Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Junos OS Filter Conditions (SRC CLI)

    Use the following configuration statements to configure Junos OS filter conditions.

    policies group name list name rule name traffic-condition name traffic-match-condition {forwarding-class forwarding-class ; interface-group interface-group ; source-class source-class ; destination-class destination-class ; allow-ip-options allow-ip-options ; }

    To add Junos OS filter conditions to a classify-traffic condition:

    1. From configuration mode, enter the application protocol configuration. For example:
      user@host# edit policies group junos list bodVpn rule pr traffic-condition ctc traffic-match-condition
    2. (Optional) Configure the name of a forwarding class to match.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc traffic-match-condition]user@host# set forwarding-class forwarding-class
    3. (Optional) Configure the condition to match packets based on the interface group on which the packet was received.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc traffic-match-conditionuser@host# set interface-group interface-group
    4. (Optional) Configure the condition to match packets based on source class. A source class is a set of source prefixes grouped together and given a class name. You usually match source and destination classes for output firewall filters.

      You cannot match on both source class and destination class at the same time. You must choose one or the other.

      [edit policies group junos list bodVpn rule pr traffic-condition ctc traffic-match-condition]user@host# set source-class source-class
    5. (Optional) Configure the condition to match packets based on destination class. A destination class is a set of destination prefixes grouped together and given a class name. You usually match source and destination classes for output firewall filters.

      You cannot match on both source class and destination class at the same time. You must choose one or the other.

      [edit policies group junos list bodVpn rule pr traffic-condition ctc traffic-match-condition]user@host# set destination-class destination-class
    6. (Optional) Configure the condition to match packets based on IP options.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc traffic-match-condition]user@host# set allow-ip-options allow-ip-options
    7. (Optional) Verify the Junos OS filter condition configuration.
      [edit policies group junos list bodVpn rule pr traffic-condition ctc traffic-match-condition]
      user@host# show 
      forwarding-class fc_expedited;
      interface-group 42;
      source-class gold-class;
      destination-class gold-class;
      allow-ip-options strict-source-route;

    Modified: 2012-05-02