Series Routers - Juniper ACX1000 Configuration Manual

Table 81: Firewall Filter Match Conditions for VPLS Traffic
Match Condition
destination-mac-address
address
destination-port number
destination-port-except
number
destination-prefix-list name
Copyright © 2017, Juniper Networks, Inc.
addresses. When a condition defines a list of values, a match occurs if one of the values
in the list matches the packet.
Individual conditions in a
from
you are defining an explicit mismatch. For example, the negated match condition for
forwarding-class is forwarding-class-except
is immediately considered not to match the
filter is evaluated, if there is one. If there are no more terms, the packet is discarded.
You can configure a firewall filter with match conditions for Virtual Private LAN Service
(VPLS) traffic ( family vpls ).
configure at the
[edit firewall family vpls filter filter-name term term-name from]
level.
NOTE: Not all match conditions for VPLS traffic are supported on all routing
platforms or switching platforms. A number of match conditions for VPLS
traffic are supported only on MX Series 3D Universal Edge Routers.
In the VPLS documentation, the word router in terms such as PE router is used
to refer to any device that provides routing functions.
Description
Match the destination media access control (MAC) address of a VPLS packet.
(MX Series routers and EX Series switches only) Match the UDP or TCP destination port field.
You cannot specify both the
In place of the numeric value, you can specify one of the following text synonyms (the port
numbers are also listed):
afs
(2401), (67),
cvspserver dhcp
(21), (20),
ftp ftp-data http
(543), (761),
klogin kpasswd
(513), (434),
login mobileip-agent
netbios-ns (137), netbios-ssn
pptp (1723), printer (515), radacct
snmp (161), snmptrap (162),
(49), (65),
tacacs tacacs-ds
(MX Series routers and EX Series switches only) Do not match on the TCP or UDP destination
port field. You cannot specify both the
term.
(ACX Series routers, MX Series routers, and EX Series switches only) Match destination prefixes
in the specified list. Specify the name of a prefix list defined at the
] hierarchy level.
prefix-list-name
NOTE: VPLS prefix lists support only IPv4 addresses. IPv6 addresses included in a VPLS prefix
list will be discarded.
statement can be negated. When you negate a condition,
. If a packet matches a negated condition, it
statement, and the next term in the
from
Table 81 on page 1071 describes the
port and destination-port match conditions in the same term.
(1483), (179), (512),
bgp biff
(53), (2105),
domain eklogin
(80), (443), (113),
https ident
(754), (760),
krb-prop krbupdate
(435),
mobilip-mn msdp
(139), nfsd (2049), nntp (119),
(1813), radius (1812), rip
snpp (444), socks (1080), ssh
(517), (23), (69),
talk telnet tftp
and
port destination-port
Chapter 32: Configuring Firewall Filters
match-conditions
(68), (67),
bootpc bootps cmd
(2106), (512),
ekshell exec finger
(143), (88),
imap kerberos-sec
(544), (389),
kshell ldap ldp
(639), (138),
netbios-dgm
ntalk (518), ntp (123), pop3
(520), rkinit (2108), smtp (25),
(22), sunrpc (111), syslog (514),
(525), (513), or
timed who xdmcp
match conditions in the same
[edit policy-options prefix-list
you can
hierarchy
(514),
(79),
(646),
(110),
(177).
1071