Table of Contents
Advertisement
Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS
Configuring a VLAN Firewall Filter to Count, Monitor, and Analyze Egress Traffic on the Employee
VLAN
CLI Quick
Configuration
2766
source-port 80;
}
then {
accept;
}
}
term not-gatekeeper {
from {
destination-port 80;
}
then {
count rogue-counter;
discard;
}
}
}
vlans {
voice-vlan {
description "block rogue devices on voice-vlan";
filter {
input ingress-vlan-rogue-block;
}
}
}
To configure and apply firewall filters for port, VLAN, and router interfaces, perform these
tasks:
A firewall filter is configured and applied to VLAN interfaces to filter
traffic. Employee traffic destined for the corporate subnet is accepted but not monitored.
Employee traffic destined for the Web is counted and analyzed.
To quickly configure and apply a VLAN firewall filter, copy the following commands and
paste them into the switch terminal window:
[edit]
set firewall family ethernet-switching filter egress-vlan-watch-employee term employee-to-corp
from destination-address 192.0.2.16/28
set firewall family ethernet-switching filter egress-vlan-watch-employee term employee-to-corp
then accept
set firewall family ethernet-switching filter egress-vlan-watch-employee term employee-to-web
from destination-port 80
set firewall family ethernet-switching filter egress-vlan-watch-employee term employee-to-web
then count employee-web-counter
set firewall family ethernet-switching filter egress-vlan-watch-employee term employee-to-web
then analyzer employee-monitor
set vlans employee-vlan description "filter at egress VLAN to count and analyze employee to
Web traffic"
set vlans employee-vlan filter output egress-vlan-watch-employee
egress
employee-vlan
Advertisement
Chapters
Table of Contents
Troubleshooting
