[j-nsp] implementing filters on all interfaces

Guy Davies Guy.Davies at telindus.co.uk
Wed Apr 23 18:06:27 EDT 2003


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Scott,

The answer is yes.  However, you'd have to do it something like this.

groups {
  test {
    interfaces {
      <fe-*> {
        unit 56 {
          vlan-id 56;
          family inet {
            filter {
              input test;
            }
          }
        }
      }
    }
  }
}

This would set the vlan-id of unit 56 on every FE port to be 56 and apply
the filter test to that vlan inbound.  You must actually create the specific
interface and unit under the main interfaces section (i.e. this doesn't
create the unit if it's not there - but that doesn't matter because each
interface/unit requires a unique IP address :-)

Regards,

Guy

> -----Original Message-----
> From: Harry Reynolds [mailto:harry at juniper.net]
> Sent: Wednesday, April 23, 2003 4:32 PM
> To: Scott A. McIntyre; juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] implementing filters on all interfaces
> 
> 
> Note sure that I follow; the approach I demonstrated catches all
> logical units, which should in turn catch all VLAN IDs as there is a
> one to one mapping between the two.
> 
> Something like:
> 
> test {
>     interfaces {
>         <fe-*> {
>             unit <512-526> {
>                 family inet {
>                     filter {
>                         input test;
>                     }
>                 }
>             }
>         }
>     }
> }
> 
> Should catch all FEs with units in the range of 512-526. If these
> units are associated with VLANs, then all the better, I say.
> 
> 
> HTHs
> 
> 
> 
> > -----Original Message-----
> > From: juniper-nsp-bounces at puck.nether.net
> > [mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of Scott A.
> > McIntyre
> > Sent: Wednesday, April 23, 2003 8:15 AM
> > To: juniper-nsp at puck.nether.net
> > Subject: RE: [j-nsp] implementing filters on all interfaces
> >
> >
> > Greetings,
> >
> >
> > --On Wednesday, April 23, 2003 08:07 -0700 Harry Reynolds
> > <harry at juniper.net> wrote:
> >
> > ...
> >
> > > You can use groups to apply filters to "groups" of interfaces:
> > >
> > > [edit]
> > > lab at r2# show groups
> > > test {
> > >     interfaces {
> > >         <*> { <<< catches all, I suggest something more
> > like <fe-*>,
> > > <so-*>, etc.
> >
> >
> > Nice trick -- will that also work for vlans?  That is
> > <ge-*.56> to match
> > any GigE interface that has vlan 56 defined within?
> >
> >
> > Scott
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPqa57o3dwu/Ss2PCEQI6BwCghuze8CIbZkrZisipfeIuPqinpSQAoKP2
FK1ebmFa9k2cfJWVadciG/xX
=SEBc
-----END PGP SIGNATURE-----


More information about the juniper-nsp mailing list