Creating Layer 2 Security Zones

A Layer 2 security zone is a zone that hosts Layer 2 interfaces.

Before You Begin

For background information, read Understanding Layer 2 Security Zones.

This example configures the security zone l2–zone1 to include the previously configured Layer 2 logical interface ge-3/0/0.0 and security zone l2-zone2 to include the Layer 2 logical interface ge-3/0/1.0. In addition, l2-zone2 is configured to allow all supported application services (such as SSH, Telnet, SNMP, and other services) as host-inbound traffic.

You can use either J-Web or the CLI configuration editor to configure Layer 2 security zones.

This topic covers:

J-Web Configuration

To create a Layer 2 security zone:

  1. Select Configure>CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to Zones, click Configure.
  4. Next to Security zone, click Add new entry.
  5. In the Name box, type l2–zone1, and then click OK to return to the Security Zones page.

To create a Layer 2 security zone and allow host-bound traffic:

  1. Next to Security zone, click Add new entry.
  2. In the Name box, type l2–zone2.
  3. Next to Host inbound traffic, click Configure.
  4. To allow the security zone to use all supported application services, next to System services, click Add new entry.
  5. From the Service name list, select All, and then click OK.
  6. Click OK to return to the Security Zones page.

To configure an interface and assign it to the created security zone:

  1. On the Security Zones page, next to the newly created security zone l2–zone1, click Edit.
  2. Next to Interfaces, click Add new entry.
  3. In the Interface unit box, type ge-3/0/0.0, and then click OK to return to the Security Zones page.
  4. Next to the newly created security zone l2–zone2, click Edit.
  5. Next to Interfaces, click Add new entry.
  6. In the Interface unit box, type ge-3/0/1.0, and then click OK to return to the Security Zones page.
  7. Click OK to return to the Zones page.
  8. Click OK to return to the Security page.

CLI Configuration

To create a Layer 2 security zone and assign interfaces to the zone:

user@host# set security zones security-zone l2–zone1 interfaces ge-3/0/0.0 user@host# set security zones security-zone l2–zone2 interfaces ge-3/0/1.0

To configure a Layer 2 security zone to allow host-inbound traffic:

user@host# set security zones security-zone l2–zone2 host-inbound-traffic system-services all

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.