Routing Policy and Firewall Filters
-
Support for EVPN-VXLAN filtering and port mirroring based on VNI match conditions (PTX10001-36MR, PTX10004, PTX10008, and PTX10016)—Starting in Junos OS Evolved Release 23.4R1, you can construct a firewall filter to filter EVPN-VXLAN traffic by using the VXLAN network identifier (VNI) values in the match condition on ingress interfaces. This feature supports redirecting traffic to a global port-mirroring instance.
To filter traffic based on the VNI, use the following commands:
-
set firewall filter filter-name term term-name from vxlan vni vni-value
-
set firewall filter filter-name term term-name from vxlan vni-except vni-value
vni-value can be a numeric value or range of numeric values.
[See Firewall Filter Match Conditions and Actions (PTX Series Routers).]
-