Platform Support for Firewall Filter Match Conditions, Actions, and Action Modifiers on EX Series Switches

 

After you define a firewall filter on an EX Series switch, you must associate the filter to a bind point so that the filter can filter the packets that enter or exit the bind point. Port firewall filters, VLAN firewall filters, and Layer 3 (or router) firewall filters are the different types of firewall filters you can apply on a switch, depending on the bind points the filters are associated with. While a port firewall filter applies to Layer 2 interfaces, a VLAN firewall filter applies to packets that enter or leave a VLAN and also to packets that are bridged within a VLAN. A Layer 3 firewall filter applies to Layer 3 (routed) interfaces and routed VLAN interfaces (RVIs).

Note

If you want to control the traffic that enters the Routing Engine of the switch, you must configure a firewall filter on the loopback interface (lo0) of the switch. For information about match conditions, actions, and action modifiers supported on the loopback interface of a switch, see Support for Match Conditions and Actions for Loopback Firewall Filters on Switches.

This topic describes the supported switches and bind points for match conditions, actions, and action modifiers for firewall filters supported on EX Series switches. For descriptions of the match conditions, actions, and action modifiers, see Firewall Filter Match Conditions, Actions, and Action Modifiers for EX Series Switches. For information about the EX4600 switch, see Firewall Filter Match Conditions and Actions.

Firewall Filter Types and Their Bind Points

You can apply a firewall filter at specific bind points to filter IPv4, IPv6, or non-IP traffic. See the remaining sections in this topic for information about support on individual switches for different traffic types.

Table 1 lists the firewall filter types and their associated bind points that are supported on the switches.

Table 1: Bind Points Associated with Firewall Filter Types

Bind Points

Firewall Filter Type

Ports (Layer 2 interfaces)

Port firewall filter

VLANs

VLAN firewall filter

Layer 3 interfaces (Layer 3 (routed) interfaces or routed VLAN interfaces (RVIs)

Router firewall filter

Support for IPv4 and IPv6 Firewall Filters on Switches

On EX2200, EX2300/EX3400, EX3200/EX4200, EX3300, EX4500, and EX6200 switches port and VLAN filters on IPv6 traffic can match only layer 2 header fields. On an EX8200 switch, port and VLAN traffic can match on layer 3 and layer 4 header fields, in addition to layer 2 header fields, of IPv6 traffic. On an EX4300 switch, port and VLAN filters on IPv6 traffic can match layer 3 and layer 4 header fields.

Table 2 briefly summarizes the support for IPv4 and IPv6 firewall filters on different switches. The support for port, VLAN, and router firewall filters on different switches is further discussed in the subsequent sections in this topic.

Table 2: Support for IPv4 and IPv6 Firewall Filters on Switches

Switch

Support for IPv4 Firewall Filter

Support for IPv6 Firewall Filter

EX2200

Yes

Yes

EX2300 and EX3400

Yes

Yes

EX3200 and EX4200

Yes

Yes

EX3300

Yes

Yes

EX4300

Yes

Yes

EX4500

Yes

Yes

EX6200

Yes

Yes

EX8200

Yes

Yes

Platform Support for Match Conditions for IPv4 Traffic

You can define port, VLAN, and router firewall filters for ingress and egress IPv4 traffic on all EX Series switches. Table 3 summarizes the support for match conditions on different bind points for ingress and egress IPv4 traffic on different switches.

Table 3: Firewall Filter Match Conditions Supported for IPv4 Traffic on Switches

Match Condition

Switch

Supported Bind Points

Ingress

Egress

destination-address ip-address

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Layer 3 interfaces

Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Layer 3 interfaces

Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

ip-destination-address

EX4300

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Not supported (EX2300)

Ports and VLANs (EX3400)

destination-mac-address mac-address

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Ports and VLANs

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Ports and VLANs

Ports and VLANs

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Ports and VLANs

destination-port number

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces (EX4300)

Not supported (EX2300)

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

destination-prefix-list prefix-list

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

dot1q-tag number

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Not supported

Not supported

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Not supported

user-vlan-id number

EX4300

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Ports and VLANs

dot1q-user-priority number

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Not supported

Not supported

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Ports and VLANs

user-vlan-1p-priority number

EX4300

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Ports and VLANs

dscp number

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

ether-type value

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Ports and VLANs

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Ports and VLANs

Ports and VLANs

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Not supported

fragment-flags fragment-flags

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Not supported

EX6200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

icmp-code number

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 Interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

icmp-type number

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 Interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

interface interface-name

Note: This match condition is not supported by firewall filters configured on ingress L3 interfaces and ingress VLAN interfaces when the interface to be matched is aggregate Ethernet (ae) interface.

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces.

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

ip-options

EX2200

Layer 3 interfaces

Not supported

EX2300 and EX3400

Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports and VLANs

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports and VLANs

EX4300

Layer 3 interfaces

Layer 3 interfaces

EX4500

Layer 3 interfaces

Not supported

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Layer 3 interfaces

Not supported

ip-version versionmatch_condition(s)

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Not supported (EX2300)

Ports and VLANs (EX3400)

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Ports and VLANs

Ports and VLANs

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Ports and VLANs

is-fragment

Note: Due to a limitation on the EX2300, EX3400, and EX4300 switches, this match condition does not match the last fragment of a fragmented packet when applied to a port or a VLAN.

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

precedence precedence

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Layer 3 interfaces

Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Layer 3 interfaces

Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

ip-precedence precedence

EX4300

Ports and VLANs

Not supported

EX2300 and EX3400

Ports and VLANs

Not supported

protocol list of protocols

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Layer 3 interfaces

Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Layer 3 interfaces

Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

ip-protocol list of protocols

EX4300

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Ports and VLANs

source-address

ip-address

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Layer 3 interfaces

Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Layer 3 interfaces

Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

ip-source-address ip-address

EX4300

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Not supported (EX2300)

Ports and VLANs (EX3400)

source-mac-address mac-address

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Ports and VLANs

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Ports and VLANs

Ports and VLANs

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Ports and VLANs

source-port number

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

source-prefix-list prefix-list

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

tcp-established

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

tcp-flags (flags tcp-initial)

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

tcp-initial

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

ttl value

EX2200

Layer 3 interfaces

Not supported

EX2300 and EX3400

Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Layer 3 interfaces

Not supported

EX3300

Layer 3 interfaces

Not supported

EX4300

Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Layer 3 interfaces

Not supported

EX6200

Layer 3 interfaces

Not supported

EX8200

Layer 3 interfaces

Not supported

vlan (vlan-name | vlan-id)

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Not supported

Not supported

EX4500

Ports and VLANs

Ports

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Ports and VLANs

learn-vlan-id vlan-id

EX4300

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Not supported

Not supported

Platform Support for Match Conditions for IPv6 Traffic

Table 4 summarizes support for match conditions on different bind points for ingress and egress IPv6 traffic on different switches.

Table 4: Firewall Filter Match Conditions Supported for IPv6 Traffic on Switches

Match Condition

Switch

Supported Bind Points

Ingress

Egress

destination-address ip-address

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Layer 3 interfaces

Layer 3 interfaces

EX3200 and EX4200

Layer 3 interfaces

Layer 3 (routed) interfaces only

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Layer 3 interfaces

Layer 3 (routed) interfaces only

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces

ip6-destination-address ip-address

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Ports and VLANs

Not supported (EX2300)

Ports and VLANs (EX3400)

EX3200 and EX4200

Layer 3 interfaces

Layer 3 (routed) interfaces only

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports and VLANs

Ports and VLANs

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces

destination-mac-address mac-address

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Ports and VLANs

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Ports and VLANs

Ports and VLANs

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Ports and VLANs

destination-port number

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports and VLANs (EX3400)

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports and VLANs

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

destination-prefix-list prefix-list

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Layer 3 interfaces

Layer 3 (routed) interfaces only

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

dot1q-tag number

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Not supported

Not supported

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Not supported

user-vlan-id number

EX4300

Ports and VLANs

Ports and VLANs

dot1q-user-priority number

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Not supported

Not supported

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Ports and VLANs

user-vlan-1p-priority number

EX4300

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Not supported

ether-type (ipv6)value

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Ports and VLANs

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Ports and VLANs

Ports and VLANs

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Ports and VLANs

icmp-code number

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports and VLANs (EX3400)

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports and VLANs

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

icmp-type number

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports and VLANs (EX3400)

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

Ports and VLANs

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

interface interface-name

Note: This match condition is not supported by firewall filters configured on ingress L3 interfaces and ingress VLAN interfaces when the interface to be matched is aggregate Ethernet (ae) interface.

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

ip-version version match_condition(s)

EX2200

Not supported

Not supported

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Not supported

Not supported

EX3300

Not supported

Not supported

EX4300

Not supported

Not supported

EX4500

Not supported

Not supported

EX6200

Not supported

Not supported

EX8200

Ports and VLANs

Ports and VLANs

next-header bytes

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Layer 3 interfaces

Layer 3 interfaces

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Layer 3 interfaces

Layer 3 interfaces

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

packet-length bytes

EX2200

Not supported

Not supported

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Not supported

Not supported

EX3300

Not supported

Not supported

EX4300

Not supported

Not supported

EX4500

Not supported

Not supported

EX6200

Not supported

Not supported

EX8200

Layer 3 interfaces

Not supported

source-addressip-address

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Layer 3 interfaces

Not supported

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX4300

Layer 3 interfaces

Not supported

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

ip6-source-address ip-address

EX4300

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Not supported (EX2300)

Ports and VLANs (EX3400)

source-mac-address mac-address

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Ports and VLANs

Ports and VLANs

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Ports and VLANs

Ports and VLANs

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Ports and VLANs

source-port number

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, Layer 3 interfaces

Ports and VLANs (EX3400)

Not supported (EX2300)

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports, VLANs, Layer 3 interfaces

Ports and VLANs

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

source-prefix-list prefix-list

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports and VLANs (EX3400)

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports and VLANs

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

tcp-established

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports and VLANs (EX3400)

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports and VLANs

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

tcp-flags (flags tcp-initial)

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports and VLANs (EX3400)

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports and VLANs

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

tcp-initial

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports and VLANs (EX3400)

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports and VLANs

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

traffic-class number

EX2200

Layer 3 interfaces

Layer 3 interfaces

EX2300 and EX3400

Layer 3 interfaces

Layer 3 interfaces

EX3200 and EX4200

Layer 3 interfaces

Layer 3 interfaces

EX3300

Layer 3 interfaces

Layer 3 interfaces

EX4300

Layer 3 interfaces

Layer 3 interfaces

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Layer 3 interfaces

Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

vlan (vlan-id | vlan-name)

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Not supported

Not supported

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Not supported

Platform Support for Match Conditions for Non-IP Traffic

You can define port, VLAN, and router firewall filters for ingress and egress non-IP traffic on all EX Series switches. Table 5 summarizes support for match conditions on different bind points for ingress and egress non-IP traffic on different switches.

Table 5: Firewall Filter Match Condition Supported for Non-IP Traffic on Switches

Match Condition

Switch

Supported Bind Points

Ingress

Egress

l2-encap-type llc-non-snap

EX2200

Ports and VLANs

Ports and VLANs

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Ports and VLANs

Ports and VLANs

EX3300

Ports and VLANs

Ports and VLANs

EX4300

Not supported

Not supported

EX4500

Ports and VLANs

Ports and VLANs

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Ports and VLANs

Platform Support for Actions for IPv4 Traffic

Table 6 summarizes the support for actions on different bind points for ingress and egress IPv4 traffic on different switches.

Table 6: Firewall Filter Actions Supported for IPv4 Traffic on Switches

Action

Switch

Supported Bind Points

Ingress

Egress

accept

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

discard

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

reject message-type

EX2200

Layer 3 interfaces

Not supported

EX2300 and EX3400

Layer 3 interfaces

Not supported

EX3200 and EX4200

Layer 3 interfaces

Not supported

EX3300

Layer 3 interfaces

Not supported

EX4300

Layer 3 interfaces

Not supported

EX4500

Layer 3 interfaces

Not supported

EX6200

Layer 3 interfaces

Not supported

EX8200

Layer 3 interfaces

Not supported

routing-instance routing-instance-name

EX2200

Not supported

Not supported

EX2300 and EX3400

Not supported (EX2300)

Layer 3 interfaces (EX3400)

Not supported

EX3200 and EX4200

Layer 3 interfaces

Not supported

EX3300

Layer 3 interfaces

Not supported

EX4300

Layer 3 interfaces

Not supported

EX4500

Layer 3 interfaces

Not supported

EX6200

Layer 3 interfaces

Not supported

EX8200

Layer 3 interfaces

Not supported

vlan vlan-name

EX2200

Ports and VLANs

Not supported

EX2300 and EX3400

Ports and VLANs

Not supported

EX3200 and EX4200

Ports and VLANs

Not supported

EX3300

Ports and VLANs

Not supported

EX4300

Ports and VLANs

Not supported

EX4500

Ports and VLANs

Ports

EX6200

Ports and VLANs

Ports and VLANs

EX8200

Ports and VLANs

Note: Supported only when used in conjunction with the interface action modifier. On EX8200 Virtual Chassis, the vlan action is supported only for VLANs.

Not supported

Platform Support for Actions for IPv6 Traffic

Table 7 summarizes the support for actions on different bind points for ingress and egress IPv6 traffic.

Table 7: Firewall Filter Actions Supported for IPv6 Traffic on Switches

Action

Switch

Supported Bind Points

Ingress

Egress

accept

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

discard

EX2200

Ports and VLANs, and Layer 3 interfaces

Ports and VLANs, and Layer 3 interfaces

EX2300 and EX3400

Ports and VLANs, and Layer 3 interfaces

Ports and VLANs, and Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

reject message-type

EX2200

Layer 3 interfaces

Not supported

EX2300 and EX3400

Layer 3 interfaces

Not supported

EX3200 and EX4200

Layer 3 interfaces

Not supported

EX3300

Layer 3 interfaces

Not supported

EX4300

Layer 3 interfaces

Not supported

EX4500

Layer 3 interfaces

Not supported

EX6200

Layer 3 interfaces

Not supported

EX8200

Layer 3 interfaces

Not supported

routing-instance routing-instance-name

EX2200

Not supported

Not supported

EX2300 and EX3400

Not supported (EX2300)

Layer 3 interfaces (EX3400)

Not supported

EX3200 and EX4200

Layer 3 interfaces

Not supported

EX3300

Layer 3 interfaces

Not supported

EX4300

Not supported

Not supported

EX4500

Layer 3 interfaces

Not supported

EX6200

Layer 3 interfaces

Not supported

EX8200

Layer 3 interfaces

Not supported

vlan vlan-name

EX2200

Ports and VLANs

Not supported

EX2300 and EX3400

Ports and VLANs

Not supported

EX3200 and EX4200

Ports and VLANs

Not supported

EX3300

Ports and VLANs

Not supported

EX4300

Ports and VLANs

Not supported

EX4500

Ports and VLANs

Not supported

EX6200

Ports and VLANs

Not supported

EX8200

Ports and VLANs

Note: Supported only when used in conjunction with the interface action modifier. On EX8200 Virtual Chassis, the vlan action is supported only for VLANs.

Not supported

Platform Support for Action Modifiers for IPv4 Traffic

Table 8 summarizes support for action modifiers on different bind points for ingress and egress IPv4 traffic on different switches.

Table 8: Firewall Filter Action Modifiers Supported for IPv4 Traffic on Switches

Action Modifier

Switch

Supported Bind Points

Ingress

Egress

analyzer

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4300

Not supported

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

dscp

EX2200

Not supported

Not supported

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Not supported

Not supported

EX3300

Not supported

Not supported

EX4300

Not supported

Not supported

EX4500

Not supported

Not supported

EX6200

Not supported

Not supported

EX8200

Layer 3 interfaces

Not supported

count

EX2200

VLANs and Layer 3 interfaces (me0 interfaces only)

Layer 3 interfaces (me0 interfaces only)

EX2300 and EX3400

Ports, VLANs, and Layer 3 Interfaces

Ports, VLANs, and Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

VLANs and Layer 3 interfaces (me0 and vme0 interfaces only)

Layer 3 interfaces (me0 and vme0 interfaces only)

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

forwarding-class class

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

interface interface-name

EX2200

Ports and VLANs

Not supported

EX2300 and EX3400

Ports and VLANs

Ports and VLANs

EX3200 and EX4200

Ports and VLANs

Not supported

EX3300

Ports and VLANs

Not supported

EX4300

Ports and VLANs

Not supported

EX4500

Ports and VLANs

Not supported

EX6200

Ports and VLANs

Not supported

EX8200

Ports and VLANs

Note: On EX8200 Virtual Chassis, the interface action modifier is supported only for VLANs.

Not supported

log

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Not supported

EX6200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

loss-priority (high | low)

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

policer policer-name

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Not supported

EX6200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

port-mirror

EX2200

Not supported

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Not supported

Not supported

EX3300

Not supported

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Not supported

Not supported

EX6200

Not supported

Not supported

EX8200

Not supported

Not supported

port-mirror-instance instance-name

EX2200

Not supported

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Not supported

Not supported

EX3300

Not supported

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Not supported

Not supported

EX6200

Not supported

Not supported

EX8200

Not supported

Not supported

syslog

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Not supported

EX6200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

three-color-policer

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interface

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Not supported

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Not supported

Not supported

Platform Support for Action Modifiers for IPv6 Traffic

Table 9 summarizes support for action modifiers on different bind points for ingress and egress IPv6 traffic.

Table 9: Firewall Filter Action Modifiers Supported for IPv6 Traffic on Switches

Action Modifier

Switch

Supported Bind Points

Ingress

Egress

analyzer

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4300

Ports, VLANs, and layer 3 interfaces

Not supported

EX4500

Layer 3 interfaces

Not supported

EX6200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

dscp

EX2200

Not supported

Not supported

EX2300 and EX3400

Not supported

Not supported

EX3200 and EX4200

Not supported

Not supported

EX3300

Not supported

Not supported

EX4300

Not supported

Not supported

EX4500

Not supported

Not supported

EX6200

Not supported

Not supported

EX8200

Layer 3 interfaces

Not supported

count

EX2200

VLANs and Layer 3 interfaces (me0 and vme0 interfaces only)

Layer 3 interfaces (me0 and vme0 interfaces only)

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX3300

Layer 3 interfaces (me0 and vme0 interfaces only)

Layer 3 interfaces (me0 and vme0 interfaces only)

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

forwarding-class class

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX3300

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

interface interface-name

EX2200

Ports and VLANs

Not supported

EX2300 and EX3400

Ports and VLANs

Not supported

EX3200 and EX4200

Ports and VLANs

Not supported

EX3300

Ports and VLANs

Not supported

EX4300

Ports and VLANs

Not supported

EX4500

Ports and VLANs

Not supported

EX6200

Ports and VLANs

Not supported

EX8200

Ports and VLANs

Note: On EX8200 Virtual Chassis, the interface action modifier is supported only for VLANs.

Not supported

log

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Not supported

EX6200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

loss-priority (high | low)

EX2200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX3300

Ports, VLANS, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

EX8200

Ports, VLANs, and Layer 3 interfaces

Ports and Layer 3 interfaces

policer policer-name

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Ports, VLANs, and Layer 3 interfaces

EX4500

Layer 3 interfaces

Layer 3 interfaces

EX6200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

port-mirror

EX2200

Not supported

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Not supported

Not supported

EX3300

Not supported

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX6200

Not supported

Not supported

EX8200

Not supported

Not supported

port-mirror-instance instance-name

EX2200

Not supported

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported (EX2300)

Ports, VLANs, and Layer 3 interfaces (EX3400)

EX3200 and EX4200

Not supported

Not supported

EX3300

Not supported

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX6200

Not supported

Not supported

EX8200

Not supported

Not supported

syslog

EX2200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3300

Ports, VLAN, and Layer 3 interfaces

Not supported

EX4300

Ports, VLANs, and Layer 3 interfaces

Not supported

EX4500

Ports, VLANs, and Layer 3 interfaces

Not supported

EX6200

Ports, VLANs, and Layer 3 interfaces

Not supported

EX8200

Ports, VLANs, and Layer 3 interfaces

Not supported

three-color-policer

EX2200

Not supported

Not supported

EX2300 and EX3400

Ports, VLANs, and Layer 3 interfaces

Not supported

EX3200 and EX4200

Not supported

Not supported

EX3300

Not supported

Not supported

EX4300

Not Supported

Not Supported

EX4500

Not supported

Not supported

EX6200

Not supported

Not supported

EX8200

Not Supported

Not Supported