Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Port Security (J-Web Procedure)

Note:

This topic applies only to the J-Web Application package.

To configure port security on an EX Series switch using the J-Web interface:

  1. Select Configure > Security > Port Security.

    The VLAN List table lists all the VLAN names, VLAN identifiers, port members, and port security VLAN features.

    The Interface List table lists all the ports and indicates whether security features have been enabled on the ports.

    Note:

    After you make changes to the configuration on this page, you must commit the changes for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes for details about all commit options.

  2. Click one of the following options:

    • Edit—Click this option to modify the security features for the selected port or VLAN.

      Enter information as specified in Table 1 to modify port security settings on VLANs.

      Enter information as specified in Table 2 to modify port security settings on interfaces.

    • Activate/Deactivate—Click this option to enable or disable security on the switch.

Table 1: Port Security Settings on VLANs

Field

Function

Your Action

General tab

Enable DHCP Snooping on VLAN

Allows the switch to monitor and control DHCP messages received from untrusted devices connected to the switch. Builds and maintains a database of valid IP addresses/MAC address bindings. (By default, access ports are untrusted and trunk ports are trusted.)

Select to enable DHCP snooping on a specified VLAN or all VLANs.

Tip:

For private VLANs (P-VLANs), enable DHCP snooping on the primary VLAN. If you enable DHCP snooping only on a community VLAN, DHCP messages coming from P-VLAN trunk ports are not snooped.

Enable ARP Inspection on VLAN

Uses information in the DHCP snooping database to validate ARP packets on the LAN and protect against ARP cache poisoning.

Select to enable ARP inspection on a specified VLAN or all VLANs. (Configure any port on which you do not want ARP inspection to occur as a trusted DHCP server port.)

MAC movement

Number of MAC movements allowed on the given VLAN.

Enter a number. The default is unlimited.

MAC movement action

Specifies the action to be taken if the MAC movement limit is exceeded.

Select one of the following options:

  • log—Generate a system log entry, an SNMP trap, or an alarm.

  • drop—Drop the packets and generate a system log entry, an SNMP trap, or an alarm (default).

  • shutdown—Shut down the VLAN and generate an alarm. You can mitigate the effect of this option by configuring autorecovery from the disabled state and specifying a disable timeout value. See Configuring Autorecovery for Port Security Events.

  • none—Take no action.
Table 2: Port Security on Interfaces

Field

Function

Your Action

Trust DHCP

Specifies trusting DHCP packets on the selected interface. By default, trunk ports are dhcp-trusted.

Select to enable DHCP trust.

MAC Limit

Specifies the number of MAC addresses that can be learned on a single Layer 2 access port. This option is not valid for trunk ports.

Enter a number.

MAC Limit Action

Specifies the action to be taken if the MAC limit is exceeded. This option is not valid for trunk ports.

Select one of the following:

  • log—Generate a system log entry, an SNMP trap, or an alarm.

  • drop—Drop the packets and generate a system log entry, an SNMP trap, or an alarm. (Default)

  • shutdown—Shut down the interface and generate an alarm. You can mitigate the effect of this option by configuring autorecovery from the disabled state and specifying a disable timeout value. See Configuring Autorecovery for Port Security Events

  • none—Take no action.

Allowed MAC List

Specifies the MAC addresses that are allowed for the interface.

To add a MAC address:

  1. Click Add.

  2. Enter the MAC address.

  3. Click OK.

Related Documentation