Juniper JUNOS OS 10.4 - FOR EX REV 1 Manual page 3182

Complete Software Guide for Junos
Meaning
Purpose
Action
Meaning
Purpose
Action
3078
®
OS for EX Series Ethernet Switches, Release 10.4
DHCP Snooping Information:
MAC Address IP Address
----------------- ----------
00:05:85:3A:82:77 192.0.2.17
00:05:85:3A:82:79 192.0.2.18
00:05:85:3A:82:80 192.0.2.19
00:05:85:3A:82:81 192.0.2.20
00:05:85:3A:82:83 192.0.2.21
00:05:85:27:32:88 192.0.2.22
When the interface on which the DHCP server connects to the switch has been set to
trusted, the output (see preceding sample) shows, for each MAC address, the assigned
IP address and lease time—that is, the time, in seconds, remaining before the lease
expires.
If the DHCP server had been configured as untrusted, no entries would be added to the
DHCP snooping database and nothing would be shown in the output of the
command.
snooping binding
Verifying That DAI Is Working Correctly on the Switch
Verify that DAI is working on the switch.
Send some ARP requests from network devices connected to the switch.
Display the DAI information:
user@switch> show arp inspection statistics
ARP inspection statistics:
Interface Packets received
--------------- ---------------
ge-0/0/1.0
ge-0/0/2.0
ge-0/0/3.0
The sample output shows the number of ARP packets received and inspected per
interface, with a listing of how many packets passed and how many failed the inspection
on each interface. The switch compares the ARP requests and replies against the entries
in the DHCP snooping database. If a MAC address or IP address in the ARP packet does
not match a valid entry in the database, the packet is dropped.
Verifying That MAC Limiting and MAC Move Limiting Are Working Correctly on
the Switch
Verify that MAC limiting and MAC move limiting are working on the switch.
Suppose that two packets have been sent from hosts on
hosts on ge-0/0/2 , with both interfaces set to a MAC limit of
.
drop
Display the MAC addresses learned:
user@switch> show ethernet-switching table
Lease Type VLAN
----- ---- ----
600 dynamic employee—vlan
653 dynamic employee—vlan
720 dynamic employee—vlan
932 dynamic employee—vlan
1230 dynamic employee—vlan
3200 dynamic employee—vlan
ARP inspection pass
-------------------- ---------------------
7 5
10 10
12 12
ge-0/0/1
Copyright © 2010, Juniper Networks, Inc.
Interface
---------
ge-0/0/1.0
ge-0/0/1.0
ge-0/0/2.0
ge-0/0/2.0
ge-0/0/2.0
ge-0/0/2.0
show dhcp
ARP inspection failed
2
0
0
and five packets from
4 with the default action