Date created: Wednesday, January 24, 2018 9:04:57 AM. Last modified: Tuesday, February 6, 2018 3:00:54 PM
Layer 2 Edge Port Protection
Example of EX switch end-host facing port config:
set interfaces interface-range EDGE member-range ge-0/0/0 to ge-0/0/47 set interfaces interface-range EDGE unit 0 family ethernet-switching storm-control SC-EDGE set interfaces interface-range EDGE unit 0 family ethernet-switching recovery-timeout 30 # Seconds set forwarding-options storm-control-profiles SC-EDGE all bandwidth-level 100 # Kbps # set forwarding-options storm-control-profiles SC-EDGE all bandwidth-percentage 1 set protocols layer2-control bpdu-block disable-timeout 3600 set protocols rstp interface EDGE edge # Transition directly for forwarding set protocols rstp bpdu-block-on-edge set protocols rstp no-root-port
# Traditional STP
set protocols stp interface ge-0/0/0.0 disable
# LLDP is disabled by default
set protocols lldp interface ge-0/0/0.0 disable
# L3 interface
set interfaces ge-0/0/0.0 family inet no-redirects set switch-options interface EDGE interface-mac-limit 2 set switch-options interface EDGE interface-mac-limit packet-action shutdown
Example of filtering a specific traffic type, in this example it is the IPv6 Ethertype:
set interfaces interface-range EDGE unit 0 family ethernet-switching filter input DROP-IPv6 set interfaces interface-range EDGE unit 0 family ethernet-switching filter output DROP-IPv6 set firewall family ethernet-switching filter DROP-IPv6 term DROP-IPv6 from ether-type 0x86dd set firewall family ethernet-switching filter DROP-IPv6 term DROP-IPv6 then discard set firewall family ethernet-switching filter DROP-IPv6 term DROP-IPv6 then count DROP-IPv6 set firewall family ethernet-switching filter DROP-IPv6 term ACCEPT then accept
Previous page: OSPFv2 Inter-Area Filtering
Next page: Tagged and untagged sub-interfaces