Complete Software Guide for Junos
Chapter 94
l
®
OS for EX Series Ethernet Switches, Release 10.3
DHCP Snooping Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2829
DHCP Server Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2831
Switch, DHCP Clients, and DHCP Server Are All on the Same VLAN . . 2831
Switch Acts as DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2832
DHCP Snooping Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2834
Static IP Address Additions to the DHCP Snooping Database . . . . . . . . . . 2834
Address Resolution Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2836
ARP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2836
Understanding MAC Limiting and MAC Move Limiting for Port Security on EX
Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2838
MAC Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2838
MAC Move Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2838
MAC Addresses That Exceed the MAC Limit or MAC Move Limit . . . . . . . . 2839
Understanding Trusted DHCP Servers for Port Security on EX Series
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2840
Suboption Components of Option 82 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2841
Configurations of the EX Series Switch That Support Option 82 . . . . . . . . 2842
IP Address Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2844
Typical Uses of Other Junos Operating System (Junos OS) Features with
IP Source Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2845
Proxy ARP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2846
Examples: Port Security Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2849
Example: Configuring Port Security, with DHCP Snooping, DAI, MAC Limiting,
Example: Configuring MAC Limiting, Including Dynamic and Allowed MAC
Addresses, to Protect the Switch from Ethernet Switching Table Overflow
Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2856
Example: Configuring a DHCP Server Interface as Untrusted to Protect the Switch
Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2863
Copyright © 2010, Juniper Networks, Inc.