Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
Starting with Junos OS Release 10.1, firewall filters on logical interfaces can be configured
on the RSD. Filtering is performed on the PSD, but logical interface filters configured on
the RSD are applied automatically by the PSD.
To configure a logical interface filter on the RSD, apply the firewall filter to the logical
interface on the shared interface by including the
the
[edit interfaces interface-name unit logical-unit-number]
Filters configured on the RSD can co-exist with filters configured on the PSD. Counter
statistics related to PSD filtering are available on the RSD.
In the following example,
term 1
policing and
provides logical interface-based policing. The filter is applied to the
term 3
logical interface.
so-4/5/6.0
firewall family any {
filter filter-out {
term 1 {
from {
forwarding-class voice;
}
then {
policer tx-voice;
next term;
}
}
term 2 {
from {
forwarding-class data;
}
then {
policer tx-data;
next term;
}
}
term 3 {
then policer iflpolicer;
}
}
}
interfaces {
ut-1/2/3 {
unit 0 {
peer-interface so-4/5/6.0;
}
}
}
so-4/5/6 {
encapsulation frame-relay;
unit 0 {
peer-interface ut-1/2/3.0;
filter output filter-out;
family inet {
address 192.168.0.1/24;
}
Chapter 11: Configuring Shared Interfaces
filter output filter-name
and
of the firewall
term 2
filter-out
statement at
hierarchy level on the RSD.
provide per-class
103
Advertisement
Table of Contents
