Switching

Expand all | Collapse all

vlan filter assistance needed

  • 1.  vlan filter assistance needed

    Posted 01-31-2021 13:49
    I have a firewall filter as follows:

    set policy-options prefix-list plist 32.10.200.6/32
    set firewall family ethernet-switching filter vlan-filter term 1 from source-prefix-list plist
    set firewall family ethernet-switching filter vlan-filter term 1 then vlan printer

    what are differences between the followings?

    set interfaces xe-0/0/3 unit 0 family ethernet-switching vlan members 1001
    set interfaces xe-0/0/3 unit 0 family ethernet-switching filter input vlan-filter
    and
    set vlans corp forwarding-options filter input vlan-filter

    If I have the following topolgy:

    Host 1  (ge-0/0/3) ----------------------------- (xe-0/0/3) QFX

    Host 1 has two IPs on ge-0/0/3, say 10.10.10.1/24 and 10.10.20.1/24, QFX has two irb interfaces, say 10.10.10.100 and 10.10.20.100.

    Can I use the xe-0/0/3 configuration as above to make two IPs are both reachable to irb interfaces ?

    I did see the following configuration which is not available on QFX.

    set interfaces ge-0/0/8.0 unit 0 family ethernet-swtiching port-mode access

    set interfaces ge-0/0/8.0 unit 0 family ethernet-swtiching filter input vlan-policy

     set firewall family ethernet-switching filter vlan-policy term 1 from source-address 32.10.1.0/24

    set firewall family ethernet-switching filter vlan-policy term 1 then vlan corp

    set vlans corp vlan-id 1001

    set vlans corp interface ge-0/0/8.0 mapping policy  (non-ELS)

    set vlans printers interface ge-0/0/8.0

    I assume this configuration is for non-ELS platform.

    thanks !!!


  • 2.  RE: vlan filter assistance needed

     
    Posted 01-31-2021 21:20
    The processing order: 

    Regards, 


    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 3.  RE: vlan filter assistance needed

    Posted 02-01-2021 10:07
    thanks so much !!

    I was trying to test the following, the line in RED is not available in QFX and EX4300.  What equivalent configuration can I use ?

    I did see the following configuration which is not available on QFX.

    set interfaces ge-0/0/8.0 unit 0 family ethernet-swtiching port-mode access
    set interfaces ge-0/0/8.0 unit 0 family ethernet-swtiching filter input vlan-policy
    set firewall family ethernet-switching filter vlan-policy term 1 from source-address 32.10.1.0/24
    set firewall family ethernet-switching filter vlan-policy term 1 then vlan corp

    set vlans corp vlan-id 1001
    set vlans corp interface ge-0/0/8.0 mapping policy (non-ELS)    
    set vlans printers interface ge-0/0/8.0 

    I assume this configuration is for non-ELS platform.  How to do the same thing on ELS ?

    I saw Filter based VLAN from the following:

    From <https://crypt.gen.nz/2017/06/27/juniper-filter-based-vlans/>, but I do not know how to test on the devices I have  (QFX5100 and Ex4300)