Configuring Simple Filters
Simple filters are recommended for metropolitan Ethernet applications. They are supported on Gigabit Ethernet intelligent queuing (IQ2) and Enhanced Queuing Dense Port Concentrator (EQ DPC) interfaces only. Simple filters are not supported on Modular Port Concentrator (MPC) interfaces, including Enhanced Queuing MPC interfaces. Unlike standard filters, simple filters are for IPv4 traffic only and have the following restrictions:
- The next-term action is not supported.
- Qualifiers, such as except and protocol-except match conditions, are not supported.
- Noncontiguous masks are not supported.
- Only one source-address and one destination-address prefix are allowed for each filter term. If you configure, multiple prefixes, only the last one is used.
- Ranges are only valid as source or destination ports. For example, you can configure source-port 400-500 or destination-port 600-700.
- Output filters are not supported. You can apply a simple filter to ingress traffic only.
- Simple filters are not supported for interfaces in an aggregated-Ethernet bundle.
- Explicitly configurable terminating actions, such as accept, reject, or discard, are not supported. Simple filters always accept packets.
- Simple filters support only the following action modifiers: forwarding-class, loss-priority, and policer.
To configure simple filters, include the simple-filter statement at the [edit firewall family inet] hierarchy level:
For more information about Ethernet IQ2 PICs and EQ DPCs and related features, see the Junos Services Interfaces Configuration Guide and the Junos Class of Service Configuration Guide. For additional information about configuring the MX Series routers, on which EQ DPCs are supported, see the Junos Layer 2 Configuration Guide.
Example: Configuring a Simple Filter
Configure a simple filter to support Ethernet IQ2 PICs:
