Complete Software Guide for Junos
Results
Configuring a VLAN Firewall Filter to Count, Monitor, and Analyze Egress Traffic on the Employee
VLAN
CLI Quick
Configuration
3272
®
OS for EX Series Ethernet Switches, Release 10.4
Display the results of the configuration:
user@switch# show
firewall {
family ethernet-switching {
filter ingress-vlan-rogue-block {
term to-gatekeeper {
from {
destination-address 192.0.2.14/32
destination-port 80;
}
then {
accept;
}
}
term from-gatekeeper {
from {
source-address 192.0.2.14/32
source-port 80;
}
then {
accept;
}
}
term not-gatekeeper {
from {
destination-port 80;
}
then {
count rogue-counter;
discard;
}
}
}
vlans {
voice-vlan {
description "block rogue devices on voice-vlan";
filter {
input ingress-vlan-rogue-block;
}
}
}
To configure and apply firewall filters for port, VLAN, and router interfaces, perform these
tasks:
A firewall filter is configured and applied to VLAN interfaces to filter
traffic. Employee traffic destined for the corporate subnet is accepted but not monitored.
Employee traffic destined for the Web is counted and analyzed.
To quickly configure and apply a VLAN firewall filter, copy the following commands and
paste them into the switch terminal window:
employee-vlan
Copyright © 2010, Juniper Networks, Inc.
egress