Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

any equivalent to secure-access-port in ELS ?

  • 1.  any equivalent to secure-access-port in ELS ?

    Posted 05-09-2021 17:35
    I came across the following:
    set ethernet-switching-options secure-access-port interface ge-0/0/0.0 allowed-mac 00:23:23:aa:bb:01

    Any equivalent to this in ELS ?

    thanks !!


  • 2.  RE: any equivalent to secure-access-port in ELS ?

    Posted 05-10-2021 01:03
    https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/topic-map/understanding_and_using_persistent_mac_learning.html
    this is what you are looking for.


  • 3.  RE: any equivalent to secure-access-port in ELS ?

    Posted 05-11-2021 12:17
    thanks a lot !!

    But I think there is some difference between them.
    set ethernet-switching-options secure-access-port interface ge-0/0/0.0 allowed-mac 00:23:23:aa:bb:01
    This only allows the specified MAC.

    but persistent learning just sticks the first learnt MAC to the port. not customized specified.

    Right now, if I want to achieve the first one, I use the firewall filter
    set interfaces xe-0/0/4 unit 0 family ethernet-switching filter input allowMAC
    set firewall family ethernet-switching filter allowMAC term 1 from source-mac-address aa:bb:cc:00:a0:00/48
    set firewall family ethernet-switching filter allowMAC term 1 then accept
    set firewall family ethernet-switching filter allowMAC term 2 then discard
    ​

    I am wondering any simple approach like the above in ELS.