Example: Configuring Filtering of Frames by MAC Address
This example firewall filter finds frames with a certain source MAC address (88:05:00:29:3c:de/48), then counts and silently discards them. For more information about configuring firewall filter match conditions, see the Routing Policies, Firewall Filters, and Traffic Policers User Guide. The filter is applied to the VLAN configured as vlan100200 as an input filter on Router 1.
This example does not present exhaustive configuration listings for all routers in the figures. However, you can use this example with a broader configuration strategy to complete the MX Series router network Ethernet Operations, Administration, and Maintenance (OAM) configurations.
To configure filtering of frames by MAC address:
Configure evil-mac-address, the firewall filter:
[edit firewall] family bridge { filter evil-mac-address { term one { from { source-mac-address 88:05:00:29:3c:de/48; } then { count evil-mac-address; # Counts frame with the bad source MAC address discard; } term two { then accept; # Make sure to accept other traffic } } } }Apply evil-mac-address as an input filter to vlan100200 on Router 1:
[edit routing-instances] virtual-switch-R1-1 { bridge-domains { vlan100200 { domain-type bridge; forwarding-options { filter { input evil-mac-address; } } } } }