Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Assigning Multifield Classifiers in Firewall Filters to Specify Packet-Forwarding Behavior (CLI Procedure)

You can configure firewall filters with multifield classifiers to classify packets transiting a port, VLAN, or Layer 3 interface on an EX Series switch.

You specify multifield classifiers in a firewall filter configuration to set the forwarding class and packet loss priority (PLP) for incoming or outgoing packets. By default, the data traffic that is not classified is assigned to the best-effort class associated with queue 0.

You can specify any of the following default forwarding classes:

Forwarding class

Queue

best-effort

0

assured-forwarding

1

expedited-forwarding

5

network-control

7

To assign multifield classifiers in firewall filters:

  1. Configure the family name and filter name for the filter at the [edit firewall] hierarchy level, for example:
  2. Configure the terms of the filter, including the forwarding-class and loss-priority action modifiers as appropriate. When you specify a forwarding class you must also specify the packet loss priority. For example, each of the following terms examines different packet header fields and assigns an appropriate classifier and the packet loss priority:
    • The term voice-traffic matches packets on the voice-vlan and assigns the forwarding class expedited-forwarding and packet loss priority low:

    • The term data-traffic matches packets on employee-vlan and assigns the forwarding class assured-forwarding and packet loss priority low:

    • Because loss of network-generated packets can jeopardize proper network operation, delay is preferable to discard of packets. The following term, network-traffic, assigns the forwarding class network-control and packet loss priority low:

    • The last term accept-traffic matches any packets that did not match on any of the preceding terms and assigns the forwarding class best-effort and packet loss priority low:

  3. Apply the filter ingress-filter to a port, VLAN or Layer 3 interface. For information about applying the filter, see Configuring Firewall Filters (CLI Procedure).