Requirements
This example uses the following hardware and software components:
•
One EX3200-24P switch—“Switch 1” in this example.
•
An additional EX Series switch—”Switch 2” in this example. You will not configure port
security on this switch.
•
Junos OS Release 9.0 or later for EX Series switches.
•
A DHCP server connected to Switch 2. You will use the server to provide IP addresses
to network devices connected to Switch 1.
•
At least two network devices (hosts) that you will connect to access interfaces on
Switch 1. These devices will be DHCP clients.
Before you configure DHCP snooping, DAI, and MAC limiting port security features, be
sure you have:
•
Connected the DHCP server to Switch 2.
•
Configured the VLAN
employee-vlan
on the switch. See “Example: Setting Up Bridging
with Multiple VLANs for EX Series Switches” on page 1312.
Overview and Topology
Ethernet LANs are vulnerable to address spoofing and DoS attacks on network devices.
To protect the devices from such attacks, you can configure:
•
DHCP snooping to validate DHCP server messages
•
DAI to protect against ARP spoofing
•
MAC limiting to constrain the number of MAC addresses the switch adds to its MAC
address cache
This example shows how to configure these port security features on an EX3200 switch,
which is Switch 1 in this example. (You could also use an EX4200 switch for this example.)
Switch 1 is connected to a switch that is not configured with port security features. That
second switch (Switch 2) is connected to a DHCP server. (See Figure 74 on page 2875. )
Network devices (hosts) that are connected to Switch 1 will send requests for IP addresses
(that is, the devices will be DHCP clients). Those requests will be transmitted from
Switch 1 to Switch 2 and then to the DHCP server connected to Switch 2. Responses to
the requests will be transmitted along the reverse path of the one followed by the
requests.
The setup for this example includes the VLAN
employee-vlan
on both switches.
Figure 74 on page 2875 shows the network topology for the example.
Copyright © 2010, Juniper Networks, Inc.
2874
Complete Software Guide for Junos
®
OS for EX Series Ethernet Switches, Release 10.3
Summary of Contents for JUNOS OS 10.3 - SOFTWARE
Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...
Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...
Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...
Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...
Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...
Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...