SRX 240 is set to lease DHCP addresses.
Is there a setting that if the MAC address is not found on the list then don't lease an IP address?
Are you mapping static mac to ip?
Or you could also filter the MAC at the interface by allowing all/only known MAC.
So allow only the known MAC(s) and rest all should be filtered.
lab@SRX240# set ethernet-switching-options secure-access-port interface ge-0/0/2 ?Possible completions:+ allowed-mac Allowed MAC address on this interface+ apply-groups Groups from which to inherit configuration data+ apply-groups-except Don't inherit configuration data from these groups> mac-limit Number of MAC addresses allowed on this interface persistent-learning Enable persistent MAC learning on this interface
[edit ethernet-switching-options secure-access-port]
>set interface ge–0/0/2 allowed-mac xx:xx:xx:xx:xx:xx
>set interface ge–0/0/2 allowed-mac yy:yy:yy:yy:yy:yy> set interface ge–0/0/2 allowed-mac zz:zz:zz:zz:zz:zz
Thanks, Karan. I guess setting the MAC statically should be okay.
Of course, the only issue is new devices has to be enrolled manually.