Configuring IP Source Guard to Mitigate the Effects of Source IP Address Spoofing and Source MAC Address Spoofing
You can use the IP source guard access port security feature on MX Series routers to mitigate the effects of source IP address spoofing and source MAC address spoofing. If IP source guard determines that a host connected to an access interface has sent a packet with an invalid source IP address or source MAC address in the packet header, then IP source guard ensures that the switching device does not forward the packet—that is, the packet is discarded.
To configure IP source guard on a specific bridge domain by using the CLI:
Configure the IP source guard on a bridge domain:
[edit bridge-domains bridge-domain-name forwarding-options dhcp-security] user@device# set ip-source-guard (MX Series)
To configure IP source guard at the routing instance level by using the CLI:
Configure the IP source guard at the routing instance level:
[edit routing-instances ri-name bridge-domains bridge-domain-name forwarding-options dhcp-security] user@device# set ip-source-guard (MX Series)