Hello,
we want to block some MAC address on a specific Layer2 interface ;
here is the configuration of the Firewall filter :
set firewall family ethernet-switching filter BLOCK_MAC1 term MAC1_SRC from source-mac-address 00:50:56:8f:1d:d2
set firewall family ethernet-switching filter BLOCK_MAC1 term MAC1_SRC then discard
set firewall family ethernet-switching filter BLOCK_MAC1 term MAC1_SRC then count MAC1_SRC
set firewall family ethernet-switching filter BLOCK_MAC1 term MAC1_DST from destination-mac-address 00:50:56:8f:1d:d2
set firewall family ethernet-switching filter BLOCK_MAC1 term MAC1_DST then discard
set firewall family ethernet-switching filter BLOCK_MAC1 term MAC1_DST then count MAC1_DST
set firewall family ethernet-switching filter BLOCK_MAC1 term ALL_OTHERS then accept
this filter is then applied on a specific interface as input and output filter as follows :
set interfaces xe-0/0/1 unit 0 family ethernet-switching filter input BLOCK_MAC1
set interfaces xe-0/0/1 unit 0 family ethernet-switching filter output BLOCK_MAC1
Well, I can see the coounters that increase via show firewall filter counter,
but no flows from or to the specified MAC address, such as simple pings, is blocked by this filter
Any ideas ?
thanks