{"id":831,"date":"2017-09-26T01:29:17","date_gmt":"2017-09-25T18:29:17","guid":{"rendered":"https:\/\/trichev.com\/blog\/?p=831"},"modified":"2018-02-10T04:32:58","modified_gmt":"2018-02-09T21:32:58","slug":"juniper-junos-os-ex-4300-series-ethernet-switch-port-security","status":"publish","type":"post","link":"https:\/\/trichev.com\/blog\/2017\/09\/26\/juniper-junos-os-ex-4300-series-ethernet-switch-port-security\/","title":{"rendered":"Juniper Junos OS EX 4300 Series Ethernet Switch Port Security"},"content":{"rendered":"<p><strong>Interface configuration <\/strong><br \/>\n<code>set switch-options interface ge-2\/0\/17.0 interface-mac-limit 1<br \/>\nset switch-options interface ge-2\/0\/17.0 interface-mac-limit packet-action drop-and-log<br \/>\nset switch-options interface ge-2\/0\/17.0 persistent-learning<\/code><\/p>\n<p><strong>Clear specific interface MAC database<\/strong><br \/>\n<code>run clear ethernet-switching table interface ge-2\/0\/17.0<\/code><br \/>\n<code>delete switch-options interface ge-2\/0\/17.0<\/code><\/p>\n<p><strong>Troubleshooting and verification<\/strong><br \/>\n<code>show interfaces ge-2\/0\/17 detail<br \/>\nshow ethernet-switching interface ge-2\/0\/17<br \/>\nshow ethernet-switching interface ge-2\/0\/17.0 brief<\/code><\/p>\n<p><code>show configuration switch-options interface ge-2\/0\/17.0<\/code><\/p>\n<pre><code>interface-mac-limit {\r\n    3;\r\n    packet-action drop-and-log;\r\n}\r\npersistent-learning;\r\n\r\nshow ethernet-switching table interface ge-2\/0\/17.0\r\n\r\nMAC database for interface ge-2\/0\/17.0\r\n\r\nMAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static\r\n           SE - statistics enabled, NM - non configured MAC, R - remote PE MAC)\r\n\r\nEthernet switching table : 73 entries, 73 learned\r\nRouting instance : default-switch\r\n    Vlan                MAC                 MAC         Age    Logical\r\n    name                address             flags              interface\r\n    vlan.110            01:12:23:34:45:56   P             -   ge-2\/0\/17.0\r\n    vlan.110            56:45:34:23:12:01   P             -   ge-2\/0\/17.0\r\n    vlan.110            23:12:01:56:45:34   P             -   ge-2\/0\/17.0\r\n\r\nshow ethernet-switching table | match \"01:12:23:34:45:56\"\r\n\r\nvlan.110            01:12:23:34:45:56   P             -   ge-2\/0\/17.0\r\n\r\nshow ethernet-switching table | match \"ge-2\/0\/17.0\"\r\n    vlan.110            01:12:23:34:45:56   P             -   ge-2\/0\/17.0\r\n    vlan.110            56:45:34:23:12:01   P             -   ge-2\/0\/17.0\r\n    vlan.110            23:12:01:56:45:34   P             -   ge-2\/0\/17.0\r\n\r\nshow ethernet-switching interface ge-2\/0\/17.0\r\nRouting Instance Name : default-switch\r\nLogical Interface flags (DL - disable learning, AD - packet action drop,\r\n                         LH - MAC limit hit, DN - interface down,\r\n                         SCTL - shutdown by Storm-control )\r\n\r\nLogical             Vlan          TAG     MAC         STP               Logical              Tagging\r\ninterface           members               limit       state             interface flags\r\nge-2\/0\/17.0                               3                                AD,LH              untagged\r\n                    vlan.110      110     65535       Forwarding                              untagged\r\n\r\nshow log messages | match ge-2\/0\/17\r\n\r\n<\/code><\/pre>\n<p>Link:<br \/>\n<a href=\"https:\/\/forums.juniper.net\/t5\/Ethernet-Switching\/EX4300-Port-Security-MAC-Limiting-Allowed-MAC-amp-ELS\/td-p\/308978\">https:\/\/forums.juniper.net\/t5\/Ethernet-Switching\/EX4300-Port-Security-MAC-Limiting-Allowed-MAC-amp-ELS\/td-p\/308978<\/a><br \/>\n<a href=\"http:\/\/www.juniper.net\/documentation\/en_US\/junos10.2\/topics\/task\/configuration\/port-security-cli.html\">http:\/\/www.juniper.net\/documentation\/en_US\/junos10.2\/topics\/task\/configuration\/port-security-cli.html<\/a><br \/>\n<a href=\"http:\/\/www.juniper.net\/documentation\/en_US\/junos\/information-products\/pathway-pages\/ex4300\/port-security.pdf\">http:\/\/www.juniper.net\/documentation\/en_US\/junos\/information-products\/pathway-pages\/ex4300\/port-security.pdf<\/a><br \/>\n<a href=\"https:\/\/www.juniper.net\/documentation\/en_US\/junos\/topics\/task\/verification\/port-security-qfx-series-mac-limiting.html\">https:\/\/www.juniper.net\/documentation\/en_US\/junos\/topics\/task\/verification\/port-security-qfx-series-mac-limiting.html<\/a><br \/>\n<a href=\"http:\/\/forums.juniper.net\/t5\/Junos\/Mac-Filtering-on-EX4200-JUNOS\/td-p\/48473\">http:\/\/forums.juniper.net\/t5\/Junos\/Mac-Filtering-on-EX4200-JUNOS\/td-p\/48473<\/a><br \/>\n<a href=\"https:\/\/networkengineering.stackexchange.com\/questions\/19181\/how-can-i-view-a-list-of-which-macs-an-interface-is-restricted-to-on-a-juniper-s\">https:\/\/networkengineering.stackexchange.com\/questions\/19181\/how-can-i-view-a-list-of-which-macs-an-interface-is-restricted-to-on-a-juniper-s<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Interface configuration set switch-options interface ge-2\/0\/17.0 interface-mac-limit 1 set switch-options interface ge-2\/0\/17.0 interface-mac-limit packet-action drop-and-log set switch-options interface ge-2\/0\/17.0 persistent-learning Clear specific interface MAC database run clear ethernet-switching table interface ge-2\/0\/17.0 delete switch-options interface ge-2\/0\/17.0 Troubleshooting and verification show interfaces ge-2\/0\/17 detail show ethernet-switching interface ge-2\/0\/17 show ethernet-switching interface ge-2\/0\/17.0 brief show configuration switch-options interface [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[231],"tags":[257,254,255,256,258,14,11],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/831"}],"collection":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/comments?post=831"}],"version-history":[{"count":7,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/831\/revisions"}],"predecessor-version":[{"id":856,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/831\/revisions\/856"}],"wp:attachment":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/media?parent=831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/categories?post=831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/tags?post=831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}