Port Security Table for Interface - JUNOS 9.3 Network Management Configuration Guide

[Contents] [Prev] [Next] [Index] [Report an Error]

Port Security Table for Interface

The jnxSecAccessPortIfTable, whose object identifier is {jnxSecAccessPortMIBObjects 2}, contains the following information:

Trust state and rate limit of each interface for DHCP snooping
Maximum number of MAC addresses that the interface can learn
IP source guard and MAC source guard status for each interface

Each jnxSecAccessPortIfEntry contains the objects listed in Table 219.

Table 219: jnxSecAccessPortIfTable

Object	Object ID	Description
jnxSecAccessdsIfTrustState	jnxSecAccessPortIfEntry 1	Contains one of the following values to indicate whether the interface is trusted for DHCP snooping: true–the interface is trusted; that is, the packets coming to the interfaces are forwarded without checking. false–the interface is not trusted; that is, the packets coming to the interface are subjected to DHCP checks.
jnxSecAccessdsIfRateLimit	jnxSecAccessPortIfEntry 2	Indicates the rate limit value for DHCP snooping. The rate limit is specified in packets per second unit. A value of 0 indicates that no rate limit is applied for DHCP traffic on the interface.
jnxSecAccessIfMacLimit	jnxSecAccessPortIfEntry 3	Specifies the maximum number of MAC address entries allowed on the interface. The default value is 5. A value of 0 indicates that no threshold limit is set for the interface. When the value for this object is 0, the value of the corresponding jnxSecAccessIfMacLimitExceed does not have any effect.
jnxSecAccessIfMacLimitExceed	jnxSecAccessPortIfEntry 4	Specifies the action to be taken when the number of MAC addresses exceeds the value set for jnxSecAccessIfMacLimit. This object returns one of the following JnxMacLimitExceededAction values: 1–none: Indicates that no MAC address limit is set for the interface, and that no action is required. 2–drop: Disables the MAC address learning on the interface because the number of MAC addresses has exceeded the maximum limit. Generates a notification to indicate that the number of MAC addresses has exceeded the maximum number. MAC address learning restarts only after the number of MAC addresses returns to a value within the maximum allowed number. 3–alarm: Generates a notification to indicate that the number of MAC addresses has exceeded the maximum limit. 4–shutdown: Blocks the traffic on the interface because the number of MAC addresses has exceeded the maximum limit. Generates a notification to indicate the status. Note: The value for this object is invalid if jnxIfMacLimit is set to 0.
jnxSecAccessIfIpSrcGuardStatus	jnxSecAccessPortIfEntry 5	Indicates whether IP source guard is enabled (true) or disabled (false) on the interface
jnxSecAccessIfMacSrcGuardStatus	jnxSecAccessPortIfEntry 6	Indicates whether MAC source guard is enabled (true) or disabled (false) on the interface.

[Contents] [Prev] [Next] [Index] [Report an Error]