Table of Contents
Advertisement
Complete Software Guide for Junos
Applying a Firewall Filter to a Port on a Switch
3066
®
OS for EX Series Ethernet Switches, Release 10.3
You can specify any of the following action modifiers in a
analyzer analyzer-name
that is connected to a protocol analyzer application. An
configured under the
Port Mirroring to Analyze Traffic (CLI Procedure)" on page 3555.
count counter-name
NOTE: We recommend that you configure a counter for each term in
a firewall filter, so that you can monitor the number of packets that
match the conditions specified in each filter term.
forwarding-class class
loss-priority priority
policer policer-name
If you omit the
then
statement or do not specify an action, packets that match all the
conditions in the
statement are accepted. However, you must always explicitly
from
configure an action and/or action modifier in the
more than one action statement, but you can use any combination of action modifiers.
For an action or action modifier to take effect, all conditions in the
must match.
NOTE: Implicit discard is also applicable to a firewall filter applied to the
loopback interface,
To apply a firewall filter to an ingress port on a switch:
Specify the interface name and provide a meaningful description of the firewall filter
1.
and the interface to which the filter is applied:
[edit interfaces]
user@switch# set ge-0/0/1 description "filter to limit tcp traffic filter at trunk port
for employee-vlan and voice-vlan applied on the interface"
NOTE: Providing the description is optional.
Specify the unit number and family address type for the interface:
2.
[edit interfaces]
user@switch# set ge-0/0/1 unit 0 family ethernet-switching
—Mirror port traffic to a specified destination port or VLAN
family address type. See "Configuring
ethernet-switching
—Count the number of packets that pass this filter term.
—Classify packets in a forwarding class.
—Set the priority of dropping a packet.
—Apply rate-limiting to the traffic.
then
.
lo0
statement:
then
analyzer
must be
statement. You can include no
from
statement
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Chapters
Table of Contents
Troubleshooting
