secure-access-port
Syntax
Hierarchy Level
Release Information
Description
Copyright © 2010, Juniper Networks, Inc.
secure-access-port {
dhcp-snooping-file {
location local_pathname | remote_URL;
timeout seconds;
write-interval seconds;
}
interface (all | interface-name) {
allowed-mac {
mac-address-list;
}
(dhcp-trusted | no-dhcp-trusted);
mac-limit limit action action;
no-allowed-mac-log;
static-ip ip-address {
vlan vlan-name;
mac mac-address;
}
}
vlan (all | vlan-name) {
(arp-inspection | no-arp-inspection);
dhcp-option82 {
circuit-id {
prefix hostname;
use-interface-description;
use-vlan-id;
}
remote-id {
prefix hostname | mac | none;
use-interface-description;
use-string string;
}
vendor-id <string>;
}
(examine-dhcp | no-examine-dhcp);
(ip-source-guard | no-ip-source-guard);
mac-move-limit limit action action;
}
}
[edit ethernet-switching-options]
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Options
static-ip
and
ip-source-guard
switches.
Options
and
dhcp-option82
EX Series switches.
Option
dhcp-snooping-file
Configure port security features, including MAC limiting and whether interfaces can receive
DHCP responses, and apply dynamic ARP inspection, DHCP snooping, IP source guard,
DHCP option 82, and MAC move limiting to no VLANs, specific VLANs, or all VLANs.
Chapter 98: Configuration Statements for Port Security
introduced in Junos OS Release 9.2 for EX Series
introduced in Junos OS Release 9.3 for
no-allowed-mac-log
introduced in Junos OS Release 9.4 for EX Series switches.
2973