底辺エンジニアの備忘録

30過ぎて、記憶力低下が著しい為、メモ代わりにしていく予定。 自身のスキルが低いので、内容の正確さは保障できません・・・OTL

JUNOS_Dynamic ARP Inspection

DHCP Snoopingをやったのでついでに

まずはCiscoのConfigから

 

[DHCP SV]----vlan100----[gi0/1][Cat3750][gi0/2]----vlan200----[gi0/1][Cat3750][gi0/2]----vlan200----[PC]

 

まずは、赤字部分のCiscoのConfig

 !
ip arp inspection vlan 200
!
ip dhcp snooping vlan 200
no ip dhcp snooping information option
ip dhcp snooping
!
!
interface FastEthernet0
ip address 192.168.2.155 255.255.255.0
!
interface GigabitEthernet1/0/1
switchport access vlan 200
switchport mode access
ip arp inspection trust
ip dhcp snooping trust
!
interface GigabitEthernet1/0/2
switchport access vlan 200
switchport mode access
!

 

今度はJUNOS

[DHCP SV]----vlan100----[gi0/1][EX2200][gi0/2]----vlan200----[gi0/1][EX2200][gi0/2]----vlan200----[PC]

set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members v200
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members v200

set ethernet-switching-options secure-access-port interface ge-0/0/0.0 dhcp-trusted
set ethernet-switching-options secure-access-port vlan v200 arp-inspection
set ethernet-switching-options secure-access-port vlan v200 examine-dhcp

set vlans v200 vlan-id 200

 

 

IP SourceGuardはまぁ、