码迷,mamicode.com
首页 > 其他好文 > 详细

juniper 拒绝vlan 之间互通

时间:2020-05-19 16:21:04      阅读:109      评论:0      收藏:0      [点我收藏+]

标签:option   discard   from   NPU   source   deny   需求   family   eth   

核心
业务vlan 10 192.168.10.0/24
业务vlan 20 192.168.20.0/24
互联vlan 30 192.168.30.0/24
vlan30 互联防火墙
需求 :
拒绝业务地址 192.168.20.2 去链接防火墙(禁止该地址上网),也就是拒绝去链接互联vlan 30
set firewall family ethernet-switching filter deny term 1 from ip-source-address 192.168.20.2/32
set firewall family ethernet-switching filter deny term 1 from ip-destination-address 192.168.30.100/32
set firewall family ethernet-switching filter deny term 1 then discard
set firewall family ethernet-switching filter deny term 2 then accept
set vlans vlan20 forwarding-options filter input deny
filter 名称deny 挂到业务vlan vlan20
set vlans vlan20 forwarding-options filter input deny

juniper 拒绝vlan 之间互通

标签:option   discard   from   NPU   source   deny   需求   family   eth   

原文地址:https://blog.51cto.com/adcit/2496453

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!