Juniper JNCIP-ENT JN0-649 Question # 10 Topic 2 Discussion

To ensure that each host is placed on a separate VLAN when using an unmanaged switch between the hosts and the EX Series switch:

Configure an input firewall filter on interface ge-0/0/3 to match the source MAC or IP address of the hosts to assign the VLANs:

By configuring an input firewall filter, you can match the source MAC or IP address of incoming traffic and assign the appropriate VLAN based on these criteria.

This method ensures that even though the switch between hosts and EX Series is unmanaged, VLAN assignments are still properly enforced at the EX Series switch.

Configuration Example:

set firewall family ethernet-switching filter VLAN-assignment term VLAN100 from source-mac-address xx:xx:xx:xx:xx:xx

set firewall family ethernet-switching filter VLAN-assignment term VLAN100 then vlan-assignment vlan 100

set firewall family ethernet-switching filter VLAN-assignment term VLAN200 from source-mac-address yy:yy:yy:yy:yy:yy

set firewall family ethernet-switching filter VLAN-assignment term VLAN200 then vlan-assignment vlan 200

set firewall family ethernet-switching filter VLAN-assignment term VLAN300 from source-mac-address zz:zz:zz:zz:zz:zz

set firewall family ethernet-switching filter VLAN-assignment term VLAN300 then vlan-assignment vlan 300

set interfaces ge-0/0/3 unit 0 family ethernet-switching filter input VLAN-assignment

References:

The command references from "Useful Juniper Commands.txt" and network configuration guides provide details on firewall filters and VLAN assignments​​.