secure-access-port
Syntax
secure-access-port {
dhcp-snooping-file {
location local_pathname | remote_URL;
timeout seconds;
write-interval seconds;
}
dhcpv6-snooping-file {
location local_pathname | remote_URL;
timeout seconds;
write-interval seconds;
}
interface (all | interface-name) {
allowed-mac {
mac-address-list;
}
(dhcp-trusted | no-dhcp-trusted);
fcoe-trusted;
mac-limit limit action (drop | log | none | shutdown);
no-allowed-mac-log;
persistent-learning;
static-ipip-address {
vlan vlan-name;
mac mac-address;
}
static-ipv6ip-address {
vlan vlan-name;
mac mac-address;
}
voip-mac-exclusive;
(dhcp-trusted | no-dhcp-trusted);
}
vlan (all | vlan-name) {
(arp-inspection | no-arp-inspection) [
forwarding-class class-name;
}
dhcp-option82 {
circuit-id {
prefix hostname;
use-interface-description;
use-vlan-id;
}
remote-id {
prefix hostname | mac | none;
use-interface-description;
use-string string;
}
vendor-id <string>;
}
(examine-dhcp | no-examine-dhcp) {
forwarding-class class-name;
}
(examine-dhcpv6 | no-examine-dhcpv6) {
forwarding-class class-name;
}
examine-fip {
fc-map fc-map-value;
}
(ip-source-guard | no-ip-source-guard);
(ipv6-source-guard | no-ipv6-source-guard);
mac-move-limit limit action (drop | log | none | shutdown);
}
(neighbor-discovery-inspection | no-neighbor-discovery-inspection);
no-option37;
}
}
Hierarchy Level
[edit ethernet-switching-options]
Description
Configure port security features, including MAC limiting, dynamic ARP inspection, whether interfaces can receive DHCP responses, DHCP snooping, IP source guard, DHCP option 82, MAC move limiting, and FIP snooping.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
system—To view this statement in the configuration.system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.0.
Support for IPv6 introduced in Junos OS Release 14.1X53-D10 for EX Series switches.