Changing the Default Forwarding Behavior

By default, Layer 2 forwarding on the device allows or denies traffic specified by the configured policy and allows ARP and Layer 2 non-IP multicast and broadcast traffic. You can configure the device to block all Layer 2 non-IP and non-ARP traffic.

Before You Begin

For background information, read Understanding Security Policies in Transparent Mode.

You can use either J-Web or the CLI configuration editor to change the default forwarding behavior on the device.

This topic covers:

J-Web Configuration

To block all Layer 2 non-IP and non-ARP traffic:

  1. Select Configure>CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to Flow, click Configure or Edit.
  4. Next to Bridge, click Configure.
  5. Select Block non ip all.
  6. Click OK to return to the Flow page.
  7. Click OK to return to the Security page.

To allow all Layer 2 non-IP traffic to pass through the device:

  1. Select Configure>CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to Flow, click Configure or Edit.
  4. Next to Bridge, click Configure.
  5. Select Bypass non ip unicast.
  6. Click OK to return to the Flow page.
  7. Click OK to return to the Security page.

CLI Configuration

To block all Layer 2 non-IP and non-ARP traffic:

user@host# set security flow bridge block-non-ip-all

To allow all Layer 2 non-IP traffic to pass through the device:

user@host# set security flow bridge bypass-non-ip-unicast

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.