JUNOS_Dynamic ARP Inspection
DHCP Snoopingをやったのでついでに
まずはCiscoのConfigから
[DHCP SV]----vlan100----[gi0/1][Cat3750][gi0/2]----vlan200----[gi0/1][Cat3750][gi0/2]----vlan200----[PC]
まずは、赤字部分のCiscoのConfig
!
ip arp inspection vlan 200
!
ip dhcp snooping vlan 200
no ip dhcp snooping information option
ip dhcp snooping
!
!
interface FastEthernet0
ip address 192.168.2.155 255.255.255.0
!
interface GigabitEthernet1/0/1
switchport access vlan 200
switchport mode access
ip arp inspection trust
ip dhcp snooping trust
!
interface GigabitEthernet1/0/2
switchport access vlan 200
switchport mode access
!
今度はJUNOS
[DHCP SV]----vlan100----[gi0/1][EX2200][gi0/2]----vlan200----[gi0/1][EX2200][gi0/2]----vlan200----[PC]
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members v200
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members v200set ethernet-switching-options secure-access-port interface ge-0/0/0.0 dhcp-trusted
set ethernet-switching-options secure-access-port vlan v200 arp-inspection
set ethernet-switching-options secure-access-port vlan v200 examine-dhcpset vlans v200 vlan-id 200
IP SourceGuardはまぁ、
