[j-nsp] EX Switches - Internet Exchange Points
Jonathan Lassoff
jof at thejof.com
Thu Mar 25 16:39:15 EDT 2010
Excerpts from Paul Stewart's message of Thu Mar 25 13:09:51 -0700 2010:
> Thanks very much for the reply...
>
> The AMS-IX guide I've been through but their Juniper section isn't nearly as
> detailed as the Cisco side... good guide for sure. ;)
>
> The MAC shown in my example below is actually the correct MAC for the layer3
> facing interface ... so you're suggesting to create a filter to only allow
> that MAC to be 'sent out' to the peering switch? We never had to do this in
> the Cisco world using the configurations I sent in my original post hence
> some of my confusion...
Ok, I checked this out on a spare EX-3200.
Maybe some configuration like:
firewall {
family ethernet-switching {
filter XXX-IX_Peering_Filter {
term expected_mac_address {
from {
source-mac-address {
00:0b:45:b6:f5:00;
}
}
then accept;
}
term block {
then discard;
}
}
}
}
interfaces {
ge-x/x/x {
unit 0 {
family ethernet-switching {
filter {
output XXX-IX_Peering_Filter
}
}
}
}
}
Would accomplish what you want.
Cheers,
jof
More information about the juniper-nsp
mailing list