 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Input Filter for VPLS Traffic
For M-series and T-series routing platforms only, apply an input filter to VPLS traffic. Output filters do not work for broadcast and multicast traffic, including VPLS traffic.
- [edit interfaces]
- fe-2/2/3 {
- vlan-tagging;
- encapsulation vlan-vpls;
-
- unit 601 {
- encapsulation vlan-vpls;
- vlan-id 601;
-
- family vpls {
-
- filter {
- input filter1; # Works for multicast destination
MAC address
- output filter1; # Does not work for multicast
destination MAC address
- }
- }
- }
- }
- [edit firewall]
- family vpls {
-
- filter filter1 {
-
- term 1 {
-
- from {
-
- destination-mac-address {
- 01:00:0c:cc:cc:cd/48;
- }
- }
-
- then {
- discard;
- }
- }
-
- term 2 {
-
- then {
- accept;
- }
- }
- }
- }
Filter-Based Forwarding at the Output Interface
The following example illustrates the configuration of filter-based forwarding at the output interface. In this example, the packet flow follows this path:
- [edit interfaces]
- so-0/0/3 {
-
- unit 0 {
-
- family inet {
-
- filter {
- output fbf;
- }
- address 10.50.10.2/25;
- }
- }
- }
- fe-1/2/0 {
-
- unit 0 {
-
- family inet {
- address 10.50.50.2/25;
- }
- }
- }
- so-2/0/0 {
-
- unit 0 {
-
- family inet {
- address 10.50.20.2/25;
- }
- }
- }
- [edit firewall]
- filter fbf {
-
- term 0 {
-
- from {
-
- source-address {
- 10.50.200.0/25;
- }
- }
- then routing-instance fbf;
- }
-
- term d {
- then count d;
- }
- }
- [edit routing-instances]
- fbf {
- instance-type forwarding;
-
- routing-options {
-
- static {
- route 10.50.100.0/25 next-hop so-2/0/0.0;
- }
- }
- }
- [edit routing-options]
- interface-routes {
- rib-group inet fbf-group;
- }
- static {
- route 10.50.100.0/25 next-hop 10.50.10.1;
- }
- rib-groups {
-
- fbf-group {
- import-rib [inet.0 fbf.inet.0];
- }
- }
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |