Thanks again - we have some Ex4200's in our lab currently so will test this out... again, appreciate the fast response times..;)
Paul -----Original Message----- From: Jonathan Lassoff [mailto:j...@thejof.com] Sent: Thursday, March 25, 2010 4:39 PM To: Paul Stewart Cc: jnsp Subject: RE: [j-nsp] EX Switches - Internet Exchange Points Excerpts from Paul Stewart's message of Thu Mar 25 13:09:51 -0700 2010: > Thanks very much for the reply... > > The AMS-IX guide I've been through but their Juniper section isn't nearly as > detailed as the Cisco side... good guide for sure. ;) > > The MAC shown in my example below is actually the correct MAC for the layer3 > facing interface ... so you're suggesting to create a filter to only allow > that MAC to be 'sent out' to the peering switch? We never had to do this in > the Cisco world using the configurations I sent in my original post hence > some of my confusion... Ok, I checked this out on a spare EX-3200. Maybe some configuration like: firewall { family ethernet-switching { filter XXX-IX_Peering_Filter { term expected_mac_address { from { source-mac-address { 00:0b:45:b6:f5:00; } } then accept; } term block { then discard; } } } } interfaces { ge-x/x/x { unit 0 { family ethernet-switching { filter { output XXX-IX_Peering_Filter } } } } } Would accomplish what you want. Cheers, jof _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp