Hello,
Our MX80 is running JUNOS 10.4R4.5
SWITCH(1) === 10G Link==== xe-0/0/0 - MX80 - ge-1/0/0 -------- SWITCH(2)
On xe-0/0/0 we are getting our bgp feeds from SWITCH(1) in distinct vlans, and we also want to bridge vlans from SWITCH(2) to SWITCH(1)
we used old style config because new one isn't working on MX80
interfaces {
xe-0/0/0 {
flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
unit 200 {
vlan-id 200;
family bridge;
}
unit 1500 {
vlan-id 1500;
family bridge;
}
}
fxp0 {
unit 0 {
family inet {
filter {
input manager-ip;
}
address 10.0.200.2/24;
}
}
}
irb {
unit 200 {
family inet {
address 10.0.200.201/24;
}
}
unit 1500 {
family inet {
filter {
input manager-ip;
}
address 192.168.3.233/24;
}
}
}
}
policy-options {
prefix-list manager-ip {
10.0.200.21/32;
}
}
firewall {
family inet {
filter manager-ip {
term block_non_manager {
from {
prefix-list {
manager-ip except;
}
protocol tcp;
destination-port [ ssh http https telnet ];
}
then {
log;
reject;
}
}
term accept_rest {
then {
log;
accept;
}
}
}
}
}
bridge-domains {
managment {
domain-type bridge;
vlan-id 200;
interface xe-0/0/0.200;
inactive: routing-interface irb.200;
}
vps {
domain-type bridge;
vlan-id 1500;
interface xe-0/0/0.1500;
routing-interface irb.1500;
}
}
everything seems to work bridge mac addresses are visible, irb is also working I can ssh to 192.168.3.233, except
manager-ip filter, despite the filter i still can ssh to it from 192.168.3.0/24
after adding it to fxp0.0 and lo0.0 I still could log in from other then 10.0.200.21 hosts.
I guess it might be some obvious error but I can't spot it right now.
Will using irb not a plain L3 interface facing internet have any consquences for us ?
Any help would be much appreciated.
--
Michal Grzedzicki