Supported Platforms
Related Documentation
Configuring Port Security (J-Web Procedure)
To configure port security on an EX Series switch using the J-Web interface:
- Select Configure > Security > Port Security.
The VLAN List table lists all the VLAN names, VLAN identifiers, port members, and port security VLAN features.
The Interface List table lists all the ports and indicates whether security features have been enabled on the ports.
Note: After you make changes to the configuration in this page, you must commit the changes for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes for details about all commit options.
- Click one:
- Edit—Click this option to modify
the security features for the selected port or VLAN.
Enter information as specified in Table 1 to modify Port Security settings on VLANs.
Enter information as specified in Table 2 to modify Port Security settings on interfaces.
- Activate/Deactivate—Click this option to enable or disable security on the switch.
- Edit—Click this option to modify
the security features for the selected port or VLAN.
Table 1: Port Security Settings on VLANs
Field | Function | Your Action |
|---|---|---|
Enable DHCP Snooping on VLAN | Allows the switch to monitor and control DHCP messages received from untrusted devices connected to the switch. Builds and maintains a database of valid IP addresses/MAC address bindings. (By default, access ports are untrusted and trunk ports are trusted.) | Select to enable DHCP snooping on a specified VLAN or all VLANs. Tip: For private VLANs (PVLANs), enable DHCP snooping on the primary VLAN. If you enable DHCP snooping only on a community VLAN, DHCP messages coming from PVLAN trunk ports are not snooped. |
Enable ARP Inspection on VLAN | Uses information in the DHCP snooping database to validate ARP packets on the LAN and protect against ARP cache poisoning. | Select to enable ARP inspection on a specified VLAN or all VLANs. (Configure any port on which you do not want ARP inspection to occur as a trusted DHCP server port.) |
MAC Movement | Specifies the number of times per second that a MAC address can move to a new interface. | Enter a number. The default is unlimited. |
MAC Movement Action | Specifies the action to be taken if the MAC move limit is exceeded. | Select one:
|
Table 2: Port Security on Interfaces
Field | Function | Your Action |
|---|---|---|
Trust DHCP | Specifies trusting DHCP packets on the selected interface. By default, trunk ports are dhcp-trusted. | Select to enable DHCP trust. |
MAC Limit | Specifies the number of MAC addresses that can be learned on a single Layer 2 access port. This option is not valid for trunk ports. | Enter a number. |
MAC Limit Action | Specifies the action to be taken if the MAC limit is exceeded. This option is not valid for trunk ports. | Select one:
|
Allowed MAC List | Specifies the MAC addresses that are allowed for the interface. | To add a MAC address:
|
