Hello,
I'm trying to find a way to setup basic port security feature mostly available on
switches from different vendors.
I need to restrict server connected to EX3200 switch port to use only certain IP address
range. I assume it would be reasonable to create static binding and apply to the
interface like below:
[edit ethernet-switching-options secure-access-port]
interface ge-0/0/0.0 {
static-ip 10.10.10.11 vlan 10 mac 00:25:90:77:00:4a;
static-ip 10.10.10.12 vlan 10 mac 00:25:90:77:00:4a;
static-ip 10.10.10.13 vlan 10 mac 00:25:90:77:00:4a;
}
The configuration above is incorrect - there is an error appears once 'commit check'
executed:
Duplicate VLAN/MAC address : dedicated/00:25:90:77:00:4a
error: configuration check-out failed
I have no DHCP server in this network and prefer to maintain dhcp-snooping database
required for ip source-guard feature to work, which should have static MAC-IP address
bindings only.
However it looks like this is impossible to bind more than one IP address to the same
MAC address with Junos for EX.
Please suggest how this configuration could be implemented? How could i use ip source
guard (if this is possible at all) for more than one IP bound to the same MAC address?
Regards,
Dima