Related Documentation
- MX Series
- Firewall Filters for Bridge Domains and VPLS Instances
- Example: Configuring Policing and Marking of Traffic Entering a VPLS Core
- Example: Configuring Filtering of Frames by IEEE 802.1p Bits
- Example: Configuring Filtering of Frames by Packet Loss Priority
- Additional Information
- Layer 2 Firewall Filters
Example: Configuring Filtering of Frames by MAC Address
This example firewall filter finds frames with
a certain source MAC address (88:05:00:29:3c:de/48), then
counts and silently discards them. For more information about configuring
firewall filter match conditions, see the Junos OS Policy Framework Configuration Guide 
. The
filter is applied to the VLAN configured as vlan100200 as
an input filter on Router 1.
 | Note: This example does not present exhaustive configuration listings for all routers in the figures. However, you can use this example with a broader configuration strategy to complete the MX Series router network Ethernet Operations, Administration, and Maintenance (OAM) configurations. |
To configure filtering of frames by MAC address:
Configure evil-mac-address, the firewall filter:
[edit firewall]family bridge {filter evil-mac-address {term one {from {source-mac-address 88:05:00:29:3c:de/48;}then {count evil-mac-address; # Counts frame with the bad source MAC addressdiscard;}term two {then accept; # Make sure to accept other traffic}}}}Apply evil-mac-address as an input filter to vlan100200 on Router 1:
[edit routing-instances]virtual-switch-R1-1 {bridge-domains {vlan100200 {domain-type bridge;forwarding-options {filter {input evil-mac-address;}}}}}
Related Documentation
- MX Series
- Firewall Filters for Bridge Domains and VPLS Instances
- Example: Configuring Policing and Marking of Traffic Entering a VPLS Core
- Example: Configuring Filtering of Frames by IEEE 802.1p Bits
- Example: Configuring Filtering of Frames by Packet Loss Priority
- Additional Information
- Layer 2 Firewall Filters
