Juniper Network

[Juniper] EX-2200 Drop MAC-Address

先建立防火牆規則,並設定要阻擋的MAC-Address

1
2
3

admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term term1 from source-mac-address 00:11:22:aa:bb:cc
admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term term1 then discard
admin@EX2200# set firewall family ethernet-switching filter mac-filter43 term accept-all then accept

 

接下來設定一個名為allport的interface-range,用來把filter input到各個interface上

1
2

admin@EX2200# set interfaces interface-range allport member-range ge-0/0/0 to ge-0/0/23
admin@EX2200# set interfaces interface-range allport unit 0 family ethernet-switching vlan members vlan43

 

最後把filter input到interface-range上,並儲存設定

1
2

admin@EX2200# set interfaces interface-range allport unit 0 family ethernet-switching filter input mac-filter43
admin@EX2200# commit

 

收工

juniper mac
Licensed under CC BY-NC-SA 3.0 TW
comments powered by Disqus