Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  vlan filter assistance needed

    Posted 01-31-2021 13:49
    I have a firewall filter as follows:

    set policy-options prefix-list plist 32.10.200.6/32
    set firewall family ethernet-switching filter vlan-filter term 1 from source-prefix-list plist
    set firewall family ethernet-switching filter vlan-filter term 1 then vlan printer

    what are differences between the followings?

    set interfaces xe-0/0/3 unit 0 family ethernet-switching vlan members 1001
    set interfaces xe-0/0/3 unit 0 family ethernet-switching filter input vlan-filter
    and
    set vlans corp forwarding-options filter input vlan-filter

    If I have the following topolgy:

    Host 1  (ge-0/0/3) ----------------------------- (xe-0/0/3) QFX

    Host 1 has two IPs on ge-0/0/3, say 10.10.10.1/24 and 10.10.20.1/24, QFX has two irb interfaces, say 10.10.10.100 and 10.10.20.100.

    Can I use the xe-0/0/3 configuration as above to make two IPs are both reachable to irb interfaces ?

    I did see the following configuration which is not available on QFX.

    set interfaces ge-0/0/8.0 unit 0 family ethernet-swtiching port-mode access

    set interfaces ge-0/0/8.0 unit 0 family ethernet-swtiching filter input vlan-policy

     set firewall family ethernet-switching filter vlan-policy term 1 from source-address 32.10.1.0/24

    set firewall family ethernet-switching filter vlan-policy term 1 then vlan corp

    set vlans corp vlan-id 1001

    set vlans corp interface ge-0/0/8.0 mapping policy  (non-ELS)

    set vlans printers interface ge-0/0/8.0

    I assume this configuration is for non-ELS platform.

    thanks !!!


  • 2.  RE: vlan filter assistance needed

    Posted 01-31-2021 21:20
    The processing order: 

    Regards, 



  • 3.  RE: vlan filter assistance needed

    Posted 02-01-2021 10:07
    thanks so much !!

    I was trying to test the following, the line in RED is not available in QFX and EX4300.  What equivalent configuration can I use ?

    I did see the following configuration which is not available on QFX.

    set interfaces ge-0/0/8.0 unit 0 family ethernet-swtiching port-mode access
    set interfaces ge-0/0/8.0 unit 0 family ethernet-swtiching filter input vlan-policy
    set firewall family ethernet-switching filter vlan-policy term 1 from source-address 32.10.1.0/24
    set firewall family ethernet-switching filter vlan-policy term 1 then vlan corp

    set vlans corp vlan-id 1001
    set vlans corp interface ge-0/0/8.0 mapping policy (non-ELS)    
    set vlans printers interface ge-0/0/8.0 

    I assume this configuration is for non-ELS platform.  How to do the same thing on ELS ?

    I saw Filter based VLAN from the following:

    From <https://crypt.gen.nz/2017/06/27/juniper-filter-based-vlans/>, but I do not know how to test on the devices I have  (QFX5100 and Ex4300)