Help us improve your experience.
Let us know what you think.
Do you have time for a two-minute survey?
Additional Comments
800 characters remaining
May we contact you if necessary?
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.
Security Features for EX Series Switches Overview
Port Security Overview
Understanding How to Protect Access Ports on EX Series Switches from Common Attacks
Understanding DHCP Snooping for Port Security
Understanding DAI for Port Security
Understanding MAC Limiting and MAC Move Limiting for Port Security on EX Series Switches
Understanding Trusted DHCP Servers for Port Security
Understanding IP Source Guard for Port Security on EX Series Switches
Understanding DHCP Option 82 for Port Security on EX Series Switches
Understanding Persistent MAC Learning (Sticky MAC)
Example: Configuring Basic Port Security Features
Example: Configuring MAC Limiting, Including Dynamic and Allowed MAC Addresses, to Protect the Switch from Ethernet Switching Table Overflow Attacks
Example: Configuring a DHCP Server Interface as Untrusted to Protect the Switch from Rogue DHCP Server Attacks
Example: Configuring MAC Limiting to Protect the Switch from DHCP Starvation Attacks
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
Example: Configuring Allowed MAC Addresses to Protect the Switch from DHCP Snooping Database Alteration Attacks
Example: Configuring DHCP Snooping, DAI , and MAC Limiting on a Switch with Access to a DHCP Server Through a Second Switch
Example: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces
Example: Configuring IP Source Guard on a Data VLAN That Shares an Interface with a Voice VLAN
Example: Setting Up DHCP Option 82 with a Switch as a Relay Agent Between Clients and a DHCP Server
Example: Setting Up DHCP Option 82 with a Switch with No Relay Agent Between Clients and a DHCP Server
Example: Using CoS Forwarding Classes to Prioritize Snooped Packets in Heavy Network Traffic
Configuring Port Security (CLI Procedure)
Configuring Port Security (J-Web Procedure)
Enabling DHCP Snooping (CLI Procedure)
Enabling DHCP Snooping (J-Web Procedure)
Enabling a Trusted DHCP Server (CLI Procedure)
Enabling a Trusted DHCP Server (J-Web Procedure)
Enabling Dynamic ARP Inspection (CLI Procedure)
Enabling Dynamic ARP Inspection (J-Web Procedure)
Configuring MAC Limiting (CLI Procedure)
Configuring MAC Limiting (J-Web Procedure)
Configuring MAC Move Limiting (CLI Procedure)
Configuring MAC Move Limiting (J-Web Procedure)
Setting the none Action on an Interface to Override a MAC Limit Applied to All Interfaces (CLI Procedure)
Configuring IP Source Guard (CLI Procedure)
Configuring Static IP Addresses for DHCP Bindings on Access Ports (CLI Procedure)
Setting Up DHCP Option 82 with the Switch as a Relay Agent Between Clients and DHCP Server (CLI Procedure)
Setting Up DHCP Option 82 on the Switch with No Relay Agent Between Clients and DHCP Server (CLI Procedure)
Configuring Autorecovery From the Disabled State on Secure or Storm Control Interfaces (CLI Procedure)
Configuring Persistent MAC Learning (CLI Procedure)
Making IP-MAC Bindings in the DHCP Snooping Database Persistent (CLI Procedure)
[edit ethernet-switching-options] Configuration Statement Hierarchy on EX Series Switches
[edit forwarding-options] Configuration Statement Hierarchy on EX Series Switches
allowed-mac
arp-inspection
circuit-id
dhcp-option82
dhcp-snooping-file
dhcp-trusted
disable-timeout
ethernet-switching-options
examine-dhcp
forwarding-class
interface (Access Port Security)
ip-source-guard
location (DHCP Snooping Database)
mac
mac-limit (Access Port Security)
mac-move-limit
no-allowed-mac-log
no-gratuitous-arp-request
persistent-learning
port-error-disable
prefix (Circuit ID for Option 82)
prefix (Remote ID for Option 82)
remote-id
secure-access-port
static-ip
timeout
traceoptions (Access Port Security)
use-interface-description
use-string
use-vlan-id
vendor-id
vlan (Access Port Security)
vlan (DHCP Bindings on Access Ports)
write-interval
Monitoring Port Security
Verifying That DHCP Snooping Is Working Correctly
Verifying That a Trusted DHCP Server Is Working Correctly
Verifying That DAI Is Working Correctly
Verifying That MAC Limiting Is Working Correctly
Verifying That MAC Move Limiting Is Working Correctly
Verifying That IP Source Guard Is Working Correctly
Verifying That the Port Error Disable Setting Is Working Correctly
Verifying That Persistent MAC Learning Is Working Correctly
clear arp inspection statistics
clear dhcp snooping binding
clear dhcp snooping statistics
show arp inspection statistics
show dhcp snooping binding
show dhcp snooping statistics
show ethernet-switching table
show ip-source-guard
show system statistics arp
http://kb.juniper.net/
Troubleshooting Port Security
© 1999 - 2018 Juniper Networks, Inc. All rights reserved
