Ethernet Switching
Ethernet Switching

Firewall filter for ethernet-switching issue

‎01-04-2019 02:24 PM

Hi,

I have a couple of access-ports in a vlan (on an EX3300 running 12.3R7.7, one particular port should only allow traffic from specific ip-addresses.

I thought that would be straight forward so i configured it like this:

> show configuration firewall family ethernet-switching filter server-oob
term oob-access {
    from {
        source-address {
            10.146.77.15/32;
            172.16.18.44/32;
        }
    }
    then accept;
}
 
> show configuration interfaces ge-1/0/26
description "Server OOB";
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members s-oob;
        }
        filter {
            output server-oob;
        }
    }
}

So the servers OOB port is connected to ge-1/0/26 and the addresses that should be allowed access to that interface is coming from other vlans.

When i commit this all traffic stops to that interface, why is that? And why is the traffic from the specific addresses not allowed?

 

If i remove the filter on the port, traffic flows fine.

 

Kind Regards

1 REPLY 1
Ethernet Switching
Solution
Accepted by topic author ehsab
‎01-05-2019 08:56 AM

Re: Firewall filter for ethernet-switching issue

‎01-04-2019 10:21 PM

Hello,

You have to allow ARP in this filter, this has been discussed umpteen times before on this forum

https://forums.juniper.net/t5/Ethernet-Switching/Firewall-Ethernet-switching-Input-Not-working/td-p/...

https://forums.juniper.net/t5/Ethernet-Switching/EX-2200-firewall-filter-blocks-everything/td-p/3156...

HTH

Thx
Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !