Juniper JUNOS OS 10.3 - SOFTWARE Manual page 2949

Results
Verification
Purpose
Action
Copyright © 2010, Juniper Networks, Inc.
user@switch# set interface ge-0/0/2 allowed-mac 00:05:85:3A:82:83
user@switch# set interface ge-0/0/2 allowed-mac 00:05:85:3A:82:85
user@switch# set interface ge-0/0/2 allowed-mac 00:05:85:3A:82:88
Check the results of the configuration:
[edit ethernet-switching-options secure-access-port]
user@switch# show
interface ge-0/0/1.0 {
mac-limit 4 action drop;
}
interface ge-0/0/2.0 {
allowed-mac [ 00:05:85:3a:82:80 00:05:85:3a:82:81 00:05:85:3a:82:83
00:05:85:3a:82:85 00:05:85:3a:82:88 ];
mac-limit 4 action drop;
}
interface ge-0/0/8.0 {
dhcp-trusted;
}
vlan employee-vlan {
arp-inspection
examine-dhcp;
mac-move-limit 5 action drop;
}
To confirm that the configuration is working properly:
Verifying That DHCP Snooping Is Working Correctly on the Switch on page 2853
Verifying That DAI Is Working Correctly on the Switch on page 2854
Verifying That MAC Limiting and MAC Move Limiting Are Working Correctly on the
Switch on page 2854
Verifying That Allowed MAC Addresses Are Working Correctly on the Switch on page 2855
Verifying That DHCP Snooping Is Working Correctly on the Switch
Verify that DHCP snooping is working on the switch.
Send some DHCP requests from network devices (here they are DHCP clients) connected
to the switch.
Display the DHCP snooping information when the interface on which the DHCP server
connects to the switch is trusted. The following output results when requests are sent
from the MAC addresses and the server has provided the IP addresses and leases:
user@switch> show dhcp snooping binding
Chapter 94: Examples: Port Security Configuration
2853