[j-nsp] EX Switches - Internet Exchange Points
Paul Stewart
paul at paulstewart.org
Thu Mar 25 16:45:10 EDT 2010
Thanks again - we have some Ex4200's in our lab currently so will test this
out... again, appreciate the fast response times..;)
Paul
-----Original Message-----
From: Jonathan Lassoff [mailto:jof at thejof.com]
Sent: Thursday, March 25, 2010 4:39 PM
To: Paul Stewart
Cc: jnsp
Subject: RE: [j-nsp] EX Switches - Internet Exchange Points
Excerpts from Paul Stewart's message of Thu Mar 25 13:09:51 -0700 2010:
> Thanks very much for the reply...
>
> The AMS-IX guide I've been through but their Juniper section isn't nearly
as
> detailed as the Cisco side... good guide for sure. ;)
>
> The MAC shown in my example below is actually the correct MAC for the
layer3
> facing interface ... so you're suggesting to create a filter to only allow
> that MAC to be 'sent out' to the peering switch? We never had to do this
in
> the Cisco world using the configurations I sent in my original post hence
> some of my confusion...
Ok, I checked this out on a spare EX-3200.
Maybe some configuration like:
firewall {
family ethernet-switching {
filter XXX-IX_Peering_Filter {
term expected_mac_address {
from {
source-mac-address {
00:0b:45:b6:f5:00;
}
}
then accept;
}
term block {
then discard;
}
}
}
}
interfaces {
ge-x/x/x {
unit 0 {
family ethernet-switching {
filter {
output XXX-IX_Peering_Filter
}
}
}
}
}
Would accomplish what you want.
Cheers,
jof
More information about the juniper-nsp
mailing list