vlan (Access Port Security)
Syntax
vlan (all | vlan-name) { (arp-inspection | no-arp-inspection) { forwarding-class class-name; } dhcp-option82 { circuit-id { prefix hostname; use-interface-description; use-vlan-id; } remote-id { prefix hostname | mac | none; use-interface-description; use-string string; } vendor-id <string>; } (examine-dhcp | no-examine-dhcp) { forwarding-class class-name; } (examine-dhcpv6 | no-examine-dhcpv6) { forwarding-class class-name; } examine-fip { fc-map fc-map-value; } (ip-source-guard | no-ip-source-guard); (ipv6-source-guard | no-ipv6-source-guard); mac-move-limit limit action (drop | log | none | shutdown); } (neighbor-discovery-inspection | no-neighbor-discovery-inspection); no-option37; }
Hierarchy Level
[edit ethernet-switching-options secure-access-port]
Description
Apply any of the following security options to a VLAN:
DHCP snooping
DHCPv6 snooping with DHCP option 37
DHCP option 82
Dynamic ARP inspection (DAI)
IPv6 neighbor discovery inspection
FIP snooping
IP source guard
IPv6 source guard
MAC move limiting
The remaining statements are explained separately. See CLI Explorer.
To display a list of all configured VLANs on the system, including VLANs that are configured but not committed, type ? after vlan or vlans in your configuration mode command line. Note that only one VLAN is displayed for a VLAN range.
Options
all—Apply the feature to all VLANs.
vlan-name—Apply the feature to the specified VLAN.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.0.
Support for the examine-dhcpv6, no-option37, neighbor-discovery-inspection, and ipv6-source-guard statements introduced in Junos OS Release 14.1x53-D10
for EX Series switches.