Ip Source Guard - Juniper JUNOS OS 10.3 - SOFTWARE Manual

Typical Uses of Other Junos Operating System (Junos OS) Features with IP Source Guard
Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
ge—0/0/13.0 100 *
The IP source guard database table contains the VLANs enabled for IP source guard, the
untrusted access interfaces on those VLANs, the VLAN 802.1Q tag IDs if there are any,
and the IP addresses and MAC addresses that are bound to one another. If a switch
interface is associated with multiple VLANs and some of those VLANs are enabled for
IP source guard and others are not, the VLANs that are not enabled for IP source guard
have a star (*) in the IP Address
VLAN in the preceding sample output.
You can configure IP source guard with various other features on the EX Series switch to
provide access port security, including:
VLAN tagging (used for voice VLANs)
GRES (Graceful Routing Engine switchover)
Virtual Chassis configurations (multiple EX4200 switches that are managed through
a single management interface)
Link-aggregation groups (LAGs)
802.1X user authentication, in single supplicant mode
NOTE: The 802.1X user authentication is applied in one of three modes:
single supplicant, single-secure supplicant, or multiple supplicant. Single
supplicant mode works with IP source guard, but single-secure and multiple
supplicant modes do not.
Understanding DHCP Snooping for Port Security on EX Series Switches on page 2829
Example: Configuring IP Source Guard on a Data VLAN That Shares an Interface with
a Voice VLAN on page 2888
Example: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate
Address-Spoofing Attacks on Untrusted Access Interfaces on page 2880
* voice
and MAC Address fields. See the entry for the
Chapter 93: Port Security Overview
voice
2845