03-14-2012 01:51 AM
Although on EX switches, i can do mac biding by applying filter as under:-
#set firewall family ethernet-swtiching filter abc term abc from source-mac-address xxxxxxxxxx
However when i try to do same on SRX firewall, it does not show option ethernet-switching in family:
set firewall family ? (it shows options of inet and other but not ethernet swiching)...and if i select family inet, then in match condition from ? (does not give source-mac-address) i.e gives options related to ip addresses only...i need to put in some mac addresses under match condition
whats the solution??how to filter some specific source mac addreses on SRX firewall????
Solved! Go to Solution.
03-14-2012 02:18 AM
This is available in Junos 11.4. See below:
03-16-2012 02:23 AM
You can try following command.
set firewall family bridge filter g term 1 from source-mac-address 00:00:00:00:00:01/48
03-19-2012 10:57 PM
hi..thanx alot for refrering to 11.4,
, probably it will solve issue, however still im unable to download package 11.4 to use it... and even on 11.4 package, I have found either i will be required to do it in Web Managment or if in command line, then i will have to use family vpls...what is differnt in family vpls from family ethernet-switching.. i mean what else will it affect for me??/will i have to cater for something else aswell or just select family vpls and keep on doing what i could do with family ehternet-switching???
03-19-2012 11:02 PM
.thnx for replying...
but i tried to find firewall family bridge but i did not find this option,, there were only ccc,inet, mpls,vpls... i was using SR 240 with version Junos 10.0R3.1...where will this bridge option be avaible ?? in some other upgraded version????
04-25-2012 06:46 PM
Please implement mac binding on SRX using "ethernet-switching-options", e.g.
set ethernet-switching-options secure-access-port interface interface-trust allowed-mac 00:05:85:3A:82:80
set ethernet-switching-options secure-access-port interface interface-trust mac-limit 1 action drop
set ethernet-switching-options secure-access-port port-error-disable disable-timeout 60
. . . . . .
set vlan vlan-trust vlan-id 100
set interfaces interface-range interfaces-trust member ge-0/0/1
set interfaces interface-range interfaces-trust member ge-0/0/2
. . . . . . . . . . .
set interfaces interface-range interfaces-trust unit 0 family ethernet-switching vlan members vlan-trust
04-26-2012 03:16 AM
05-14-2012 02:13 AM
hi dear rasmus....
its done...thnx alot...
can u tell me reason,,,, i had earlier tried to adopt this aproach on srx 240, but i was unable to do it earlier....the ethernet-switching-option secure-access-port was aval on switch to bind mac,,but not on srx 240...wt was the reason???
01-02-2014 03:52 PM
I have MAC filtering enabled on SRX100 (set ethernet-switching-options secure-access-port interface fe-0/0/0.0 allowed-mac aa:bb:cc::dd:ee:ff)
If unauthorized user tries to connect a device, firewall will not allow the device. Where do I see the logs/error message about failed authentication/authorization ?