Table of Contents
Advertisement
Overview and Topology
Table 366: Components of the Port Security Topology
Properties
Switch hardware
VLAN name and ID
VLAN subnets
Interfaces in
employee-vlan
Copyright © 2010, Juniper Networks, Inc.
Ethernet LANs are vulnerable to address spoofing and DoS attacks on network devices.
This example describes how to protect the switch from an attack on the Ethernet
switching table that causes the table to overflow and thus forces the switch to broadcast
all messages.
This example shows how to configure port security features on an EX3200-24P switch.
The switch is connected to a DHCP server.
The setup for this example includes the VLAN
for creating that VLAN is described in the topic "Example: Setting Up Bridging with Multiple
VLANs for EX Series Switches" on page 1312. That procedure is not repeated here. Figure
69 on page 2857 illustrates the topology for this example.
Figure 69: Network Topology for Basic Port Security
The components of the topology for this example are shown in Table 366 on page 2857.
Settings
One EX3200-24P, 24 ports (8 PoE ports)
employee-vlan
192.0.2.16/28
192.0.2.17
192.0.2.31
ge-0/0/1
Chapter 94: Examples: Port Security Configuration
employee-vlan
, tag
20
through
192.0.2.30
is subnet's broadcast address
,
,
,
ge-0/0/2
ge-0/0/3
ge-0/0/8
on the switch. The procedure
2857
Advertisement
Chapters
Table of Contents
Troubleshooting
