Technical Documentation

Download Software

Research a Problem

Case Management

Contract & Product Management

Documentation Archive

Guidelines and Policies

Security Resources

Firewall Filters for Bridge Domains and VPLS Instances

Juniper Networks MX Series 3D Universal Edge Routers support firewall filters for the bridge and vpls protocol families. You configure these firewall filters to control traffic within bridge domains and VPLS instances. This chapter explores some of the ways that filters can be used in a Layer 2 environment to control traffic.

MX Series router firewall filters can be applied to:

Input interfaces
Output interfaces
Input to the Layer 2 forwarding table

Note: Broadcast, unicast unknown, and multicast (BUM) traffic is not affected by input and output policies. BUM traffic can only be filtered by forwarding table policies.

You use a firewall filter after taking the following two steps:

You configure any policers and the firewall filter at the [edit firewall] hierarchy level.
You apply the properly configured firewall filter to an interface.

Note: You should deploy firewall filters carefully because it is easy to cause unforeseen side effects on all traffic, especially traffic that is not the intended target of the filter. For more information about configuring firewall filters, see the Junos OS Routing Policy Configuration Guide .

Note: If chassis is running in enhanced-ip mode, a single shared filter instance will be created for a filter applied across bridge-domains. However, if the chassis is not running in enhanced-ip mode, then separate filter instances will be created for each bridge-domain that the filter is applied to. .

Choose Country

North America

Europe

Asia Pacific

Technical Documentation

Related Documentation

Firewall Filters for Bridge Domains and VPLS Instances

Related Documentation

Published: 2011-11-01