Table of Contents
Advertisement
Overview and Topology
Copyright © 2010, Juniper Networks, Inc.
Before you configure DHCP snooping and DAI, two port security features, to mitigate ARP
spoofing attacks, be sure you have:
Connected the DHCP server to the switch.
Configured the VLAN
employee-vlan
Ethernet LANs are vulnerable to address spoofing and DoS attacks on network devices.
This example describes how to protect the switch against one common type of attack,
an ARP spoofing attack.
In an ARP spoofing attack, the attacker sends faked ARP messages, thus creating various
types of mischief on the LAN—for example, the attacker might launch a man-in-the
middle attack.
This example shows how to configure port security features on an EX3200-24P switch
that is connected to a DHCP server. The setup for this example includes the VLAN
on the switch. The procedure for creating that VLAN is described in the
employee-vlan
topic "Example: Setting Up Bridging with Multiple VLANs for EX Series Switches" on
page 1312. That procedure is not repeated here. Figure 72 on page 2867 illustrates the topology
for this example.
Figure 72: Network Topology for Basic Port Security
The components of the topology for this example are shown in Table 369 on page 2868.
Chapter 94: Examples: Port Security Configuration
on the switch.
2867
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Juniper JUNOS OS 10.3 - SOFTWARE
Related Products for Juniper JUNOS OS 10.3 - SOFTWARE
- Juniper IDP OS 5.1R1 - S REV 1
- Juniper JUNOS OS 10.4 - S REV 5
- Juniper JUNOS OS 10.4 - FOR EX REV 1
- Juniper JUNOS OS 10.4 - XML API OPERATIONAL
- Juniper IDP OS 5.1R1
- Juniper JUNOS SOFTWARE 10.2 - SOFTWARE INSTALLATION AND UPGRADE GUIDE 4-28-2010
- Juniper OCX1100
- Juniper ADVANCED INSIGHT SCRIPTS 2.5 - S REV 1