Example: Configuring Layer 2 Security Zones
This example shows how to configure Layer 2 security zones.
Before you begin, determine the properties you want to configure for the Layer 2 security zone. See Understanding Layer 2 Security Zones.
In this example, you configure security zone l2-zone1 to include a Layer 2 logical interface called ge-3/0/0.0 and security zone l2-zone2 to include a Layer 2 logical interface called ge-3/0/1.0. Then you configure l2-zone2 to allow all supported application services (such as SSH, Telnet, and SNMP) as host-inbound traffic.
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the  hierarchy level, and then enter commit from configuration mode.
set security-zone l2-zone1 interfaces ge-3/0/0.0
set security-zone l2-zone2 interfaces ge-3/0/1.0
set security-zone l2–zone2 host-inbound-traffic system-services all
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure Layer 2 security zones:
- Create a Layer 2 security zone and assign interfaces to
it.[edit security zones]user@host# set security-zone l2-zone1 interfaces ge-3/0/0.0user@host# set security-zone l2-zone2 interfaces ge-3/0/1.0
- Configure one of the Layer 2 security zones.[edit security zones]user@host# set security-zone l2–zone2 host-inbound-traffic system-services all
- If you are done configuring the device, commit the configuration.user@host# commit
To verify the configuration is working properly, enter the show security zones command.