New Training: Configure Layer 2 Security on Junos
In this 12-video skill, CBT Nuggets trainer Knox Hutchinson explores and configures various security features on the Junos platform. Watch this new training.
Learn with one of these courses:
This training includes:
- 12 videos
- 1.3 hours of training
You’ll learn these topics in this skill:
- Introducing Layer 2 Security
- Do We Really Need it?
- DHCP Snooping
- MAC Address Limiting
- Other MAC Limiting Mechanisms
- Dynamic ARP Inspection
- IP Source Guard
- Storm Control
- Interface Firewall Filters
- VLAN Firewall Filters
- Summarizing Layer 2 Security
How DHCP Snooping Can Enhance Network Security On Juno Devices
DHCP Snooping helps prevent unwanted devices from accessing a business network. When DHCP snooping is enabled, untrusted devices are added to a DHCP snooping table. Only devices that can be verified that are added to this DHCP snooping table are able to access network resources.
DHCP snooping works directly on the switching device. This can be either a network switch or router. DHCP snooping works by these devices monitoring network traffic for DHCP requests. Once a DHCP request is made, the DHCP snooping client extracts the IP address and leasing information for that client from that DHCP request.
If clients choose to release their IP address, that device is then removed from the DHCP snooping table. Likewise, if a device travels across VLANs, the snooping table is updated with their new information (VLAN and/or IP address).
By default, all trunk ports on switching devices are trusted while access ports are considered untrusted.