Juniper / Network

[Juniper] EX-2200 Drop MAC-Address

先建立防火牆規則,並設定要阻擋的MAC-Address

[email protected]# set firewall family ethernet-switching filter mac-filter43 term term1 from source-mac-address 00:11:22:aa:bb:cc
[email protected]# set firewall family ethernet-switching filter mac-filter43 term term1 then discard
[email protected]# set firewall family ethernet-switching filter mac-filter43 term accept-all then accept

 

接下來設定一個名為allport的interface-range,用來把filter input到各個interface上

[email protected]# set interfaces interface-range allport member-range ge-0/0/0 to ge-0/0/23
[email protected]# set interfaces interface-range allport unit 0 family ethernet-switching vlan members vlan43

 

最後把filter input到interface-range上,並儲存設定

[email protected]# set interfaces interface-range allport unit 0 family ethernet-switching filter input mac-filter43
[email protected]# commit

 

收工

發表留言
  /
Juniper

[Juniper] EX4500 DHCP Settings

set  access address-assignment pool vlan204 family inet network 192.168.204.0/24
set access address-assignment pool vlan204 family inet range vlan204 low 192.168.204.1
set access address-assignment pool vlan204 family inet range vlan204 high 192.168.204.250
set access address-assignment pool vlan204 family inet dhcp-attributes maximum-lease-time 86400
set access address-assignment pool vlan204 family inet dhcp-attributes domain-name example.com
set access address-assignment pool vlan204 family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool vlan204 family inet dhcp-attributes router 192.168.204.254
set system services dhcp-local-server group vlan204 interface vlan.204
set vlans vlan204 description Area-A_5F
set vlans vlan204 vlan-id 204
set vlans vlan204 l3-interface vlan.204
set interfaces ge-0/0/12 description Area-A_5F
set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members all
set interfaces vlan unit 204 description Area-A_5F
set interfaces vlan unit 204 family inet address 192.168.204.254/24

 

發表留言
  /