Chapter 9. Port Security and Access Control

Security is a serious concern for any modern network. Juniper Networks EX switches facilitate a rich set of security architectures through a range of Layer 2 security features that allow you to harden and secure the switched portions of your network. By adding JUNOS Layer 3 security features as described in Chapter 8, you can use the same EX switches to secure the routed portions of your network. The ability to combine Layer 2 and Layer 3 security features within the same box without a substantial impact to performance is a significant benefit provided by the JUNOS heritage enjoyed by the EX line.

The topics covered in this chapter include:

  • Layer 2 security overview

  • Media Access Control (MAC) limiting, Dynamic Host Configuration Protocol (DHCP) snooping, and dynamic ARP inspection (DAI)

  • IEEE 802.1X port security

Layer 2 Security Overview

Layer 2 networks can present some unique security challenges, especially for those who are already familiar with IP technologies and common security approaches used for IP-based networks. IP security tends to begin at Layer 3, and carry on into the upper transport and even application layers to provide deep packet inspection and related services such as firewall and Network Address Translation/Port Address Translation (NAT/PAT). In contrast, a Layer 2 network can transport any number of upper-layer protocols, which may or may not include IP. Further, by definition a Layer 2 device may not even be able to ...

Get JUNOS Enterprise Switching now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.