É estranho como essa resposta foi difícil de encontrar. O recurso que imita o recurso switchport port-security mac-address sticky
da Cisco nas plataformas Juniper é ethernet-switching-options secure-access-port vlan (all | vlan-name) mac-move-limit;
.
Documentação técnica da Juniper sobre limitação de movimentos MAC:
MAC Move Limiting
MAC move limiting prevents hosts whose MAC addresses have not been learned by the switch from accessing the network. Initial learning results when the host sends DHCP requests. If a new MAC address is detected on an interface, the packet is trapped to the switch. In general, when a host moves from one interface to another, the host has to renegotiate its IP address and lease (or be reauthenticated if 802.1X is configured on the switch). The DHCP request sent by the host can be one for a new IP address or one to validate the old IP address. If 802.1X is not configured, the Ethernet switching table entry is flushed from the original interface and added to the new interface. These MAC movements are tracked, and if more than the configured number of moves happens within one second, the configured action is performed.
Actions for MAC Limiting and MAC Move Limiting
You can choose to have one of the following actions performed when the limit of MAC addresses or the limit of MAC moves is reached:
- drop—Drop the packet and generate an alarm, an SNMP trap, or a system log entry.
- log—Do not drop the packet but generate an alarm, an SNMP trap, or a system log entry.
- none—Take no action.
- shutdown—Block data traffic on the interface and generate an alarm. If you do not set an action, then the action is none. You can also explicitly set none as the action.