[j-nsp] Maximum no. of static arp entries in M7i

Mon Jun 29 14:20:49 EDT 2009

So, do you think if i acquire IQ2 Pic should I be able to insert
thousands of filter lines like below:

/sbin/iptables -i eth2 -m mac --mac-source 00:60:47:40:f0:72 -s
192.168.0.1/24 -m limi
t --limit 100/second -j ACCEPT

Regards,
Samit

Patrik Olsson wrote:
> Hello,
> 
> Too bad!
> With IQ2 PIC and possibly ISE features on an I chip upgraded M series
> you probably could have fixed it without static ARP:s
> 
> Cheers
> Patrik
> 
> 
> Samit wrote:
>> Hi Tarique,
>>
>> Thanks, but I am not running mpls/vpls nor do I have a IQ pic.
>>
>> Regards,
>> Samit
>>
>>
>> Nalkhande Tarique Abbas wrote:
>>> Samit
>>>
>>> Something similar to limit source-mac should help...you can try to fine
>>> tune it further!
>>>
>>>
>>> lab at M120# show interfaces ge-1/3/0
>>> encapsulation flexible-ethernet-services;
>>> gigether-options {   <=== 
>>>     source-filtering;
>>>
>>> }
>>>
>>>  }
>>> ....
>>> ....
>>> ....
>>>
>>> vlan-id 1001;
>>> encapsulation vlan-vpls
>>> accept-source-mac {
>>>        mac-address 00:17:9a:00:73:91; <===
>>>
>>>
>>>
>>>
>>>  
>>> Thanks & Regards,
>>> Tarique 
>>>
>>> -----Original Message-----
>>> From: juniper-nsp-bounces at puck.nether.net
>>> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Samit
>>> Sent: Friday, June 26, 2009 10:50 AM
>>> To: Patrik Olsson
>>> Cc: juniper-nsp
>>> Subject: Re: [j-nsp] Maximum no. of static arp entries in M7i
>>>
>>> In a static IP address allocation to the customers scenario, is there
>>> any other way other to discourage the users to abuse another subscribers
>>> IP or MAC address and access/abuse the internet in a L2 switched network
>>> (wire/wireless) where you do not have capabilities to control this from
>>> a switch port?
>>>
>>> Currently am using linux router and doing IP+Mac filtering using
>>> iptables, and now wondering if I can replace it with Juniper M7i do the
>>> same but I believe it is not possible to run such filtering.
>>>
>>> Samit
>>>
>>> Patrik Olsson wrote:
>>>> Out of sheer curiosity, why static arp:s?
>>>>
>>>> Patrik
>>>>
>>>>> Hi,
>>>>>
>>>>> Any idea how many no. of static arp entries M7i interfaces/junos will
>>>>> accept and work?
>>>>>
>>>>> interfaces ge-1/3/0 {
>>>>>     unit 0 {
>>>>>         family inet {
>>>>>             address 192.168.0.1/24 {
>>>>>                 arp 192.168.0.2 mac  00:17:f2:cb:89:43;
>>>>>             }
>>>>>         }
>>>>>     }
>>>>> }
>>>>>
>>>>> Regards,
>>>>> Samit
>>>>> _______________________________________________
>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 