Filter
Top Products
4.
Apply the firewall filter as an input filter to the customer interface at ge-2/1/0:
[edit interfaces]
ge-2/1/0 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 5 {
encapsulation vlan-vpls;
vlan-id 9;
family vpls {
filter {
input customer-1;
}
}
}
}
Related
Documentation
MX Series Ethernet Services Routers Solutions Page•
• Firewall Filters for Bridge Domains and VPLS Instances on page 95
• Example: Configuring Filtering of Frames by MAC Address on page 98
• Example: Configuring Filtering of Frames by IEEE 802.1p Bits on page 99
• Example: Configuring Filtering of Frames by Packet Loss Priority on page 101
Example: Configuring Filtering of Frames by MAC Address
This example firewall filter finds frames with a certain source MAC address
(88:05:00:29:3c:de/48), then counts and silently discards them. For more information
about configuring firewall filter match conditions, see the Junos OS Policy Framework
Configuration Guide. The filter is applied to the VLAN configured as vlan100200 as an
input filter on Router 1.
NOTE: This example does not present exhaustive configuration listings for
all routers in the figures. However, you can use this example with a broader
configuration strategy to complete the MX Series router network Ethernet
Operations, Administration, and Maintenance (OAM) configurations.
To configure filtering of frames by MAC address:
1.
Configure evil-mac-address, the firewall filter:
[edit firewall]
family bridge {
filter evil-mac-address {
term one {
from {
source-mac-address 88:05:00:29:3c:de/48;
}
then {
Copyright © 2010, Juniper Networks, Inc.98
Junos 10.4 MX Series Ethernet Services Routers Solutions Guide