This example describes how to configure basic port security features—DHCP snooping,
DAI, MAC limiting, and MAC move limiting, as well as a trusted DHCP server and allowed
MAC addresses—on a switch. The DHCP server and its clients are all members of a single
VLAN on the switch.
•
Requirements on page 2850
•
Overview and Topology on page 2850
•
Configuration on page 2852
•
Verification on page 2853
Requirements
This example uses the following hardware and software components:
•
One EX Series switch
•
Junos OS Release 9.0 or later for EX Series switches
•
A DHCP server to provide IP addresses to network devices on the switch
Before you configure DHCP snooping, DAI, and MAC limiting port security features, be
sure you have:
•
Connected the DHCP server to the switch.
•
Configured the VLAN
employee-vlan
on the switch. See “Example: Setting Up Bridging
with Multiple VLANs for EX Series Switches” on page 1312.
Overview and Topology
Ethernet LANs are vulnerable to address spoofing and DoS attacks on network devices.
To protect the devices from such attacks, you can configure DHCP snooping to validate
DHCP server messages, DAI to protect against MAC spoofing, and MAC cache limiting
to constrain the number of MAC addresses the switch adds to its MAC address cache.
You can also configure MAC move limiting to help prevent MAC spoofing.
This example shows how to configure these security features on an EX3200-24P switch.
The switch is connected to a DHCP server.
The setup for this example includes the VLAN
employee-vlan
on the switch. The procedure
for creating that VLAN is described in the topic “Example: Setting Up Bridging with Multiple
VLANs for EX Series Switches” on page 1312. That procedure is not repeated here. Figure
68 on page 2851 illustrates the topology for this example.
Copyright © 2010, Juniper Networks, Inc.
2850
Complete Software Guide for Junos
®
OS for EX Series Ethernet Switches, Release 10.3
Summary of Contents for JUNOS OS 10.3 - SOFTWARE
Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...
Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...
Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...
Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...
Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...
Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...