Switching

 View Only
last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  Firewall filter for ethernet-switching issue

    Posted 01-04-2019 14:25

    Hi,

    I have a couple of access-ports in a vlan (on an EX3300 running 12.3R7.7, one particular port should only allow traffic from specific ip-addresses.

    I thought that would be straight forward so i configured it like this:

    > show configuration firewall family ethernet-switching filter server-oob
term oob-access {
    from {
        source-address {
            10.146.77.15/32;
            172.16.18.44/32;
        }
    }
    then accept;
}
 
> show configuration interfaces ge-1/0/26
description "Server OOB";
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members s-oob;
        }
        filter {
            output server-oob;
        }
    }
}

    So the servers OOB port is connected to ge-1/0/26 and the addresses that should be allowed access to that interface is coming from other vlans.

    When i commit this all traffic stops to that interface, why is that? And why is the traffic from the specific addresses not allowed?

     

    If i remove the filter on the port, traffic flows fine.

     

    Kind Regards



  • 2.  RE: Firewall filter for ethernet-switching issue
    Best Answer

    Posted 01-04-2019 22:22

    Hello,

    You have to allow ARP in this filter, this has been discussed umpteen times before on this forum

    https://forums.juniper.net/t5/Ethernet-Switching/Firewall-Ethernet-switching-Input-Not-working/td-p/319550

    https://forums.juniper.net/t5/Ethernet-Switching/EX-2200-firewall-filter-blocks-everything/td-p/315651

    HTH

    Thx
    Alex