Switching

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

Filter on EX3400 Layer 3 Switch

  • 1.  Filter on EX3400 Layer 3 Switch

    Posted 05-02-2023 12:56

    If someone could verify this filter that I have created to make sure no other traffic than what is in the filter is being blocked. I would greatly appreciate it.

    I tried applying the filter on the AE0 interface only to begin with, but it did not make a difference whether it was there or not. I thought that filters could be placed on ports, vlans, and layer 3 interfaces on EX3400's?

    This was the only way I was able to prevent an ip address on the same subnet from communicating with another host via the below listed ports,  but I could be wrong.

    family ethernet-switching {
        filter ingress-port-filter {
            term BLOCK {
                from {
                    destination-port [ 5701 5702 ];
                    ip-source-address {
                        10.1.25.239/32;
                    }
                    ip-destination-address {
                        10.1.25.250/32;
                    }
                    ip-protocol tcp;
                }
                then {
                    discard;
                    log;
                    count INFRA;
                }
            }
            term ALLOW-EVERYTHING-ELSE {
                then accept;
            }

    then applying the filter under vlans:
     
    Servers {
        vlan-id 25;
        forwarding-options {
            filter {
                input ingress-port-filter;



    ------------------------------
    ROBERT GRAHAM
    ------------------------------