Terms a , b
Im guessing 2a:30:44:1f:bd:59/48 is your gw ? Anyway your making everything an exact macth /48
So a ,b put in your gw and your test station mac address. and test from there.
from {
source-mac-address {
00:00:4C:aa:b0:c0/48; made up client mac address
}
destination-mac-address {
2a:30:44:1f:bd:59/48; Cradlepoint
}
}
then accept;
}
term B {
from {
source-mac-address {
2a:30:44:1f:bd:59/48;
}
destination-mac-address {
00:00:4C:aa:b0:c0/48;
you may be wanting to match 00:00:00:00:00:00/0
Add some counters in your terms to help track frames / packets.
Original Message:
Sent: 10-29-2021 14:21
From: Unknown User
Subject: Client Isolation | Firewall Filter
Hi all,
Does anyone know if sub-vlan isolation (ie, port isolation in the same vlan) can be doen with firewall filters using family etherenet-switching?
I tried the following, and yeah, nothing can talk to anything.....including the default GW / DHCP
Any ideas?
family ethernet-switching { filter Data-Isolation { term A { from { source-mac-address { 00:00:00:00:00:00/48; } destination-mac-address { 2a:30:44:1f:bd:59/48; } } then accept; } term B { from { source-mac-address { 2a:30:44:1f:bd:59/48; } destination-mac-address { 00:00:00:00:00:00/48; } } then accept; } term C { from { source-mac-address { 00:00:00:00:00:00/48; } destination-mac-address { 00:00:00:00:00:00/48; } source-port [ 67 68 ]; destination-port [ 67 68 ]; } then accept; } term D { from { source-mac-address { 00:00:00:00:00:00/48; } destination-mac-address { 00:00:00:00:00:00/48; } } then discard; } term E { then accept; } }}