Configuration of MAC Address Validation State Inheritance

No special configuration is required to enable inheritance of the MAC address validation state on dynamic IP subscriber interfaces; this occurs automatically provided that MAC address validation is properly enabled on the parent static primary IP interface with the ip mac-validate command. If MAC address validation is disabled on the static primary IP interface, the dynamic subscriber interface inherits the disabled state for MAC address validation.

Keep the following guidelines in mind for using dynamic IP subscriber interfaces that inherit the MAC address validation state from their parent static primary IP interface:

• A dynamic subscriber interface inherits the MAC address validation state of its static primary IP interface only when the dynamic subscriber interface is created.
• You cannot change the MAC address validation state inherited by a dynamic subscriber interface from its static primary IP interface.
• Changing the MAC address validation state of a static primary IP interface does not affect the MAC address validation state of dynamic subscriber interfaces already created from this primary IP interface. Any dynamic subscriber interfaces created from this primary IP interface after you change the MAC address validation state inherit the new MAC validation state.
• When you configure a dynamic subscriber interface with one or more framed routes (subnets), we recommend that you use the ip mac-validate loose command to configure MAC address validation for the static primary IP interface. Using the loose keyword, which is the default, prevents the router from discarding packets with an IP source address from a subnet.
• Because enabling MAC address validation on an IP interface creates a static MAC address validation entry in the router’s ARP table, be sure to observe the system limit for the maximum number of dynamic ARP table entries supported per line module. See the Link Layer Maximums tables in Appendix A, System Maximums, of the Release Notes corresponding to your software release for information about the maximum number of dynamic ARP entries that the router supports. Currently, this limit is set to 32,768 dynamic ARP entries for all E-series modules that support Ethernet interfaces.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.