Juniper交换机Firewall限制功能

1.1  交换机Firewall限制功能 1.1.1  限制IP地 //建立过滤策略 //指定过滤条件：源IP set firewall family Ethernet-switching filter ipfilter term 1 from source-address 192.168.1.1 //指定过滤符合条件：目的IP set firewall family Ethernet-switching filter ipfilter term 1 from destination-address 192.168.1.254 //指定符合条件的流量所做的动作：accept或者discard set firewall family Ethernet-switching filter ipfilter term 1 then accept //指定其它不符合条件的动作 set firewall family Ethernet-switching filter ipfilter term 2  discard //将过滤条件应用到端口上 set interface ge-0/0/10 unit 0 family Ethernet-switching filter input ipfilter 1.1.2  限制MAC地址 //建立过滤策略 //指定过滤条件：源MAC set firewall family Ethernet-switching filter macfilter term 1 from source-mac-address aa:aa:aa:aa:aa:aa //指定过滤符合条件：目的MAC set firewall family Ethernet-switching filter macfilter term 1 from destination-mac-address bb:bb:bb:bb:bb:bb //指定符合条件的流量所做的动作：accept或者discard set firewall family Ethernet-switching filter macfilter term 1 then accept //指定其它不符合条件的动作 set firewall family Ethernet-switching filter macfilter term 2  discard //将过滤条件应用到端口上 set interface ge-0/0/10 unit 0 family Ethernet-switching filter input macfilter