[j-nsp] Maximum no. of static arp entries in M7i
Nalkhande Tarique Abbas
ntarique at juniper.net
Fri Jun 26 02:53:21 EDT 2009
Samit
Something similar to limit source-mac should help...you can try to fine
tune it further!
lab at M120# show interfaces ge-1/3/0
encapsulation flexible-ethernet-services;
gigether-options { <===
source-filtering;
}
}
....
....
....
vlan-id 1001;
encapsulation vlan-vpls
accept-source-mac {
mac-address 00:17:9a:00:73:91; <===
Thanks & Regards,
Tarique
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Samit
Sent: Friday, June 26, 2009 10:50 AM
To: Patrik Olsson
Cc: juniper-nsp
Subject: Re: [j-nsp] Maximum no. of static arp entries in M7i
In a static IP address allocation to the customers scenario, is there
any other way other to discourage the users to abuse another subscribers
IP or MAC address and access/abuse the internet in a L2 switched network
(wire/wireless) where you do not have capabilities to control this from
a switch port?
Currently am using linux router and doing IP+Mac filtering using
iptables, and now wondering if I can replace it with Juniper M7i do the
same but I believe it is not possible to run such filtering.
Samit
Patrik Olsson wrote:
> Out of sheer curiosity, why static arp:s?
>
> Patrik
>
>> Hi,
>>
>> Any idea how many no. of static arp entries M7i interfaces/junos will
>> accept and work?
>>
>> interfaces ge-1/3/0 {
>> unit 0 {
>> family inet {
>> address 192.168.0.1/24 {
>> arp 192.168.0.2 mac 00:17:f2:cb:89:43;
>> }
>> }
>> }
>> }
>>
>> Regards,
>> Samit
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list