Filtering Packets Received on a Set of Interface Groups Overview

 

You can configure a firewall filter term that matches packets tagged for a specified interface group or set of interface groups. An interface group consists of one or more logical interfaces with the same group number. Packets received on an interface in an interface group are tagged as being part of that group.

Note

EX9200 switches do not support interface groups. Use the interface-set configuration command as a workaround.

For standard stateless firewall filters, you can filter packets received on an interface group for IPv4, IPv6, virtual private LAN service ( VPLS), Layer 2 circuit cross-connection (CCC), and Layer 2 bridging traffic. For service filters, you can filter packets received on an interface group for either IPv4 or IPv6 traffic.

Note

You can also configure a firewall filter term that matches on packets tagged for a specified interface set. For more information, see Filtering Packets Received on an Interface Set Overview.