Juniper JUNOS OS 10.3 - SOFTWARE Manual page 3154

Complete Software Guide for Junos
Example: Using Filter-Based Forwarding to Route Application Traffic to a Security
Device on EX Series Switches
Requirements
Overview and Topology
Configuration
CLI Quick
Configuration
3058
®
OS for EX Series Ethernet Switches, Release 10.3
Administrators can configure filter-based forwarding on an EX Series switch by using a
firewall filter to forward matched traffic to a specific virtual routing instance.
This example describes how to set up filter-based forwarding:
Requirements on page 3058
Overview and Topology on page 3058
Configuration on page 3058
Verification on page 3060
This example uses the following software and hardware components:
One EX Series switch
Junos OS Release 9.4 or later for EX Series switches
In this example, traffic from one application server that is destined for a different
application server is matched by a firewall filter based on the IP address. Any matching
packets are routed to a particular virtual routing instance that first sends all traffic to a
security device, then forwards it to the designated destination address.
To configure filter-based forwarding:
To quickly create and configure filter-based forwarding, copy the following commands
and paste them into the switch terminal window:
[edit]
set interfaces ge-0/0/0 unit 0 family inet address 10.1.0.1/24
set interfaces ge-0/0/3 unit 0 family inet address 10.1.3.1/24
set firewall family inet filter fil term t1 from source-address 1.1.1.1/32
set firewall family inet filter fil term t1 from protocol tcp
set interfaces ge-0/0/0 unit 0 family inet filter input fil
set routing-instances vrf01 instance-type virtual-router
set routing-instances vrf01 interface ge-0/0/1.0
set routing-instances vrf01 interface ge-0/0/3.0
set routing-instances vrf01 routing-options static route 12.34.56.0/24 next-hop 10.1.3.254
set firewall family inet filter fil term t1 then routing-instance vrf01
Copyright © 2010, Juniper Networks, Inc.