Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring Layer 2 Security Zones


This example shows how to configure Layer 2 security zones.


Before you begin, determine the properties you want to configure for the Layer 2 security zone. See Understanding Layer 2 Security Zones.


In this example, you configure security zone l2-zone1 to include a Layer 2 logical interface called ge-3/0/0.0 and security zone l2-zone2 to include a Layer 2 logical interface called ge-3/0/1.0. Then you configure l2-zone2 to allow all supported application services (such as SSH, Telnet, and SNMP) as host-inbound traffic.


CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure Layer 2 security zones:

  1. Create a Layer 2 security zone and assign interfaces to it.
  2. Configure one of the Layer 2 security zones.
  3. If you are done configuring the device, commit the configuration.


To verify the configuration is working properly, enter the show security zones command.