JJJCR,
Or you could also filter the MAC at the interface by allowing all/only known MAC.
So allow only the known MAC(s) and rest all should be filtered.
lab@SRX240# set ethernet-switching-options secure-access-port interface ge-0/0/2 ?
Possible completions:
+ allowed-mac Allowed MAC address on this interface
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> mac-limit Number of MAC addresses allowed on this interface
persistent-learning Enable persistent MAC learning on this interface
[edit]
[edit ethernet-switching-options secure-access-port]
>set interface ge–0/0/2 allowed-mac xx:xx:xx:xx:xx:xx
>set interface ge–0/0/2 allowed-mac yy:yy:yy:yy:yy:yy
> set interface ge–0/0/2 allowed-mac zz:zz:zz:zz:zz:zz