Table 81: Firewall Filter Match Conditions for VPLS Traffic (continued)
Description
Match Condition
Interface on which the packet was received. You can configure a match condition that matches
packets based on the interface on which they were received.
NOTE: If you configure this match condition with an interface that does not exist, the term
does not match any packet.
interface interface-name
Match the logical interface on which the packet was received to the specified interface group or
set of interface groups. For group-number, specify a single value or a range of values from 0 through
255.
To assign a logical interface to an interface group group-number, specify the group-number at the
[interfaces interface-name unit number family family filter group] hierarchy level.
For more information, see Filtering Packets Received on a Set of Interface Groups Overview.
NOTE: This match condition is not supported on T4000 Type 5 FPCs.
interface-group
group-number
Do not match the logical interface on which the packet was received to the specified interface
group or set of interface groups. For details, see the interface-group match condition.
NOTE: This match condition is not supported on T4000 Type 5 FPCs.
interface-group-except
group-name
Match the interface on which the packet was received to the specified interface set.
To define an interface set, include the interface-set statement at the [edit firewall] hierarchy level.
For more information, see Filtering Packets Received on an Interface Set Overview.
interface-set
interface-set-name
(MX Series routers and EX Series switches only) 32-bit address that supports the standard syntax
for IPv4 addresses.
Note that when using this term, the match condition ether-type IPv4 must be defined on the
same term.
ip-address address
(MX Series routers and EX Series switches only) 32-bit address that is the final destination node
address for the packet.
Note that when using this term, the match condition ether-type IPv4 must be defined on the
same term.
ip-destination-address
address
(MX Series routers and EX Series switches only) IP precedence field. In place of the numeric field
value, you can specify one of the following text synonyms (the field values are also listed):
critical-ecp (0xa0), flash (0x60), flash-override (0x80), immediate (0x40), internet-control (0xc0),
net-control (0xe0), priority (0x20), or routine (0x00).
ip-precedence
ip-precedence-field
(MX Series routers and EX Series switches only) Do not match on the IP precedence field.ip-precedence-except
ip-precedence-field
(MX Series routers and EX Series switches only) IP protocol field.ip-protocol number
(MX Series routers and EX Series switches only) Do not match on the IP protocol field.ip-protocol-except number
Copyright © 2017, Juniper Networks, Inc.1074
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
