Home / Juniper Enterprise Switching (JEX) – Lab Diagrams & Guides / Lab 4 : Implementing Port Security
Lab 4 : Implementing Port Security
This lab demonstrates basic configuration and monitoring tasks when implementing port security features on EX Series Ethernet Switches. In this lab, you will use the command-line interface (CLI) to configure and monitor various port security features.
EVE-NG Lab Topology
{{ LAB_DIAGRAM }}
Device Startup Configurations
Before starting your lab devices, apply the below startup configurations. You can add device startup configurations by clicking on the Startup-config menu option for EVE-NG.
If the device does not start with these configurations, you can right click on the device and select Wipe and the next boot of the device will read the startup-config settings.
vQFX-01 : Startup Config
Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
set system host-name vqfx-01
set system root-authentication encrypted-password "$1$KrovnU1S$AHV6IRreiZIuP4RA526TH0"
set system services ssh root-login allow
set system services netconf ssh
set system services rest http port 8080
set system services rest enable-explorer
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces xe-0/0/0 description "Switch Trunk Interface"
set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/1 description "Switch vQFX-03 Trunk Interface"
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/4 description "vPC VLAN 10"
set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 10
set interfaces em0 unit 0 family inet dhcp
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set interfaces irb unit 10 family inet address 10.0.10.1/24
set interfaces irb unit 20 family inet address 10.0.20.1/24
set forwarding-options storm-control-profiles default all
set protocols igmp-snooping vlan default
set protocols rstp bridge-priority 4k
set protocols rstp interface all
set vlans VLAN-10 vlan-id 10
set vlans VLAN-10 l3-interface irb.10
set vlans VLAN-20 vlan-id 20
set vlans VLAN-20 l3-interface irb.20
set vlans default vlan-id 1
set system host-name vqfx-01
set system root-authentication encrypted-password "$1$KrovnU1S$AHV6IRreiZIuP4RA526TH0"
set system services ssh root-login allow
set system services netconf ssh
set system services rest http port 8080
set system services rest enable-explorer
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces xe-0/0/0 description "Switch Trunk Interface"
set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/1 description "Switch vQFX-03 Trunk Interface"
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/4 description "vPC VLAN 10"
set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 10
set interfaces em0 unit 0 family inet dhcp
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set interfaces irb unit 10 family inet address 10.0.10.1/24
set interfaces irb unit 20 family inet address 10.0.20.1/24
set forwarding-options storm-control-profiles default all
set protocols igmp-snooping vlan default
set protocols rstp bridge-priority 4k
set protocols rstp interface all
set vlans VLAN-10 vlan-id 10
set vlans VLAN-10 l3-interface irb.10
set vlans VLAN-20 vlan-id 20
set vlans VLAN-20 l3-interface irb.20
set vlans default vlan-id 1
set system host-name vqfx-01 set system root-authentication encrypted-password "$1$KrovnU1S$AHV6IRreiZIuP4RA526TH0" set system services ssh root-login allow set system services netconf ssh set system services rest http port 8080 set system services rest enable-explorer set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces xe-0/0/0 description "Switch Trunk Interface" set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 10 set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 20 set interfaces xe-0/0/1 description "Switch vQFX-03 Trunk Interface" set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 10 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 20 set interfaces xe-0/0/4 description "vPC VLAN 10" set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 10 set interfaces em0 unit 0 family inet dhcp set interfaces em1 unit 0 family inet address 169.254.0.2/24 set interfaces irb unit 10 family inet address 10.0.10.1/24 set interfaces irb unit 20 family inet address 10.0.20.1/24 set forwarding-options storm-control-profiles default all set protocols igmp-snooping vlan default set protocols rstp bridge-priority 4k set protocols rstp interface all set vlans VLAN-10 vlan-id 10 set vlans VLAN-10 l3-interface irb.10 set vlans VLAN-20 vlan-id 20 set vlans VLAN-20 l3-interface irb.20 set vlans default vlan-id 1
vQFX-02 : Startup Config
Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
set system host-name vqfx-02
set system root-authentication encrypted-password "$1$Kfz7PEKs$lUYDMK/olBURdugO4BTmX0"
set system services ssh root-login allow
set system services netconf ssh
set system services rest http port 8080
set system services rest enable-explorer
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces xe-0/0/0 description "Switch Trunk Interface"
set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/2 description "Switch vQFX-03 Trunk Interface"
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/4 description "vPC VLAN 10"
set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 10
set interfaces em0 unit 0 family inet dhcp
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set forwarding-options storm-control-profiles default all
set protocols igmp-snooping vlan default
set protocols rstp bridge-priority 8k
set protocols rstp interface all
set vlans VLAN-10 vlan-id 10
set vlans VLAN-20 vlan-id 20
set vlans default vlan-id 1
set system host-name vqfx-02
set system root-authentication encrypted-password "$1$Kfz7PEKs$lUYDMK/olBURdugO4BTmX0"
set system services ssh root-login allow
set system services netconf ssh
set system services rest http port 8080
set system services rest enable-explorer
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces xe-0/0/0 description "Switch Trunk Interface"
set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/2 description "Switch vQFX-03 Trunk Interface"
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/4 description "vPC VLAN 10"
set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 10
set interfaces em0 unit 0 family inet dhcp
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set forwarding-options storm-control-profiles default all
set protocols igmp-snooping vlan default
set protocols rstp bridge-priority 8k
set protocols rstp interface all
set vlans VLAN-10 vlan-id 10
set vlans VLAN-20 vlan-id 20
set vlans default vlan-id 1
set system host-name vqfx-02 set system root-authentication encrypted-password "$1$Kfz7PEKs$lUYDMK/olBURdugO4BTmX0" set system services ssh root-login allow set system services netconf ssh set system services rest http port 8080 set system services rest enable-explorer set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces xe-0/0/0 description "Switch Trunk Interface" set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 10 set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 20 set interfaces xe-0/0/2 description "Switch vQFX-03 Trunk Interface" set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 10 set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 20 set interfaces xe-0/0/4 description "vPC VLAN 10" set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 10 set interfaces em0 unit 0 family inet dhcp set interfaces em1 unit 0 family inet address 169.254.0.2/24 set forwarding-options storm-control-profiles default all set protocols igmp-snooping vlan default set protocols rstp bridge-priority 8k set protocols rstp interface all set vlans VLAN-10 vlan-id 10 set vlans VLAN-20 vlan-id 20 set vlans default vlan-id 1
vQFX-03 : Startup Config
Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
set system host-name vqfx-03
set system root-authentication encrypted-password "$1$BAxsFi1m$RlgbFoOch2HXwtiiZsVcK/"
set system services ssh root-login allow
set system services netconf ssh
set system services rest http port 8080
set system services rest enable-explorer
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces xe-0/0/1 description "Switch vQFX-01 Trunk Interface"
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/2 description "Switch vQFX-02 Trunk Interface"
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/4 description "vPC VLAN 20"
set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/5 description "vPC VLAN 20"
set interfaces xe-0/0/5 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/5 unit 0 family ethernet-switching vlan members 20
set interfaces em0 unit 0 family inet dhcp
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set forwarding-options storm-control-profiles default all
set protocols igmp-snooping vlan default
set protocols rstp bridge-priority 32k
set protocols rstp interface xe-0/0/1 edge
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set vlans VLAN-10 vlan-id 10
set vlans VLAN-20 vlan-id 20
set vlans default vlan-id 1
set system host-name vqfx-03
set system root-authentication encrypted-password "$1$BAxsFi1m$RlgbFoOch2HXwtiiZsVcK/"
set system services ssh root-login allow
set system services netconf ssh
set system services rest http port 8080
set system services rest enable-explorer
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces xe-0/0/1 description "Switch vQFX-01 Trunk Interface"
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/2 description "Switch vQFX-02 Trunk Interface"
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 10
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/4 description "vPC VLAN 20"
set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 20
set interfaces xe-0/0/5 description "vPC VLAN 20"
set interfaces xe-0/0/5 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/5 unit 0 family ethernet-switching vlan members 20
set interfaces em0 unit 0 family inet dhcp
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set forwarding-options storm-control-profiles default all
set protocols igmp-snooping vlan default
set protocols rstp bridge-priority 32k
set protocols rstp interface xe-0/0/1 edge
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set vlans VLAN-10 vlan-id 10
set vlans VLAN-20 vlan-id 20
set vlans default vlan-id 1
set system host-name vqfx-03 set system root-authentication encrypted-password "$1$BAxsFi1m$RlgbFoOch2HXwtiiZsVcK/" set system services ssh root-login allow set system services netconf ssh set system services rest http port 8080 set system services rest enable-explorer set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces xe-0/0/1 description "Switch vQFX-01 Trunk Interface" set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 10 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members 20 set interfaces xe-0/0/2 description "Switch vQFX-02 Trunk Interface" set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 10 set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members 20 set interfaces xe-0/0/4 description "vPC VLAN 20" set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members 20 set interfaces xe-0/0/5 description "vPC VLAN 20" set interfaces xe-0/0/5 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/5 unit 0 family ethernet-switching vlan members 20 set interfaces em0 unit 0 family inet dhcp set interfaces em1 unit 0 family inet address 169.254.0.2/24 set forwarding-options storm-control-profiles default all set protocols igmp-snooping vlan default set protocols rstp bridge-priority 32k set protocols rstp interface xe-0/0/1 edge set protocols rstp interface all set protocols rstp bpdu-block-on-edge set vlans VLAN-10 vlan-id 10 set vlans VLAN-20 vlan-id 20 set vlans default vlan-id 1