Figure 87: Ssh Connection From A Management Pc To An Ex Series Switch - Juniper JUNOS OS 10.4 - FOR EX REV 1 Manual

Configuration
CLI Quick
Configuration
Step-by-Step
Procedure
Results
Copyright © 2010, Juniper Networks, Inc.

Figure 87: SSH Connection From a Management PC to an EX Series Switch

10.204.33.103/20
me0
SSH connection
Switch
To configure a firewall filter on a management interface, perform these tasks:
To quickly create and configure a firewall filter on the management interface to filter
SSH packets egressing from the management interface, copy the following commands
and paste them into the switch terminal window:
[edit]
set firewall family inet filter mgmt_fil1 term t1 from source-port ssh
set firewall family inet filter mgmt_fil1 term t1 then count c1
set firewall family inet filter mgmt_fil1 term t2 then accept
set interfaces me0 unit 0 family inet filter output mgmt_fil1
To configure a firewall filter on the management interface to filter SSH packets:
Configure the firewall filter that matches SSH packets from the source port:
1.
[edit]
user@switch# set firewall family inet filter mgmt_fil1 term t1 from source-port ssh
user@switch# set firewall family inet filter mgmt_fil1 term t1 then count c1
user@switch# set firewall family inet filter mgmt_fil1 term t2 then accept
These statements set a counter
from the source SSH interface on the management interface.
Set the firewall filter for the management interface:
2.
[edit]
user@switch# set interfaces me0 unit 0 family inet filter output mgmt_fil1
NOTE: You can also set the firewall filter for a VME interface.
Check the results of the configuration:
[edit]
user@switch# show
interfaces {
me0 {
unit 0 {
family inet {
filter {
output mgmt_fil1;
}
Chapter 107: Examples of Firewall Filters Configuration
Management PC
to count the number of SSH packets that egress
c1
3285