Series Routers - Juniper ACX1000 Configuration Manual

Table 81: Firewall Filter Match Conditions for VPLS Traffic (continued)
Match Condition
source-prefix-list name
source-prefix-list name
except
tcp-flags flags
traffic-type type-name
traffic-type-except
type-name
user-vlan-1p-priority number
user-vlan-1p-priority-except
number
user-vlan-id number
Copyright © 2017, Juniper Networks, Inc.
Description
(ACX Series routers, MX Series routers, and EX Series switches only) Match the source prefixes
in the specified prefix list. Specify a prefix list name defined at the
hierarchy level.
prefix-list-name]
NOTE: VPLS prefix lists support only IPV4 addresses. IPV6 addresses included in a VPLS prefix
list will be discarded.
(MX Series routers and EX Series switches only) Do not match the source prefixes in the specified
prefix list. For more information, see the
Match one or more of the low-order 6 bits in the 8-bit TCP flags field in the TCP header.
To specify individual bit fields, you can specify the following text synonyms or hexadecimal values:
fin (0x01)
syn (0x02)
(0x04)
rst
(0x08)
push
(0x10)
ack
(0x20)
urgent
In a TCP session, the SYN flag is set only in the initial packet sent, while the ACK flag is set in all
packets sent after the initial packet.
You can string together multiple flags using the bit-field logical operators.
If you configure this match condition for IPv6 traffic, we recommend that you also configure the
match condition in the same term to specify that the TCP protocol is being used
next-header tcp
on the port.
(MX Series routers and EX Series switches only) Traffic type. Specify
, or
unknown-unicast known-unicast
(MX Series routers and EX Series switches only) Do not match on the traffic type. Specify
, ,
broadcast multicast unknown-unicast
(MX Series routers, M320 router, and EX Series switches only) Match on the IEEE 802.1p user
priority bits in the customer VLAN tag (the inner tag in a dual-tag frame with 802.1Q VLAN tags).
Specify a single value or multiple values from
Compare with the learn-vlan-1p-priority
NOTE: This match condition supports the presence of a control word for MX Series routers and
the M320 router.
(MX Series routers, M320 rouer, and EX Series switches only) Do not match on the IEEE 802.1p
user priority bits. For details, see the
NOTE: This match condition supports the presence of a control word for MX Series routers and
the M320 router.
(MX Series routers and EX Series switches only) Match the first VLAN identifier that is part of the
payload.
Chapter 32: Configuring Firewall Filters
match condition.
source-prefix-list
.
, or .
known-unicast
through .
0 7
match condition.
user-vlan-1p-priority match condition.
[edit policy-options prefix-list
, ,
broadcast multicast
1079