[an error occurred while processing this directive][an error occurred while processing this directive]

Example: Configuring Filtering of Frames by IEEE 802.1p Bits

For the bridge and vpls protocol families only, MX Series router firewall filters can be configured to provide matching on IEEE 802.1p priority bits in packets with dual VLAN tags:

  • To configure a firewall filter term that includes matching on IEEE 802.1p learned VLAN priority (in the outer VLAN tag), use the learn-vlan-1p-priority or learn-vlan-1p-priority-except match condition.
  • To configure a firewall filter term that includes matching on IEEE 802.1p user priority (in the inner VLAN tag), use the user-vlan-1p-priority or user-vlan-1p-priority-except match condition.

For more detailed information about configuring firewall filters and configuring filter match conditions for Layer 2 bridging traffic on the MX Series routers, see the JUNOS Policy Framework Configuration Guide.

Note: Layer 2 bridging is supported only on the MX Series routers. For more information about how to configure Layer 2 bridging, see the JUNOS Policy Framework Configuration Guide, the JUNOS Routing Protocols Configuration Guide, and the JUNOS Feature Guide.

This example Layer 2 bridging firewall filter finds any incoming frames with an IEEE 802.1p learned VLAN priority level of either 1 or 2, and then classifies the packet in the best-effort default forwarding class.

Note: This example does not present exhaustive configuration listings for all routers in the figures. However, you can use this example with a broader configuration strategy to complete the MX Series router network Ethernet Operations, Administration, and Maintenance (OAM) configurations.

To configure filtering of frames by IEEE 802.1p bits:

  1. Configure the firewall filter filter-learn-vlan-configure-forwarding:

    [edit firewall]family bridge {filter filter-learn-vlan-configure-forwarding {term 0 {from {learn-vlan-1p-priority [1 2];}then forwarding-class best-effort;}}}
  2. Apply the firewall filter filter-learn-vlan-configure-forwarding as an input filter to ge-0/0/0:

    [edit interfaces]ge-0/0/0 {unit 0 {family bridge {filter {input filter-learn-vlan-configure-forwarding; }}}}

Published: 2010-04-12

[an error occurred while processing this directive]