Hello All,
I am unable to configure the filter based vlan assignment on my EX-3300 switch. Below is my config and error that I am receiving. Basically, I am trying to accept traffic from both the vlans, NWQGaming and Production through the single interface ge-0/0/8. But getting the error:
{master:0}[edit]
rwa@juniper-test# commit check
[edit]
'interface ge-0/0/8.0'
Access security cannot be enabled on interface ge-0/0/8.0as it has mapping "policy" enabled on it
error: configuration check-out failed
rwa@juniper-test# run show vlans
Name Tag Interfaces
MGMT 3002
ge-0/0/47.0*
NWQB 603
ge-0/0/47.0*
NWQGaming 214
ge-0/0/8.0, ge-0/0/47.0*
Production 133
ge-0/0/47.0*
default
None
vlan1337 1337
ge-0/0/0.0, ge-0/0/1.0, ge-0/0/2.0, ge-0/0/3.0, ge-0/0/4.0, ge-0/0/5.0, ge-0/0/6.0, ge-0/0/7.0,
ge-0/0/9.0, ge-0/0/10.0, ge-0/0/47.0*
vlans
None
rwa@juniper-test# show|compare
[edit interfaces ge-0/0/8 unit 0 family ethernet-switching]
+ filter {
+ input fbva;
+ }
[edit]
+ firewall {
+ family ethernet-switching {
+ filter fbva {
+ term accept-net {
+ from {
+ source-address {
+ 10.10.20.0/24;
+ }
+ }
+ then vlan Production;
+ }
+ term else-accept {
+ then accept;
+ }
+ }
+ }
+ }
[edit vlans NWQGaming]
+ interface {
+ ge-0/0/8.0;
+ }
[edit vlans Production]
+ interface {
+ ge-0/0/47.0;
+ ge-0/0/8.0 {
+ mapping {
+ policy;
+ }
+ }
+ }
{master:0}[edit]
rwa@juniper-test# commit check
[edit]
'interface ge-0/0/8.0'
Access security cannot be enabled on interface ge-0/0/8.0as it has mapping "policy" enabled on it
error: configuration check-out failed
Any help would be highly appreciated. I am also afraid if filter based vlan assignment is not supported on EX-3300 switches. Please let me know if that could be the case.
Regards,
BB