Junos OS

last person joined: 5 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  how to configure an interface-group?

    Posted 01-19-2009 07:17

    You are supposed to be able to match on an interface-group within a firewall filter, which I suppose allow you to match on say packets received on fe-0/0/0 or packets received on fe-0/0/1 with a single from statement, but how do you configure an interface-group?

     

    I can configure interface-sets on my routers, but not interface-groups, it is the same?

     

    THX!!!

     

     



  • 2.  RE: how to configure an interface-group?

     
    Posted 01-19-2009 08:56

    Hello Asoka

     

    The final use seems to be the same as interface set but the way you configure it is different.

    Just see this example provided by the folowing help request.

     

    HTH

    Alain

     

    help topic interfaces group

     

         [edit firewall]
         family inet {
             filter if-group {
                 term group1 {
                     from {
                         interface-group 1;
                         address {
                             192.168.80.114/32;
                         }
                         protocol tcp;
                         port finger;
                     }
                     then {
                         count if-group-counter1;
                         log;
                         reject;
                     }
                 }
                 term group-2 {
                     then {
                         count if-group-counter2;
                         log;
                         accept;
                     } 
                 }     
             }         
         }             
       Assign one or more interfaces to the interface group referenced in the
       filter:         
         [edit interfaces]
         fxp0 {        
             unit 0 {  
                 family inet {
                     filter {
                         group 1;
                     } 
                     address 192.168.5.38/24;
                 }     
             }         
         }             
       Apply the filter that contains an interface group:
         [edit interfaces]
         lo0 {         
             unit 0 {  
                 family inet {
                     filter {
                         input if-group;
                         group 1;
                     } 
                     address 10.0.0.1/32;
                     address 192.168.77.1/32;
                 }     
             }         
         }             
                       
    [edit]