Samit Something similar to limit source-mac should help...you can try to fine tune it further!
l...@m120# show interfaces ge-1/3/0 encapsulation flexible-ethernet-services; gigether-options { <=== source-filtering; } } .... .... .... vlan-id 1001; encapsulation vlan-vpls accept-source-mac { mac-address 00:17:9a:00:73:91; <=== Thanks & Regards, Tarique -----Original Message----- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Samit Sent: Friday, June 26, 2009 10:50 AM To: Patrik Olsson Cc: juniper-nsp Subject: Re: [j-nsp] Maximum no. of static arp entries in M7i In a static IP address allocation to the customers scenario, is there any other way other to discourage the users to abuse another subscribers IP or MAC address and access/abuse the internet in a L2 switched network (wire/wireless) where you do not have capabilities to control this from a switch port? Currently am using linux router and doing IP+Mac filtering using iptables, and now wondering if I can replace it with Juniper M7i do the same but I believe it is not possible to run such filtering. Samit Patrik Olsson wrote: > Out of sheer curiosity, why static arp:s? > > Patrik > >> Hi, >> >> Any idea how many no. of static arp entries M7i interfaces/junos will >> accept and work? >> >> interfaces ge-1/3/0 { >> unit 0 { >> family inet { >> address 192.168.0.1/24 { >> arp 192.168.0.2 mac 00:17:f2:cb:89:43; >> } >> } >> } >> } >> >> Regards, >> Samit >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp