Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Controlling Inbound Traffic Based on Protocols

    This example shows how to enable inbound traffic for an interface.

    Requirements

    Before you begin:

    Overview

    Any host-inbound traffic that corresponds to a protocol listed under the host-inbound traffic option is allowed. For example, if anywhere in the configuration you map a protocol to a port number other than the default, you can specify the protocol in the host-inbound traffic option, and the new port number will be used.

    A value of all indicates that traffic from all of the protocols is allowed inbound on the specified interfaces (of the zone, or a single specified interface).

    Configuration

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    set security zones security-zone ABC interfaces ge-0/0/1.0 host-inbound-traffic protocols ospfset security zones security-zone ABC interfaces ge-0/0/1.0 host-inbound-traffic protocols ospf3

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide PDF Document.

    To configure inbound traffic based on protocols:

    1. Configure a security zone.
      [edit]
      user@host# edit security zones security-zone ABC
    2. Configure the security zone to support inbound traffic based on the ospf protocol for an interface.
      [edit security zones security-zone ABC]
      user@host# set interfaces ge-0/0/1.0 host-inbound-traffic protocols ospf
    3. Configure the security zone to support inbound traffic based on the ospf3 protocol for an interface.
      [edit security zones security-zone ABC]
      user@host# set interfaces ge-0/0/1.0 host-inbound-traffic protocols ospf3

    Results

    From configuration mode, confirm your configuration by entering the show security zones security-zone ABC. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    [edit]

    user@host# show security zones security-zone ABC
    interfaces {
    ge-0/0/1.0 {
        host-inbound-traffic {
            protocols {
                ospf;
                ospf3;
            }
        }
    }
}

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    To confirm that the configuration is working properly, perform this task:

    Troubleshooting with Logs

    Purpose

    Use these logs to identify any issues.

    Action

    From operational mode, enter the show log messages command and the show log dcd command.

     

    Related Documentation

     

    Published: 2012-06-29

    Previous Page Next Page