Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
I have some ex2200 switches running 12.3. What is recommended practice for securing the switch such that unauthorised switches, WAPs, routers will be locked out if connected? ie; only permit end user devices.
Best resource for this is the free Day One book Hardening Junos Devices. The quick fix would be to concentrate on the firewall filter section that locks down access and ports on the switches for management.
http://forums.juniper.net/t5/Day-One-Books/NEW-This-Week-Hardening-Junos-Devices-Second-Edition/ba-p/117366
Hi,
I believe there could be a couple of options:
1. Basic port security
https://www.juniper.net/documentation/en_US/junos12.3/topics/example/port-security-configuring.html
2. Network Access Control [802.1x]
3. To protect against connection of switches on access ports - STP BPDU protection.
Cheers,
Ashvin
Thank you that was most helpful. One question regarding the use of mac count limiting - ie; set interface ge-0/0/2 mac-limit 4 - if i use this on an interface range rather than a single port, does it apply the specified limit to each port in the range? Or does the limit apply to all ports combined in the range?
Groups are a short cut to apply configuration to each interface via the single group section. So each interface will behave as if you configured them separately.
As Steve says each interface will inherit the config from the interface-range.
You could check this using:
> show configuration interfaces x/x/x | display inheritance