Table 5: Firewall Filter Match Conditions For Vpls Traffic - Juniper EX9200 Features Manual
Vpls feature guide
ex series
Hide thumbs
Also See for EX9200:
- Features manual (448 pages) ,
- Manual (118 pages) ,
- Overview manual (72 pages)
Table of Contents
Advertisement
Table 5: Firewall Filter Match Conditions for VPLS Traffic
Match Condition
destination-mac-address
address
destination-port number
destination-port-except
number
destination-prefix-list name
destination-prefix-list name
except
Copyright © 2016, Juniper Networks, Inc.
is immediately considered not to match the
filter is evaluated, if there is one. If there are no more terms, the packet is discarded.
You can configure a firewall filter with match conditions for Virtual Private LAN Service
(VPLS) traffic (
family vpls
configure at the
[edit firewall family vpls filter filter-name term term-name from]
level.
NOTE:
Not all match conditions for VPLS traffic are supported on all routing
platforms or switching platforms. A number of match conditions for VPLS
traffic are supported only on MX Series 3D Universal Edge Routers.
In the VPLS documentation, the word router in terms such as PE router is used
to refer to any device that provides routing functions.
Description
Match the destination media access control (MAC) address of a VPLS packet.
(MX Series routers and EX Series switches only) Match the UDP or TCP destination port field.
You cannot specify both the
In place of the numeric value, you can specify one of the following text synonyms (the port
numbers are also listed):
afs
(2401),
(67),
cvspserver
dhcp
(21),
(20),
ftp
ftp-data
http
(543),
(761),
klogin
kpasswd
(513),
(434),
login
mobileip-agent
(137),
netbios-ns
netbios-ssn
(1723),
(515),
pptp
printer
radacct
snmp
(161),
snmptrap
(162),
tacacs
(49),
tacacs-ds
(65),
(MX Series routers and EX Series switches only) Do not match on the TCP or UDP destination
port field. You cannot specify both the
term.
(MX Series routers and EX Series switches only) Match destination prefixes in the specified list.
Specify the name of a prefix list defined at the
hierarchy level.
NOTE:
VPLS prefix lists support only IPv4 addresses. IPv6 addresses included in a VPLS prefix
list will be discarded.
(MX Series routers and EX Series switches only) Do not match destination prefixes in the specified
list. For more information, see the
Chapter 11: Configuring Class of Service and Firewall Filters in VPLS
statement, and the next term in the
from
).
Table 5 on page 91
describes the
port
and
destination-port
match conditions in the same term.
(1483),
bgp
(179),
biff
(512),
(53),
(2105),
domain
eklogin
(80),
(443),
(113),
https
ident
(754),
(760),
krb-prop
krbupdate
(435),
mobilip-mn
msdp
(139),
(2049),
(119),
nfsd
nntp
(1813),
(1812),
radius
rip
snpp
(444),
socks
(1080),
ssh
talk
(517),
telnet
(23),
tftp
(69),
port
and
destination-port
[edit policy-options prefix-list prefix-list-name
match condition.
destination-prefix-list
match-conditions
bootpc
(68),
bootps
(67),
cmd
(2106),
(512),
ekshell
exec
finger
(143),
(88),
imap
kerberos-sec
(544),
(389),
kshell
ldap
ldp
(639),
(138),
netbios-dgm
(518),
(123),
ntalk
ntp
pop3
(520),
(2108),
(25),
rkinit
smtp
(22),
sunrpc
(111),
syslog
(514),
timed
(525),
who
(513), or
xdmcp
match conditions in the same
you can
hierarchy
(514),
(79),
(646),
(110),
(177).
]
91
Advertisement
Table of Contents
