For the bridge and vpls protocol families only, MX-series firewall filters can be configured to provide matching on IEEE 802.1p priority bits in packets with dual VLAN tags:
For more detailed information about configuring firewall filters and configuring filter match conditions for Layer 2 bridging traffic on the MX-series routers, see the JUNOS Policy Framework Configuration Guide.
 |
Note: Layer 2 bridging is supported only on the MX-series routers. For more information about how to configure Layer 2 bridging, see the JUNOS Network Interfaces Configuration Guide, the JUNOS Routing Protocols Configuration Guide, and the JUNOS Feature Guide. |
This example Layer 2 bridging firewall filter finds any incoming frames with an IEEE 802.1p learned VLAN priority level of either 1 or 2, and then classifies the packet in the best-effort default forwarding class.
Firewall Filter
Configure the firewall filter filter-learn-vlan-configure-forwarding:
- [edit firewall]
- family bridge {
-
- filter filter-learn-vlan-configure-forwarding {
-
- term 0 {
-
- from {
-
- learn-vlan-1p-priority [1 2];
- }
- then forwarding-class best-effort;
- }
- }
- }
Apply Filter to Customer interface
Apply the firewall filter filter-learn-vlan-configure-forwarding as an input filter to ge-0/0/0:
- [edit]
- interfaces {
-
- ge-0/0/0 {
-
- unit 0 {
-
- family bridge {
-
- filter {
-
- input filter-learn-vlan-configure-forwarding;
- }
- }
- }
- }
- }
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |