Table 81: Firewall Filter Match Conditions for VPLS Traffic (continued)
Description
Match Condition
(MX Series only) Differentiated Services code point (DSCP). The DiffServ protocol uses the
type-of-service (ToS) byte in the IP header. The most significant 6 bits of this byte form the
DSCP. For more information, see “Understanding How Behavior Aggregate Classifiers Prioritize
Trusted Traffic” on page 950.
You can specify a numeric value from 0 through 63. To specify the value in hexadecimal form,
include 0x as a prefix. To specify the value in binary form, include b as a prefix.
In place of the numeric value, you can specify one of the following text synonyms (the field values
are also listed):
•
RFC 3246, An Expedited Forwarding PHB (Per-Hop Behavior), defines one code point: ef (46).
•
RFC 2597, Assured Forwarding PHB Group, defines 4 classes, with 3 drop precedences in each
class, for a total of 12 code points:
af11 (10), af12 (12), af13 (14),
af21 (18), af22 (20), af23 (22),
af31 (26), af32 (28), af33 (30),
af41 (34), af42 (36), af43 (38)
ipv6-traffic-class number
Do not match the DSCP number.ipv6-traffic-class-except
number
(MX Series routers, M320 router, and EX Series switches only) Match on the IEEE 802.1p learned
VLAN priority bits in the provider VLAN tag (the only tag in a single-tag frame with 802.1Q VLAN
tags or the outer tag in a dual-tag frame with 802.1Q VLAN tags). Specify a single value or multiple
values from 0 through 7.
Compare with the user-vlan-1p-priority match condition.
NOTE: This match condition supports the presence of a control word for MX Series routers and
the M320 router.
learn-vlan-1p-priority number
(MX Series routers, M320 router, and EX Series switches only) Do not match on the IEEE 802.1p
learned VLAN priority bits. For details, see the learn-vlan-1p-priority match condition.
NOTE: This match condition supports the presence of a control word for MX Series routers and
the M320 router.
learn-vlan-1p-priority-except
number
(MX Series routers and EX Series switches only) Match the user VLAN ID drop eligability indicator
(DEI) bit.
learn-vlan-dei
(MX Series routers and EX Series switches only) Do not match the user VLAN ID DEI bit.learn-vlan-dei-except
(MX Series routers and EX Series switches only) VLAN identifier used for MAC learning.learn-vlan-id number
(MX Series routers and EX Series switches only) Do not match on the VLAN identifier used for
MAC learning.
learn-vlan-id-except number
1077Copyright © 2017, Juniper Networks, Inc.
Chapter 32: Configuring Firewall Filters
To Next Page
Loading...
Need help?
General
