Ethernet Switching
Ethernet Switching

Firewall filter for ethernet-switching issue

‎01-04-2019 02:24 PM


I have a couple of access-ports in a vlan (on an EX3300 running 12.3R7.7, one particular port should only allow traffic from specific ip-addresses.

I thought that would be straight forward so i configured it like this:

> show configuration firewall family ethernet-switching filter server-oob
term oob-access {
    from {
        source-address {
    then accept;
> show configuration interfaces ge-1/0/26
description "Server OOB";
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members s-oob;
        filter {
            output server-oob;

So the servers OOB port is connected to ge-1/0/26 and the addresses that should be allowed access to that interface is coming from other vlans.

When i commit this all traffic stops to that interface, why is that? And why is the traffic from the specific addresses not allowed?


If i remove the filter on the port, traffic flows fine.


Kind Regards

Ethernet Switching
Accepted by topic author ehsab
‎01-05-2019 08:56 AM

Re: Firewall filter for ethernet-switching issue

‎01-04-2019 10:21 PM


You have to allow ARP in this filter, this has been discussed umpteen times before on this forum





Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements


Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !