Juniper EX9200 Features Manual page 118

Vpls feature guide ex series

Hide thumbs Also See for EX9200:

Features manual (448 pages)

Manual (118 pages)

Overview manual (72 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

page of 198

/ 198
Contents
Table of Contents
Bookmarks

Table of Contents

VPLS Feature Guide for EX9200 Switches

Table 5: Firewall Filter Match Conditions for VPLS Traffic (continued)

Match Condition

source-prefix-list name

except

tcp-flags flags

traffic-type type-name

traffic-type-except

type-name

user-vlan-1p-priority number

user-vlan-1p-priority-except

number

user-vlan-id number

100

Description

(MX Series routers and EX Series switches only) Match the source prefixes in the specified prefix

list. Specify a prefix list name defined at the

level.

NOTE:

VPLS prefix lists support only IPV4 addresses. IPV6 addresses included in a VPLS prefix

list will be discarded.

(MX Series routers and EX Series switches only) Do not match the source prefixes in the specified

prefix list. For more information, see the

Match one or more of the low-order 6 bits in the 8-bit TCP flags field in the TCP header.

To specify individual bit fields, you can specify the following text synonyms or hexadecimal values:

(0x01)

fin

(0x02)

syn

rst

(0x04)

push

(0x08)

(0x10)

ack

(0x20)

urgent

In a TCP session, the SYN flag is set only in the initial packet sent, while the ACK flag is set in all

packets sent after the initial packet.

You can string together multiple flags using the bit-field logical operators.

If you configure this match condition for IPv6 traffic, we recommend that you also configure the

match condition in the same term to specify that the TCP protocol is being used

next-header tcp

on the port.

(MX Series routers and EX Series switches only) Traffic type. Specify

, or

unknown-unicast

known-unicast

(MX Series routers and EX Series switches only) Do not match on the traffic type. Specify

broadcast

multicast

unknown-unicast

(MX Series routers, M320 router, and EX Series switches only) Match on the IEEE 802.1p user

priority bits in the customer VLAN tag (the inner tag in a dual-tag frame with 802.1Q VLAN tags).

Specify a single value or multiple values from

Compare with the

learn-vlan-1p-priority

NOTE:

This match condition supports the presence of a control word for MX Series routers and

the M320 router.

(MX Series routers, M320 rouer, and EX Series switches only) Do not match on the IEEE 802.1p

user priority bits. For details, see the

NOTE:

This match condition supports the presence of a control word for MX Series routers and

the M320 router.

(MX Series routers and EX Series switches only) Match the first VLAN identifier that is part of the

payload.

[edit policy-options prefix-list prefix-list-name]

match condition.

source-prefix-list

, or

known-unicast

through

match condition.

user-vlan-1p-priority

hierarchy

broadcast

multicast

Table of Contents

Juniper EX9200 Features Manual page 118

Related Manuals for Juniper EX9200

Related Products for Juniper EX9200

Table of Contents