Table of Contents
Advertisement
Overview and Topology
Table 403: Components of the Port Security Topology
Properties
Switch hardware
VLAN name and ID
VLAN subnets
Interfaces in
employee-vlan
Copyright © 2010, Juniper Networks, Inc.
Ethernet LANs are vulnerable to address spoofing and DoS attacks on network devices.
This example describes how to protect the switch from an attack on the Ethernet
switching table that causes the table to overflow and thus forces the switch to broadcast
all messages.
This example shows how to configure port security features on an EX3200-24P switch.
The switch is connected to a DHCP server.
The setup for this example includes the VLAN
for creating that VLAN is described in the topic "Example: Setting Up Bridging with Multiple
VLANs for EX Series Switches" on page 1532. That procedure is not repeated here. Figure
76 on page 3081 illustrates the topology for this example.
Figure 76: Network Topology for Basic Port Security
The components of the topology for this example are shown in Table 403 on page 3081.
Settings
One EX3200-24P, 24 ports (8 PoE ports)
employee-vlan
192.0.2.16/28
192.0.2.17
192.0.2.31
ge-0/0/1
Chapter 100: Examples: Port Security Configuration
employee-vlan
, tag
20
through
192.0.2.30
is subnet's broadcast address
,
,
,
ge-0/0/2
ge-0/0/3
ge-0/0/8
on the switch. The procedure
3081
Advertisement
Chapters
Table of Contents
Troubleshooting
