Junos
Highlighted
Junos

SRX DHCP - Filter by MAC address

‎02-22-2018 11:34 PM

SRX 240 is set to lease DHCP addresses.

Is there a setting that if the MAC address is not found on the list then don't lease an IP address?

 

Thank you.

3 REPLIES 3
Highlighted
Junos

Re: SRX DHCP - Filter by MAC address

‎02-22-2018 11:50 PM
Highlighted
Junos
Solution
Accepted by topic author JJJCR
‎02-25-2018 10:48 PM

Re: SRX DHCP - Filter by MAC address

[ Edited ]
‎02-23-2018 12:15 AM

JJJCR,

 

Or you could also filter the MAC at the interface by allowing all/only known MAC.

So allow only the known MAC(s) and rest all should be filtered.

 

 

lab@SRX240# set ethernet-switching-options secure-access-port interface ge-0/0/2 ?
Possible completions:
+ allowed-mac Allowed MAC address on this interface
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> mac-limit Number of MAC addresses allowed on this interface
persistent-learning Enable persistent MAC learning on this interface
[edit]

 

[edit ethernet-switching-options secure-access-port]

>set interface ge–0/0/2 allowed-mac xx:xx:xx:xx:xx:xx

>set interface ge–0/0/2 allowed-mac yy:yy:yy:yy:yy:yy
> set interface ge–0/0/2 allowed-mac zz:zz:zz:zz:zz:zz

 

 

 

/Karan Dhanak
Highlighted
Junos

Re: SRX DHCP - Filter by MAC address

‎02-25-2018 10:48 PM

Thanks, Karan. I guess setting the MAC statically should be okay.

Of course, the only issue is new devices has to be enrolled manually.