This section describes EX support for MAC limits, DHCP snooping, and DAI. It should be noted that the configuration examples and subsequent verification steps are based on a lab topology that differs from that used elsewhere in this book. This is because of the need for a RADIUS server with support for 802.1X extensions, and the desire for a command-line 802.1X supplicant (client) to help demonstrate details of the protocol’s operation. Figure 9-1 details the Layer 2 security topology.

Figure 9-1. Layer 2 security topology

Of note in Figure 9-1 is the use of a Linux-based client and a RADIUS/DCHP server named client5-lnx and iop-lnx, respectively. In this case, the prefix iop is not really significant and simply differentiates this machine from other “operations” servers such as hop-lnx. The server is running Red Hat Enterprise Linux 5 with DHCP Server v3.0.5. The server also runs FreeRADIUS version 1.1.7, which offers support for 802.1X via support for EAP extensions. The client also runs Enterprise Linux 5, and makes use of the Open1X group’s Xsupplicant version 1.2.8 package for its supplicant functionality. The client also runs the Internet Systems Consortium DHCP Client v3.0.5 package for DHCP operation.

The Device Under Test (DUT) is an EX3200-24P platform called sys-java33 that’s running JUNOS Software Release 9.5R1. The majority of the functionality ...