Hi all,
I am configuring DHCP snooping on some EX3400 switches. Once it's turned on, access ports are untrused (by default) and trunked ports are trusted (by default).
There are override options to make an access port trusted, but I don't see an option to make a turnked interface untrusted. I have a valid reason for implementing this config. I can do it on non-ELS platforms (like the EX4200) with the following commands:
set ethernet-switching-options secure-access-port interface ae0.0 dhcp-trusted set ethernet-switching-options secure-access-port interface all no-dhcp-trusted set ethernet-switching-options secure-access-port vlan all examine-dhcp
However, no override exists for a trunked interface on the new ELS platform:
{master:0}[edit]
root# ...ns dhcp-security group GROUP-EXAMPLE overrides ?
Possible completions:<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
no-dhcpv6-options Make this group of interfaces not to add any DHCPv6 options
no-option16 Make this group of interfaces not to add option16
no-option18 Make this group of interfaces not to add option18
no-option37 Make this group of interfaces not to add option37
no-option82 Make this group of interfaces not to add option82
trusted Make this trusted group of interfaces
| Pipe through a command{master:0}[edit]
root# show vlans
VLAN-CLIENT-TEST {
vlan-id 100;
forwarding-options {
dhcp-security {
arp-inspection;
group GROUP-EXAMPLE {
overrides;
}
}
}
}How do I override the default behavior on a trunked interface?