1, create VLAN in fact, as long as 2 steps, only need 2 commands:
① If you need to put the gateway in EX2200, you need to create a virtual three-layer interface SVI, so we can first create an SVI as the VLAN gateway that is about to be created.
② the virtual interface SVI to the VLAN while creating the VLAN.
Interfaces in network devices generally have the concept of sub-interfaces, and the unit is the sub-interface of the VLAN
Create a virtual interface unit2 with the address 192.168.2.1/24
root# set Interfaces VLAN Unit 2 family inet address 192.168.2.1/24
Create VLAN matching SVI
root# set VLANs vlan_name vlan-id 2 l3-interfacevlan.2
Remember to add the allowed VLAN to the trunk port
root# Set Interfaces ge-0/0/0 Unit 0 Family ethernet-switching VLAN Members 2
2. Creating a filtered ACL is also 2 steps:
① Create filter rule, can take port port, today parameter can be pressed at command line? View
② to place the created ACL on the VLAN input or output
Creating ACLs
Matching traffic
Set Firewall family ethernet-switching filter acl_name term rule_name1 from Destination-address X. x.x.x/x
Defining behavior
Set Firewall family ethernet-switching filter acl_name term rule_name1 then discard
It is important to release other traffic, because the resulting ACL will automatically have a rule of any discard.
Set Firewall family ethernet-switching filter acl_name term rule_name1 then accept
Put it on the VLAN that has the corresponding
Set VLANs vlan_name Filter input acl_name
----------------------------------------------------------------------------------
Set Interfaces VLAN Unit 2 family inet address 192.168.2.1/24
Set interfaces ge-0/0/0 Unit 0 family ethernet-switching VLAN members 2
Set Firewall family ethernet-switching filter Acl_name term rule_name1 from destination-address x.x.x.x/x
Set Firewall family ethernet-switching filter Acl_name term rule_name1 then discard
Set Firewall family ethernet-switching filter Acl_name term rule_name1 then accept
Set VLANs vlan_name Filter Input Acl_name
This article from "The Horizon has a Bear" blog, declined reprint!
Juniper EX2200 several commonly used VLAN configurations (create, ACL filter, VLAN-to-Inter traffic isolation)