Filter
Top Products
count evil-mac-address; # Counts frame with the bad source MAC address
discard;
}
term two {
then accept; # Make sure to accept other traffic
}
}
}
}
2.
Apply evil-mac-address as an input filter to vlan100200 on Router 1:
[edit routing-instances]
virtual-switch-R1-1 {
bridge-domains {
vlan100200 {
domain-type bridge;
forwarding-options {
filter {
input evil-mac-address;
}
}
}
}
}
Related
Documentation
MX Series Ethernet Services Routers Solutions Page•
• Firewall Filters for Bridge Domains and VPLS Instances on page 95
• Example: Configuring Policing and Marking of Traffic Entering a VPLS Core on page 96
• Example: Configuring Filtering of Frames by IEEE 802.1p Bits on page 99
• Example: Configuring Filtering of Frames by Packet Loss Priority on page 101
Example: Configuring Filtering of Frames by IEEE 802.1p Bits
For the bridge and vpls protocol families only, MX Series router firewall filters can be
configured to provide matching on IEEE 802.1p priority bits in packets with dual VLAN
tags:
•
To configure a firewall filter term that includes matching on IEEE 802.1p learned VLAN
priority (in the outer VLAN tag), use the learn-vlan-1p-priority or
learn-vlan-1p-priority-except match condition.
•
To configure a firewall filter term that includes matching on IEEE 802.1p user priority
(in the inner VLAN tag), use the user-vlan-1p-priority or user-vlan-1p-priority-except
match condition.
For more detailed information about configuring firewall filters and configuring filter
match conditions for Layer 2 bridging traffic on the MX Series routers, see the Junos OS
Policy Framework Configuration Guide.
99Copyright © 2010, Juniper Networks, Inc.
Chapter 9: Layer 2 Firewall Filters