Versions Compared

Old Version 5

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version 6

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Configure port security features, including MAC limiting,

dynamic ARP inspection, whether interfaces can receive DHCP responses, DHCP snooping, IP source guard, DHCP option 82, MAC move limiting, and FIP snooping.


MAC Spoofing/ Flooding
Mac learning limit

set switch-options Finance-users interface-mac-limit 2

set switch-options Finance-users interface-mac-limit 2 packet-action shutdown

or

set switch-options Finance-users interface-mac-limit 2 packet-action drop-and-log

drop any pack from new mac address

or @ VLAN Level

set vlans IT-Ops switch-options Finance-users interface-mac-limit 2 packet-action drop-and-log


switch-options ( preferred ) > vlans switch-options


Mac Move Limit

set vlans IT_ops switch-options mac-move-limit 1 packet-action drop-and-log


mac-move-limit 1 ( per sec )



clear / automatic recovery:  recovery-timeout

set interface-range Finance-users unit 0 ethernet-switching recovery-timeout 1800 (sec / 30 mins )

set interface-range Finance-users unit 0 ethernet-switching mac-move-limit 1 packet-action drop-and-log



set interfaces ge-0/0/10 unit 0 accept-source-mac mac-address [host mac@ 


Persistent Learning


Rogue DHCP Server
DHCP Snooping


ARP poisoning / Spoofing
Dynamic ARP Inspection


...