Table of Contents
Advertisement
Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS
Configuring a Router Firewall Filter to Give Priority to Egress Traffic Destined for the Corporate
Subnet
CLI Quick
Configuration
Step-by-Step
Procedure
Results
2770
To configure and apply firewall filters for port, VLAN, and router interfaces, perform these
tasks:
To quickly configure a firewall filter for a routed port (Layer 3 uplink module) to filter
traffic, giving highest forwarding-class priority to traffic destined for the
employee-vlan
corporate subnet, copy the following commands and paste them into the switch terminal
window:
[edit]
set firewall family inet filter egress-router-corp-class term corp-expedite from destination-address
192.0.2.16/28
set firewall family inet filter egress-router-corp-class term corp-expedite then forwarding-class
expedited-forwarding
set firewall family inet filter egress-router-corp-class term corp-expedite then loss-priority low
set firewall family inet filter egress-router-corp-class term not-to-corp then accept
set interfaces ge-0/1/0 description "filter at egress router to expedite destined for corporate
network"
set ge-0/1/0 unit 0 family inet address 103.104.105.1
set interfaces ge-0/1/0 unit 0 family inet filter output egress-router-corp-class
To configure and apply a firewall filter to a routed port (Layer 3 uplink module) to give
highest priority to
employee-vlan
Define the firewall filter
1.
[edit]
user@switch# set firewall family inet filter egress-router-corp-class
Define the term
corp-expedite
2.
[edit firewall]
user@switch# set family inet filter egress-router-corp-class term corp-expedite from
destination-address 192.0.2.16/28
user@switch# set family inet filter egress-router-corp-class term corp-expedite then
forwarding-class expedited-forwarding
user@switch# set family inet filter egress-router-corp-class term corp-expedite then
loss-priority low
Define the term
not-to-corp
3.
[edit firewall]
user@switch# set family inet filter egress-router-corp-class term not-to-corp then
accept
Apply the firewall filter
4.
the switch's uplink module, which provides a Layer 3 connection to a router:
[edit interfaces]
user@switch# set ge-0/1/0 description "filter at egress router to expedite employee
traffic destined for corporate network"
user@switch# set ge-0/1/0 unit 0 family inet address 103.104.105.1
user@switch# set ge-0/1/0 unit 0 family inet filter output egress-router-corp-class
Display the results of the configuration:
user@switch# show
traffic destined for the corporate subnet:
egress-router-corp-class
:
:
:
egress-router-corp-class
as an output filter for the port on
Advertisement
Chapters
Table of Contents
Troubleshooting
