Table of Contents
Advertisement
Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
MAC move limiting—Detects MAC movement and MAC spoofing on access ports.
Trusted DHCP server—With a DHCP server on a trusted port, protects against rogue
DHCP servers sending leases.
IP source guard—Mitigates the effects of IP address spoofing attacks on the Ethernet
LAN. The source IP address in the packet sent from an untrusted access interface is
validated against the source MAC address in the DHCP snooping database. The packet
is allowed for further processing if the source IP address to source MAC address binding
is valid; if the binding is not valid, the packet is discarded.
DHCP option 82—Also known as the DHCP relay agent information option. Helps
protect the EX Series switch against attacks such as spoofing (forging) of IP addresses
and MAC addresses and DHCP IP address starvation. Option 82 provides information
about the network location of a DHCP client, and the DHCP server uses this information
to implement IP addresses or other parameters for the client.
Unrestricted proxy ARP—The switch responds to all ARP messages with its own MAC
address. Hosts that are connected to the switch's interfaces cannot communicate
directly with other hosts. Instead, all communications between hosts go through the
switch.
Restricted proxy ARP—The switch does not respond to an ARP request if the physical
networks of the source and target of the ARP request are the same. It does not matter
whether the destination host has the same IP address as the incoming interface or a
different (remote) IP address. An ARP request for a broadcast address elicits no reply.
Device Security—Storm control permits the switch to monitor unknown unicast and
broadcast traffic and drop packets, or shut down, or temporarily disable the interface
when a specified traffic level is exceeded, thus preventing packets from proliferating and
degrading the LAN. You can enable storm control on access interfaces or trunk interfaces.
Firewall Filters—Allow auditing of various types of security violations, including attempts
to access the switch from unauthorized locations. Firewall filters can detect such attempts
and create audit log entries when they occur. The filters can also restrict access by limiting
traffic to source and destination MAC addresses, specific protocols, or, in combination
with policers, to specified data rates to prevent denial of service (DoS) attacks.
Policers—Provide rate-limiting capability to control the amount of traffic that enters an
interface, which acts to counter DoS attacks.
Encryption Standards—Supported standards include:
128-, 192-, and 256-bit Advanced Encryption Standard (AES)
56-bit Data Encryption Standard (DES) and 168-bit 3DES
802.1X for EX Series Switches Overview on page 2531
Firewall Filters for EX Series Switches Overview on page 3001
Port Security for EX Series Switches Overview on page 2825
Understanding Proxy ARP on EX Series Switches on page 1301
Chapter 1: Software Overview
19
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Juniper JUNOS OS 10.3 - SOFTWARE
Related Products for Juniper JUNOS OS 10.3 - SOFTWARE
- Juniper IDP OS 5.1R1 - S REV 1
- Juniper JUNOS OS 10.4 - S REV 5
- Juniper JUNOS OS 10.4 - FOR EX REV 1
- Juniper JUNOS OS 10.4 - XML API OPERATIONAL
- Juniper IDP OS 5.1R1
- Juniper JUNOS SOFTWARE 10.2 - SOFTWARE INSTALLATION AND UPGRADE GUIDE 4-28-2010
- Juniper OCX1100
- Juniper ADVANCED INSIGHT SCRIPTS 2.5 - S REV 1