I know this topic has been discussed a bit, but I wasn't able to find anything that addresses my particular question.
I'm wondering if there is any way to set up port security that behaves like Ciscco's implemetation. On a Cisco switch, we can configure the following lines:
interface g1/0/1
switchport port-security mac-address 3456.fea4.4a2b
switchport port-security
Which ensure that only this MAC address can connect to the port, and the port will go err-disabled if another MAC address is detected. From what I can tell, we can do something similar on an EX:
interfaces {
ge-0/0/1 {
description "ACCESS - ";
unit 0 {
accept-source-mac {
mac-address 34:56:fe:a4:4a:2b;
}
}
}
}
switch-options {
interface ge-0/0/1.0 {
interface-mac-limit {
1;
packet-action shutdown;
}
persistent-learning;
}
}
The "accept-source-mac" line does a fairly good job, but I couldn't find a way for that on its own to alert on a MAC that doesn't conform, it seems to just silently drop frames from MAC addresses not in the list given. Likewise, the switch-options config will simply shut the port down if more than 1 MAC address is detected at a time. If only 1 MAC address that wasn't in the "accept-source-mac" list connected, however, it would not alert but the switch would silently discard frames from it.
Is there any way to either have the port shut down and alert on the actual MAC address being different, or to query some sort of log somewhere that mentions MAC addresses that aren't in the "accept-source-mac" list that are trying to communicate?