Table 81: Firewall Filter Match Conditions for VPLS Traffic (continued)
Description
Match Condition
(MX Series routers and EX Series switches only) Do not match on the first VLAN identifier that
is part of the payload.
user-vlan-id-except number
VLAN Ethernet type field of a VPLS packet.vlan-ether-type value
Do not match on the VLAN Ethernet type field of a VPLS packet.vlan-ether-type-except value
Release History Table DescriptionRelease
Starting in Junos OS 14.2, flexible offset filters are supported in firewall
hierarchy configurations.
14.2
Starting in Junos OS 14.2, firewall family bridge IPv6 match criteria is
supported on MX Series and EX9200 switches.
14.2
Related
Documentation
Guidelines for Configuring Firewall Filters on page 1044•
• Firewall Filter Terminating Actions
• Firewall Filter Nonterminating Actions
Firewall Filter Support on Loopback Interface
A loopback interface is a gateway for all the control traffic that enters the Routing Engine
of the router. If you want to monitor this control traffic, you must configure a firewall filter
on the loopback interface (lo0). Loopback firewall filters are applied only to packets that
are sent to the Routing Engine CPU for further processing. Therefore, you can apply a
firewall filter in the ingress and egress directions on the loopback interface. Loopack
interfaces on ACX Routers support both inet and inet6 family filters.
NOTE: On ACX, the filter for loopback interface can be applied only for
interface-specific instances of the firewall filter.
For standard firewall filter match conditions, see “Standard Firewall Filter Match
Conditions for IPv4 Traffic on ACX Series Routers” on page 1054.
The firewall filter on loopback interfaces handles only the following exception packets
in ingress direction:
•
TTL exception packets
•
Multicast packets having 224.0.0.x as the destination IP address
Copyright © 2017, Juniper Networks, Inc.1080
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
