Switching

Expand all | Collapse all

EX 4300 and Filter based routing question

Jump to Best Answer
  • 1.  EX 4300 and Filter based routing question

    Posted 06-22-2018 19:47

    Hi everyone,

     

    We want our EX 4300 to send all traffic sourced from 199.199.199.1/32  , received on f0/0 , to next hop 200.200.200.2

     

    On EX 4300, is following possible?

     

    set firefall family inet filter TEST term T1match source-address 199.199.199.1/32

    set firefall family inet filter TEST term T1match then next-hop 200.2000.200.2

    set firefall family inet filter TEST term T1match then accept

    set firefall family inet filter TEST term T2 then accept

     

    set int f0/0 unit 0 family inet filter TEST input.

     

    Thanks and have nice weekend!!

     



  • 2.  RE: EX 4300 and Filter based routing question
    Best Answer

     
    Posted 06-23-2018 06:44

    You need to create a routing instance for the forwarding.  the procedure is outlined here.

     

    https://www.juniper.net/documentation/en_US/junos/topics/example/filter-based-forwarding-with-firewall-filter-ex-series.html

     



  • 3.  RE: EX 4300 and Filter based routing question

    Posted 06-23-2018 19:23

    Thanks sir!!



  • 4.  RE: EX 4300 and Filter based routing question

    Posted 06-23-2018 06:45

    Hello,

    "next-ip" and "next-interface" are supported on MX-series only

    https://www.juniper.net/documentation/en_US/junos/topics/reference/general/firewall-filter-actions-nonterminating.html

     

    next-interface interface-name

    (MX Series) Direct packets to the specified outgoing interface.

    • family inet
    • family inet6

    next-ip ip-address

    (MX Series) Direct packets to the specified destination IPv4 address.

    family inet

     

    You can do it with "then routing-instance BLAH" action but redirecting towards connected subnets that were leaked between instances is not supported: https://kb.juniper.net/InfoCenter/index?page=content&id=KB23027

    In other words, if 200.200.200.2 is resolved via connected subnet, then You have to jump through additional hoops to make this happen. You can find numerous posts on this forum discussing this exact thing.

    HTH

    Thx

    Alex

     



  • 5.  RE: EX 4300 and Filter based routing question

    Posted 06-23-2018 19:24

    Thanks Alex