Table of Contents
Advertisement
Chapter 41
Configuring MAC Address Validation on
Static Ethernet Interfaces
MAC Address Validation on Static Ethernet Interfaces Overview
Configuring MAC Address Validation on Static Ethernet Interfaces
MAC Address Validation on Static Ethernet Interfaces Overview on page 699
Configuring MAC Address Validation on Static Ethernet Interfaces on page 699
MAC address validation enables the router to validate that received packets contain
a trusted IP source and an Ethernet MAC source address.
MAC address validation is supported on AE, Fast Ethernet, Gigabit Ethernet, and
10–Gigabit Ethernet interfaces (with or without VLAN tagging) on MX Series routers
only.
There are two types of MAC address validation that you can configure:
Loose—Forwards packets when both the IP source address and the MAC source
address match one of the trusted address tuples.
Drops packets when the IP source address matches one of the trusted tuples,
but the MAC address does not support the MAC address of the tuple
Continues to forward packets when the source address of the incoming packet
does not match any of the trusted IP addresses.
Strict—Forwards packets when both the IP source address and the MAC source
address match one of the trusted address tuples.
Drops packets when the MAC address does not match the tuple's MAC source
address, or when IP source address of the incoming packet does not match any
of the trusted IP addresses.
To configure MAC address validation on static Ethernet interfaces, include the
mac-validate (loose | strict)
logical-unit-number family family]
[edit interfaces interface-name unit logical-unit-number family family]
mac-validate (loose | strict);
MAC Address Validation on Static Ethernet Interfaces Overview
statement in the [edit interfaces interface-name unit
hierarchy:
699
Advertisement
Table of Contents
