[edit ethernet-switching-options secure-access-port]
set interface ge-0/0/1 mac-limit 3 action drop
set interface ge-0/0/2 mac-limit 3 action drop
Step-by-Step
Procedure
Configure MAC limiting:
Configure a MAC limit of
3
on
ge-0/0/1
and specify that packets with new addresses
be dropped if the limit has been exceeded on the interface:
1.
[edit ethernet-switching-options secure-access-port]
user@switch#
set interface ge–0/0/1
mac-limit
3 action drop
2.
Configure a MAC limit of
3
on
ge-0/0/2
and specify that packets with new addresses
be dropped if the limit has been exceeded on the interface:
[edit ethernet-switching-options secure-access-port]
user@switch#
set interface ge-0/0/2 mac-limit 3 action drop
Results
Check the results of the configuration:
[edit ethernet-switching-options secure-access-port]
user@switch# show
interface ge-0/0/1.0 {
mac-limit 3 action drop;
}
interface ge-0/0/2.0 {
mac-limit 3 action drop;
}
Verification
To confirm that the configuration is working properly:
•
Verifying That MAC Limiting Is Working Correctly on the Switch on page 2865
Verifying That MAC Limiting Is Working Correctly on the Switch
Purpose
Verify that MAC limiting is working on the switch.
Action
Send some DHCP requests from network devices (here they are DHCP clients) connected
to the switch.
Display the MAC addresses learned when DHCP requests are sent from hosts on
ge-0/0/1
and from hosts on
ge-0/0/2
, with both interfaces set to a MAC limit of
3
with the action
drop
:
user@switch>
show ethernet-switching table
Ethernet-switching table: 7 entries, 6 learned
VLAN MAC address Type Age Interfaces
default * Flood - ge-0/0/2.0
default 00:05:85:3A:82:77 Learn 0 ge-0/0/1.0
default 00:05:85:3A:82:79 Learn 0 ge-0/0/1.0
default 00:05:85:3A:82:80 Learn 0 ge-0/0/1.0
default 00:05:85:3A:82:81 Learn 0 ge-0/0/2.0
default 00:05:85:3A:82:83 Learn 0 ge-0/0/2.0
2865
Copyright © 2010, Juniper Networks, Inc.
Chapter 94: Examples: Port Security Configuration
Summary of Contents for JUNOS OS 10.3 - SOFTWARE
Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...
Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...
Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...
Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...
Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...
Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...