Hello Community,
I have some questions regarding Port Security features on EX-Series devices.
I want to bind one specific MAC-Address to one interface. Only the one device with the configured MAC-Address should be able to access the network.
I have tried the following configuration:
ge-0/0/2 {
unit 0 {
accept-source-mac {
mac-address xx:xx:xx:xx:xx:xx; (xx:xx ... its just a placeholder, I have configured the correct MAC)
}
family ethernet-switching {
vlan {
members client_23;
}
storm-control default;
}
}
}
This configuration works, if I give the client a static IP. If I configure the client for dhcp it gets an APIPA.
Do I have to configure more, so that DHCP works too?
-----------------------------------------------------
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/understanding_and_using_persistent_mac_learning.html
In addition to that I tried "Sticky Mac/Persistent MAC Learning". Here is the configuration I used:
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members client_23;
}
storm-control default;
}
}
}
...
switch-options {
interface ge-0/0/2.0 {
interface-mac-limit {
1;
packet-action drop;
}
persistent-learning;
}
}
After this configuration the Switch stores only the one MAC from the connected device. But still, DHCP does not work and a static IP works.
Device informations:
EX2300-24t
Junos Version 15.1 x53 d58
Best regards and thank you,
Julian