Switching

last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  Port Security Features on Branch SRX Firewall

    Posted 02-13-2013 04:04

    Hey experts::: I am using SRX240 on a customer sites. The device is functioning as a router ,providing statefull firewall features and IPSec beside using its layer 2 functionality. Now my requirement was to enable port security features like mac binding ARP-inspection and dhcp snooping.. I followed same procedure as we do in case of Ex series switches , done necessary configuration under edit Ethernet-switching-option hierarchy ..Here I could not get secure-access-port hierarchy by pressing tab. But is was available by manually typing secure-access-port .. (Junos was 10.2R3).. Anyway I did necessary configuration, When I typed the command show dhcp snooping binding to view the dhcp snooping database the following result appears ::The command does not support on SRX240b.. On second thought I upgraded junos to (11.4R6). Now, after entering configuration mode when I entered Ethernet-switching-option hierarchy secure-access-port was available on pressing tab. But on entering show under Ethernet-switching-option secure-access-port no configuration except (allowed mac) command is visible . The configuration like ARP-inspection and examine-dhcp was earlier  visible in Junos 10.2R3 . In Junos 11.4R6 only remarks were visible that #Statement not allowed

    Please offer your valueable comments

     

     



  • 2.  RE: Port Security Features on Branch SRX Firewall

    Posted 02-19-2013 17:36

    First order of note: The branch SRX Series do not support all of the Layer 2 switching features supported on the EX Series.

    Have you enabled and committed ethernet-switching on any interface as yet? I am not sure at this point if ethernet switching options is supported on the SRX. I did not get that from your post.

    Since you are already under the hierarchy Ethernet-switching-option secure-access-port ?

    Just use the question mark. If you type show, it will only show you what has been configured already but not what can be configured. You could also enter set ? to see the available options.

    I will do a little ore research later



  • 3.  RE: Port Security Features on Branch SRX Firewall

    Posted 02-22-2013 11:41

    Thanks for reply,,, actually in Junos 10. Ethernet-switching-option available but secure-access-port is not available ,, However by manually typing secure-access-port we can go to this hierarchy Ethernet-switching-option secure-access-port.. Here under this hierarchy we can configure arp-inspection and examine-dhcp no commit check and commit error. After upgrading Junos to 11.1 on same box under  Ethernet-switching-option secure-access-port command for examine-dhcp and arp-inspection are not valid

     

     

     



  • 4.  RE: Port Security Features on Branch SRX Firewall
    Best Answer

    Posted 02-24-2013 05:41

    Ok. Now final words layer 2 security features on Branch SRX. It support only these features allowed-macmac-limit   and persistent-learning  under hierarchy edit ethernet-switching-options secure-access-port. Branch SRX does not support arp-inspection and examine-dhcp as on Junos 11.4R6.6.

     

     

    A kudos is a good way of appreciation

    Please mark this as accepted solution if it works