Below are the configuration commands for implementing ACL (Firewall Filters) on JUNOS Switches. Kindly always keep one thing remember in your mind in Juniper Switches we represent ACL with the name of Firewall Filters.
Here we are going to take the example of most commonly useable scenarios. Let's you would like to restrict the Telnet, SSH, HTTP, HTTPS or SNMP access on JUNOS base switches.
We have one JUNOS switch, currently we can access this switch from our whole internet network via Telnet, SSH, HTTP/HTTPS and SNMP but now we would like to limit this access to only 1 - 2 subnets. In our case we would like to allow the Telnet, SSH, HTTP/HTTPS and SNMP from subnets 192.168.1.0/24 and 192.168.2.0/24.
There are two steps for implementing the Firewall filters;
1. You have to define the filtering terms/rule.
2. You have to apply the filtering terms/rule to a router interface/VLAN.
Step 1
[edit firewall] set filter acl_name term switch_management_allow from source-address 192.168.1.0/24set filter acl_name term switch_management_allow from source-address 192.168.2.0/24set filter acl_name term switch_management_allow from protocol tcpset filter acl_name term switch_management_allow from destination-port [telnet ssh http https]set filter acl_name term switch_management_allow from protocol udpset filter acl_name term switch_management_allow from destination-port [snmp]set filter acl_name term switch_management_allow then acceptset filter acl_name term switch_management_block from protocol tcpset filter acl_name term switch_management_block from destination-port [telnet ssh http https]set filter acl_name term switch_management_block from protocol udpset filter acl_name term switch_management_block from destination-port [snmp]set filter acl_name term switch_management_block then logset filter acl_name term switch_management_block then rejectset filter acl_name term switch_management_block then accept [edit vlans] set vlan_name vlan-id 100 filter input acl_name
