CHAPTER 9
Layer 2 Firewall Filters
•
Firewall Filters for Bridge Domains and VPLS Instances on page 95
•
Example: Configuring Policing and Marking of Traffic Entering a VPLS Core on page 96
•
Example: Configuring Filtering of Frames by MAC Address on page 98
•
Example: Configuring Filtering of Frames by IEEE 802.1p Bits on page 99
•
Example: Configuring Filtering of Frames by Packet Loss Priority on page 101
Firewall Filters for Bridge Domains and VPLS Instances
Juniper Networks MX Series 3D Universal Edge Routers support firewall filters for the
bridge and vpls protocol families. You configure these firewall filters to control traffic
within bridge domains and VPLS instances. This chapter explores some of the ways that
filters can be used in a Layer 2 environment to control traffic.
MX Series router firewall filters can be applied to:
•
Input interfaces
•
Output interfaces
•
Input to the Layer 2 forwarding table
NOTE: Broadcast, unicast unknown, and multicast (BUM) traffic is not
affected by input and output policies. BUM traffic can only be filtered by
forwarding table policies.
You use a firewall filter after taking the following two steps:
1. You configure any policers and the firewall filter at the [edit firewall] hierarchy level.
2. You apply the properly configured firewall filter to an interface.
NOTE: You should deploy firewall filters carefully because it is easy to cause
unforeseen side effects on all traffic, especially traffic that is not the intended
target of the filter. For more information about configuring firewall filters,
see the Junos OS Policy Framework Configuration Guide.
95Copyright © 2012, Juniper Networks, Inc.
To Next Page
Loading...
Need help?
General
