Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Multifield Classification Limitations on M Series Routers

    This topic covers the following information:

    Problem: Output-Filter Matching on Input-Filter Classification

    On M Series routers (except M120 routers), you cannot classify packets with an output filter match based on the ingress classification that is set with an input filter applied to the same IPv4 logical interface.

    For example, in the following configuration, the filter called ingress assigns all incoming IPv4 packets to the expedited-forwarding class. The filter called egress counts all packets that were assigned to the expedited-forwarding class in the ingress filter. This configuration does not work on most M Series routers. It works on all other routing platforms, including M120 routers, MX Series routers, and T Series routers.

    [edit]user@host # show firewallfamily inet {filter ingress {term 1 {then {forwarding-class expedited-forwarding;accept;}}term 2 {then accept;}}filter egress {term 1 {from {forwarding-class expedited-forwarding;}then count ef;}term 2 {then accept;}}} [edit]user@host# show interfacesge-1/2/0 {unit 0 {family inet {filter {input ingress;output egress;}}}}

    Workaround: Configure All Actions in the Ingress Filter

    As a workaround, you can configure all of the actions in the ingress filter.

    user@host # show firewallfamily inet {filter ingress {term 1 {then {forwarding-class expedited-forwarding;accept;count ef;}}term 2 {then accept;}}} [edit]user@host# show interfacesge-1/2/0 {unit 0 {family inet {filter {input ingress;}}}}
     

    Related Documentation

     

    Published: 2012-06-18

    Previous Page Next Page