Technical Documentation

Configuring the Firewall Filter for Bridge Family Type (NSM Procedure)

On the MX-series router, you can filter Layer 2 packets in a bridging environment using this option.

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device to select it.
  3. Click the Configurationtab. In the configuration tree, expand Firewall > Family > Bridge.
  4. Add or modify settings as specified in Table 1.
  5. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 1: Bridge Filter Configuration Details

Task

Your Action

Configure firewall filters for Layer 2 packets that are part of bridging domain for MX series routers.

  1. Click Filter next to Bridge.
  2. Click Add new entry next to Filter.
  3. Expand Filter.
  4. In the name box, enter the name that identifies the filter.
  5. In the Comment box, enter the comment.
  6. Select Interface Specific to configure interface-specific names for firewall counters.

Configure accounting for firewall filter.
  1. Click Accounting Profile next to filter.
  2. In the New accounting-profile window, enter the name to be assigned to the accounting profile.

Define a firewall filter term.
  1. Click Add new entry next to Term.
  2. Expand Term.
  3. In the Name box, enter the name that identifies the term.
  4. In the Comment box, enter the comment for the term.
  5. From the Filter list, select the name that identifies the filter.
  6. Expand From.
  7. In the Comment box, enter the comment.
  8. In the Tcp Flags box, enter the Tcp flags.
  9. From the listed protocol-independent match conditions, select the filters defined for the Bridge family type.

    The protocol-independent match conditions are Destination Mac Address, Destination port, DSCP, Ether Type, Forwarding Class, ICMP Code, ICMP Type, Interface Group, Ip Address, Ip Destination Address, Ip Precedence, Ip Protocol, Ip Source Address, Learn Vlan 1p Priority, Learn Vlan Id, Loss priority, Port, Source Mac Address, Source Port, Traffic Type, User Vlan 1p Priority, User Vlan Id, and Vlan Ether Type.

  10. Expand Then.
  11. In the Comment box, enter the comment for then.
  12. In the Count box, enter the number of packets.
  13. From the Loss Priority list, set the packet loss priority (PLP) to low, medium-low, medium-high, or high.
  14. In the Forwarding Class box, enter the packet forwarding class name.
  15. Select Port Mirror check box to port mirror the packets.
  16. Click Accept next to Then.
    • Select Accept to accept a packet.
    • Select Discard to discard a packet silently, without sending an ICMP message.
    • Select Next to evaluate the next term in the firewall filter.
  17. Click Policer next to Then.
    • Select Policer to configure a new policer for each filter and select the policer name.
    • Select three-color-policer to configure a tricolor marking policer,
      • Expand Three Color Policer.
      • Click Single Rate next to Three Color Policer.
        • Select single-rate if the named tricolor policer is a single-rate policer.
        • Select two-rate if the named tricolor policer is a two-rate policer.

Published: 2009-08-23