Related Documentation
- MX Series
- Firewall Filters for Bridge Domains and VPLS Instances
- Example: Configuring Policing and Marking of Traffic Entering a VPLS Core
- Example: Configuring Filtering of Frames by IEEE 802.1p Bits
- Example: Configuring Filtering of Frames by Packet Loss Priority
- Additional Information
- Layer 2 Firewall Filters
Example: Configuring Filtering of Frames by MAC Address
This example firewall filter finds frames with a certain source MAC address (88:05:00:29:3c:de/48), then counts and silently discards them. For more information about configuring firewall filter match conditions, see the Routing Policy Configuration Guide. The filter is applied to the VLAN configured as vlan100200 as an input filter on Router 1.
 | Note: This example does not present exhaustive configuration listings for all routers in the figures. However, you can use this example with a broader configuration strategy to complete the MX Series router network Ethernet Operations, Administration, and Maintenance (OAM) configurations. |
To configure filtering of frames by MAC address:
Configure evil-mac-address, the firewall filter:
[edit firewall]family bridge {filter evil-mac-address {term one {from {source-mac-address 88:05:00:29:3c:de/48;}then {count evil-mac-address; # Counts frame with the bad source MAC addressdiscard;}term two {then accept; # Make sure to accept other traffic}}}}Apply evil-mac-address as an input filter to vlan100200 on Router 1:
[edit routing-instances]virtual-switch-R1-1 {bridge-domains {vlan100200 {domain-type bridge;forwarding-options {filter {input evil-mac-address;}}}}}
Related Documentation
- MX Series
- Firewall Filters for Bridge Domains and VPLS Instances
- Example: Configuring Policing and Marking of Traffic Entering a VPLS Core
- Example: Configuring Filtering of Frames by IEEE 802.1p Bits
- Example: Configuring Filtering of Frames by Packet Loss Priority
- Additional Information
- Layer 2 Firewall Filters
