If someone could verify this filter that I have created to make sure no other traffic than what is in the filter is being blocked. I would greatly appreciate it.
I tried applying the filter on the AE0 interface only to begin with, but it did not make a difference whether it was there or not. I thought that filters could be placed on ports, vlans, and layer 3 interfaces on EX3400's?
This was the only way I was able to prevent an ip address on the same subnet from communicating with another host via the below listed ports, but I could be wrong.
family ethernet-switching {
filter ingress-port-filter {
term BLOCK {
from {
destination-port [ 5701 5702 ];
ip-source-address {
10.1.25.239/32;
}
ip-destination-address {
10.1.25.250/32;
}
ip-protocol tcp;
}
then {
discard;
log;
count INFRA;
}
}
term ALLOW-EVERYTHING-ELSE {
then accept;
}
then applying the filter under vlans:
Servers {
vlan-id 25;
forwarding-options {
filter {
input ingress-port-filter;
------------------------------
ROBERT GRAHAM
------------------------------