Figure 86: Application Of Port, Vlan, And Layer 3 Routed Firewall Filters - Juniper JUNOS OS 10.4 - FOR EX REV 1 Manual

Table 421: Configuration Components: Firewall Filters (continued)
Component
VLAN firewall filter,
ingress-vlan-limit-guest
Router firewall filter,
egress-router-corp-class
Copyright © 2010, Juniper Networks, Inc.
Purpose/Description
Prevents guests (non-employees) from talking with employees or employee hosts on
. Also prevents guests from using peer-to-peer applications on
employee-vlan
but allows guests to access the Web.
This firewall filter is applied to VLAN interfaces on the access switch.
Prioritizes employee-vlan
traffic destined for the corporate subnet.
This firewall filter is applied to a routed port (Layer 3 uplink module) on the distribution
switch.
Figure 86 on page 3263 shows the application of port, VLAN, and Layer 3 routed firewall
filters on the switch.

Figure 86: Application of Port, VLAN, and Layer 3 Routed Firewall Filters

Network Topology
The topology for this configuration example consists of one EX-3200-48T switch at the
access layer, and one EX-3200-48T switch at the distribution layer. The distribution
switch's uplink module is configured to support a Layer 3 connection to a J-series router.
Chapter 107: Examples of Firewall Filters Configuration
traffic, giving highest forwarding-class priority to employee
,
guest-vlan
3263