Dell PowerConnect J-EX4200-24T Software Manual page 2668

Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS
Configuring a VLAN, Interfaces, and Port Security Features on Switch 1
CLI Quick
Configuration
Step-by-Step
Procedure
2596
Secure port access is activated on the switch.
The switch does not drop any packets, which is the default setting.
DHCP snooping and dynamic ARP inspection (DAI) are disabled on all VLANs.
All access interfaces are untrusted and trunk interfaces are trusted; these are the
default settings.
In the configuration tasks for this example, you configure a VLAN on both switches.
In addition to configuring the VLAN, you enable DHCP snooping on Switch 1. In this
example, you will also enable DAI and a MAC limit of
Because the interface that connects Switch 2 to Switch 1 is a trunk interface, you do not
have to configure this interface to be trusted. As noted above, trunk interfaces are
automatically trusted, so DHCP messages coming from the DHCP server to Switch 2 and
then on to Switch 1 are trusted.
To configure a VLAN, interfaces, and port security features on Switch 1:
To quickly configure a VLAN, interfaces, and port security features, copy the following
commands and paste them into the switch terminal window:
[edit]
set ethernet-switching-options secure-access-port interface ge-0/0/1 mac–limit 5
set ethernet-switching-options secure-access-port vlan employee-vlan arp–inspection
set ethernet-switching-options secure-access-port vlan employee-vlan examine–dhcp
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 20
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 20
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members 20
set interfaces ge-0/0/11 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members 20
set vlans employee–vlan vlan-id 20
To configure MAC limiting, a VLAN, and interfaces on Switch 1 and enable DAI and DHCP
on the VLAN:
Configure the VLAN
1.
[edit vlans]
user@switch1# set employee-vlan vlan-id 20
Configure an interface on Switch 1 as a trunk interface:
2.
[edit interfaces]
user@switch1# set ge-0/0/11 unit 0 family ethernet-switching port-mode trunk
Associate the VLAN with interfaces
3.
[edit interfaces]
user@switch1# set ge-0/0/1 unit 0 family ethernet-switching vlan members 20
user@switch1# set ge-0/0/2 unit 0 family ethernet-switching vlan members 20
user@switch1# set ge-0/0/3 unit 0 family ethernet-switching vlan members 20
user@switch1# set ge-0/0/11 unit 0 family ethernet-switching vlan members 20
Enable DHCP snooping on the VLAN:
4.
[edit ethernet-switching-options secure-access-port]
with VLAN ID
employee-vlan
ge-0/0/1 ,
5 on Switch 1.
:
20
ge-0/0/2 , ge-0/0/3 , and ge-0/0/11 :