Table of Contents
Advertisement
Step-by-Step
Procedure
Results
Copyright © 2010, Juniper Networks, Inc.
set ethernet-switching-options secure-access-port vlan data arp-inspection
set ethernet-switching-options secure-access-port vlan data ip-source-guard
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members data
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members data
set interfaces ge-0/0/24 unit 0 family ethernet-switching vlan members data
set protocols lldp-med interface ge-0/0/0.0
set protocols dot1x authenticator authentication-profile-name profile52
set protocols dot1x authenticator interface ge-0/0/0.0 supplicant single
set protocols lldp-med interface ge-0/0/1.0
set protocols dot1x authenticator interface ge-0/0/1.0 supplicant single
To configure IP source guard with 802.1X authentication and various port security features:
Configure the interface on which the DHCP server is connected to the switch as a
1.
trusted interface and add that interface to the data VLAN:
[edit ethernet-switching-options]
user@switch# set secure-access-port interface ge-0/0/24 dhcp-trusted
user@switch# set set ge-0/0/24 unit 0 family ethernet-switching vlan members data
Associate two interfaces with the data VLAN:
2.
[edit interfaces]
user@switch# set ge-0/0/0 unit 0 family ethernet-switching vlan members data
user@switch# set ge-0/0/1 unit 0 family ethernet-switching vlan members data
Configure 802.1X user authentication and LLDP-MED on the two interfaces that
3.
you associated with the data VLAN:
[edit protocols]
user@switch# set lldp-med interface ge-0/0/0.0
user@switch# set dot1x authenticator authentication-profile-name profile52
user@switch# set dot1x authenticator interface ge-0/0/0.0 supplicant single
user@switch# set lldp-med interface ge-0/0/1.0
user@switch# set dot1x authenticator interface ge-0/0/1.0 supplicant single
Configure three access port security features—DHCP snooping, dynamic ARP
4.
inspection (DAI), and IP source guard—on the data VLAN:
[edit ethernet-switching-options]
user@switch# set secure-access-port vlan data examine-dhcp
user@switch# set secure-access-port vlan data arp-inspection
user@switch# set secure-access-port vlan data ip-source-guard
Check the results of the configuration:
[edit ethernet-switching-options]
secure-access-port {
interface ge-0/0/24.0 {
dhcp-trusted;
}
vlan data {
arp-inspection;
examine-dhcp;
ip-source-guard;
}
}
[edit interfaces]
Chapter 94: Examples: Port Security Configuration
2883
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Juniper JUNOS OS 10.3 - SOFTWARE
Related Products for Juniper JUNOS OS 10.3 - SOFTWARE
- Juniper IDP OS 5.1R1 - S REV 1
- Juniper JUNOS OS 10.4 - S REV 5
- Juniper JUNOS OS 10.4 - FOR EX REV 1
- Juniper JUNOS OS 10.4 - XML API OPERATIONAL
- Juniper IDP OS 5.1R1
- Juniper JUNOS SOFTWARE 10.2 - SOFTWARE INSTALLATION AND UPGRADE GUIDE 4-28-2010
- Juniper OCX1100
- Juniper ADVANCED INSIGHT SCRIPTS 2.5 - S REV 1