You will need a filter on each VLAN and deny packets between every subnet. For instance. I have 3 vlans:
v1 {
vlan-id 1;
filter {
input filter_v1;
}
l3-interface vlan.1;
}
v2 {
vlan-id 2;
l3-interface vlan.2;
}
v3 {
vlan-id 3;
l3-interface vlan.3;
}
each with its own RVI:
unit 1 {
family inet {
address 192.168.1.1/24;
}
}
unit 2 {
family inet {
address 192.168.2.1/24;
}
}
unit 3 {
family inet {
address 192.168.3.1/24;
}
}
You can configure a filter with multiple terms to deny traffic between the subnets and apply it on VLAN level.
For instance, this is a filter that is denying the traffic between 192.168.1.0/24 and 192.168.2.0/24. The filter is applied at vlan level for vlan v1 as shown above.
term 1 {
from {
source-address {
192.168.1.0/24;
}
destination-address {
192.168.2.0/24;
}
}
then {
discard;
count v1_to_v2;
}
}
term 2 {
from {
source-address {
192.168.1.0/24;
}
destination-address {
192.168.3.0/24;
}
}
then {
discard;
count v1_to_v3;
}
}
term 3 {
then accept;
You will need to adapt the filters for your subnets and create for each vlan a filter.
=====
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.