Port security in Junos
Hello chaps,
I have looked everywhere for help on this but I just have not had any luck! Is there a way to do sticky mac address learning with port security in Junos? I'm hooking up a bunch of linux servers with bonded interfaces to an EX4200 and would prefer to use the sticky learning with a MAC address limit on each port set to 1 rather than typing in each one (if I was a contracter I might say different
). Anyone know if this is possible? The swithces are running release 10.4 if that helps.
Thanks
I have looked everywhere for help on this but I just have not had any luck! Is there a way to do sticky mac address learning with port security in Junos? I'm hooking up a bunch of linux servers with bonded interfaces to an EX4200 and would prefer to use the sticky learning with a MAC address limit on each port set to 1 rather than typing in each one (if I was a contracter I might say different
). Anyone know if this is possible? The swithces are running release 10.4 if that helps.Thanks
Comments
-
unclerico
Member Posts: 237 ■■■■□□□□□□
I haven't been able to find that feature. I know a while back I was searching for product enhancements for such things as this feature as well as making their interface-range command behave more like Cisco and it sounded like these were going to be put into 11.x but it doesnt look good...I hate the way they have implemented some of these "features" but man do I love their gear...Preparing for CCIE Written -
Ryan82
Member Posts: 428
Yeah I couldn't find anything either, looks like you are stuck hardcoding it. What an administrative headache. I haven't dealt with Juniper switches, only routers. Overall I still really like Juniper and find that I say "Cisco should be doing this" a lot more than I say the other way around. -
lrb
Member Posts: 526
Ah well, thanks for trying guys. It's more annoying than anything else, but I've got a heap of the switches done today at work ready for deployment later this week.
Before these switches arrived, I've only really touched SRX and J series devices... and boy do I love how Junos does security policies! -
buzzkil
Member Posts: 13 ■□□□□□□□□□
Mac limiting can be done on the EX switches.
set ethernet-switching-options secure-access-port <interface> mac-limit <number> action <drop, log, none, shutdown>
Think that's what you're looking for at least.. -
unclerico
Member Posts: 237 ■■■■□□□□□□
The OP is looking for the ability to dynamically make MAC addresses sticky as opposed to having to manually enter them.Preparing for CCIE Written
-
buzzkil
Member Posts: 13 ■□□□□□□□□□
Stick MACs are now supported in JUNOS 11.4.
Understanding Persistent MAC Learning (Sticky MAC) - Technical Documentation - Support - Juniper Networks -
buzzkil
Member Posts: 13 ■□□□□□□□□□
Link for configuration examples:
Configuring Persistent MAC Learning (CLI Procedure) - Technical Documentation - Support - Juniper Networks -
lrb
Member Posts: 526
Stick MACs are now supported in JUNOS 11.4.
Understanding Persistent MAC Learning (Sticky MAC) - Technical Documentation - Support - Juniper Networks
Oh that is great news! Thanks so much mate -
SajanCK
Registered Users Posts: 1 ■□□□□□□□□□
Apply security:
ethernet-switching-options {
secure-access-port {
interface ge-0/0/X.0 {
mac-limit 2 action shutdown;
persistent-learning;
}
Removal of Security:
login as root(or super user ?),
user@hostname> clear ethernet-switching port-error interface ge-0/0/x
x= portnumber.
