varying methods to do this, but none of them seem to work.

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/dhcp-server-cli-els.html

https://www.juniper.net/documentation/en_US/junos/topics/example/dhcp-complete-configuration-statements.html

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/dhcp-server-cli.html

Where am I going wrong? 

I would just connect it on a normal access port. Potentially configure spanning-tree edge together with bpdu-block to protect against bridge loops.

You are not mentioning which EX series the VC is built on. If you need help configuring the features above let us know which type of Juniper switch and we can point you in the right direction.

Sorry about that. EX 4300 series VC 

This should work on ELS style switches (EX2300, EX3400, EX4300 and similar). Example with ge-0/0/4.

## Interface config - recovery timeout relates to mac-limit
user@els-switch# show interfaces ge-0/0/4
description "Link to unmanaged switch";
unit 0 {
    family ethernet-switching {
        vlan {
            members XXX;
        }
        storm-control default;
        recovery-timeout 60;
    }
}

### spanning-tree edge port + bpdu-block
user@els-switch# show protocols rstp
interface ge-0/0/4 {
    edge;
}
bpdu-block-on-edge;

### recovery timeout for bpdu-block - otherwise you have to clear the block manually
user@els-switch# show protocols layer2-control
bpdu-block {
    disable-timeout 60;
}

### limits number of mac addresses which will be learned. When the 25th shows up, the port i shut down. Can be used to ensure no ### daisy-chaining occurs from the unmanaged switch (or AP connected to it...)
user@els-switch# show switch-options
interface ge-0/0/4.0 {
    interface-mac-limit {
        24;
        packet-action shutdown;
    }
}

Thank You Jonas, its exactly what I need. 

Experts,

I am having issue with loading configuration from EX2200C ver. 12.3R12 on 2200 to 2300 ver.unos: 15.1X53-D56

root# load override /var/tmp/itroom.conf.gz
/var/tmp/itroom.conf.gz:159:(25) syntax error: port-mode
  [edit interfaces ge-0/0/0 unit 0 family ethernet-switching]
    'port-mode access;'
      syntax error
/var/tmp/itroom.conf.gz:507:(1) error recovery ignores input until this point: }

  [edit]
    '}'
      error recovery ignores input until this point
error: l3-interface: 'vlan.5': Only IRB interface is supported, e.g. irb.10
/var/tmp/itroom.conf.gz:613:(9) error recovery ignores input until this point: }

  [edit vlans v80-voice]
    '}'
      error recovery ignores input until this point
/var/tmp/itroom.conf.gz:619:(9) error recovery ignores input until this point: }

  [edit vlans v90-b-guest]
    '}'
      error recovery ignores input until this point
/var/tmp/itroom.conf.gz:625:(9) error recovery ignores input until this point: }

  [edit vlans v91-bz-test]
    '}'
      error recovery ignores input until this point
load complete (5 errors)

looks like the config from 12.3 is not compatybile with 15.1 - is there any tool that may translate or I have to correct errors manually ?

ohhh thats not only me having this problem with juniper site:

Service Unavailable

The service is temporarily unavailable. Please try again later.

This is the direct link.  You do need to log in to have access.

https://www.juniper.net/customers/support/configtools/elstranslator/

If that does not work for you email me the config file and I'll run it for you.