Table of Contents
Advertisement
Overview and Topology
Copyright © 2010, Juniper Networks, Inc.
Before you configure DHCP snooping and DAI, two port security features, to mitigate ARP
spoofing attacks, be sure you have:
Connected the DHCP server to the switch.
Configured the VLAN
employee-vlan
Ethernet LANs are vulnerable to address spoofing and DoS attacks on network devices.
This example describes how to protect the switch against one common type of attack,
an ARP spoofing attack.
In an ARP spoofing attack, the attacker sends faked ARP messages, thus creating various
types of mischief on the LAN—for example, the attacker might launch a man-in-the
middle attack.
This example shows how to configure port security features on an EX3200-24P switch
that is connected to a DHCP server. The setup for this example includes the VLAN
on the switch. The procedure for creating that VLAN is described in the
employee-vlan
topic "Example: Setting Up Bridging with Multiple VLANs for EX Series Switches" on
page 1532. That procedure is not repeated here. Figure 79 on page 3091 illustrates the topology
for this example.
Figure 79: Network Topology for Basic Port Security
The components of the topology for this example are shown in Table 406 on page 3092.
Chapter 100: Examples: Port Security Configuration
on the switch.
3091
Advertisement
Chapters
Table of Contents
Troubleshooting
