Navigation
Supported Platforms
Related Documentation
- EX Series, QFabric System, QFX Series standalone switches
- Example: Configuring Basic Port Security Features
- Verifying That a Trusted DHCP Server Is Working Correctly
- Enabling a Trusted DHCP Server (CLI Procedure)
- EX Series
- Verifying That MAC Limiting Is Working Correctly
- EX Series, QFX Series standalone switches
- Configuring MAC Limiting (CLI Procedure)
Troubleshooting Port Security
Troubleshooting issues for port security on EX Series switches:
MAC Addresses That Exceed the MAC Limit or MAC Move Limit Are Not Listed in the Ethernet Switching Table
Problem
You see log messages telling you that the MAC limit or MAC move limit has been exceeded, but the specific offending MAC addresses that have been exceeding the limit are not listed in the Ethernet switching table.
Solution
- Set the MAC limit or MAC move limit action to log.
[edit ethernet-switching-options secure-access port]
user@switch# set interface ge-0/0/2 mac-limit (Access Port Security) 5 action log - Allow some MAC address requests to come in.
- View the entries in the Ethernet switching table:
user@switch> show ethernet-switching table
Multiple DHCP Server Packets Have Been Received on Untrusted Interfaces
Problem
You see log messages that DHCP server packets were received on an untrusted interface—for example:
5 untrusted DHCPOFFER received, interface ge-0/0/0.0[65], vlan v1[10] server ip/mac 12.12.12.1/00:00:00:00:01:12 offer ip/client mac 12.12.12.253/00:AA:BB:CC:DD:01
These messages can signal the presence of a malicious DHCP server on the network.
Solution
Configure a firewall filter to block the IP address or MAC address of the malicious DHCP server. See Configuring Firewall Filters (CLI Procedure).
Related Documentation
- EX Series, QFabric System, QFX Series standalone switches
- Example: Configuring Basic Port Security Features
- Verifying That a Trusted DHCP Server Is Working Correctly
- Enabling a Trusted DHCP Server (CLI Procedure)
- EX Series
- Verifying That MAC Limiting Is Working Correctly
- EX Series, QFX Series standalone switches
- Configuring MAC Limiting (CLI Procedure)
Published: 2014-04-23
Supported Platforms
Related Documentation
- EX Series, QFabric System, QFX Series standalone switches
- Example: Configuring Basic Port Security Features
- Verifying That a Trusted DHCP Server Is Working Correctly
- Enabling a Trusted DHCP Server (CLI Procedure)
- EX Series
- Verifying That MAC Limiting Is Working Correctly
- EX Series, QFX Series standalone switches
- Configuring MAC Limiting (CLI Procedure)
