Hi all,
Does anyone know if sub-vlan isolation (ie, port isolation in the same vlan) can be doen with firewall filters using family etherenet-switching?
I tried the following, and yeah, nothing can talk to anything.....including the default GW / DHCP
Any ideas?
family ethernet-switching {
filter Data-Isolation {
term A {
from {
source-mac-address {
00:00:00:00:00:00/48;
}
destination-mac-address {
2a:30:44:1f:bd:59/48;
}
}
then accept;
}
term B {
from {
source-mac-address {
2a:30:44:1f:bd:59/48;
}
destination-mac-address {
00:00:00:00:00:00/48;
}
}
then accept;
}
term C {
from {
source-mac-address {
00:00:00:00:00:00/48;
}
destination-mac-address {
00:00:00:00:00:00/48;
}
source-port [ 67 68 ];
destination-port [ 67 68 ];
}
then accept;
}
term D {
from {
source-mac-address {
00:00:00:00:00:00/48;
}
destination-mac-address {
00:00:00:00:00:00/48;
}
}
then discard;
}
term E {
then accept;
}
}
}