[Juniper] EX-2200 Drop MAC-Address

先建立防火牆規則，並設定要阻擋的MAC-Address

1
2
3


admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term term1 from source-mac-address 00:11:22:aa:bb:cc
admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term term1 then discard
admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term accept-all then accept

接下來設定一個名為allport的interface-range，用來把filter input到各個interface上

1
2


admin@EX2200# set interfaces interface-range allport member-range ge-0/0/0 to ge-0/0/23
admin@EX2200# set interfaces interface-range allport unit 0 family ethernet-switching vlan members vlan43

最後把filter input到interface-range上，並儲存設定

1
2


admin@EX2200# set interfaces interface-range allport unit 0 family ethernet-switching filter input mac-filter43
admin@EX2200# commit

收工