Table of Contents
Advertisement
JUNOS 10.1 Network Interfaces Configuration Guide
If you apply the filter to the interface
transmitted by the Routing Engine. You cannot apply MPLS filters to the management
interface (
For more information about firewall filters, see the JUNOS Policy Framework
Configuration Guide. For more information about MPLS filters, see the JUNOS MPLS
Applications Configuration Guide.
See also the following sections:
Defining Interface Groups in Firewall Filters
When applying a firewall filter, you can define an interface to be part of an interface
group. Packets received on that interface are tagged as being part of the group. You
can then match these packets using the
in the JUNOS Policy Framework Configuration Guide.
To define the interface to be part of an interface group, include the
You can include this statement at the following hierarchy levels:
Filter-Based Forwarding on the Output Interface
If port-mirrored packets are to be distributed to multiple monitoring or collection
interfaces, based on patterns in packet headers, it is helpful to configure a filter-based
forwarding (FBF) filter on the port-mirroring egress interface.
When an FBF filter is installed as an output filter, a packet that is forwarded to the
filter has already undergone at least one route lookup. After the packet is classified
at the egress interface by the FBF filter, it is redirected to another routing table for
additional route lookup. To avoid packet looping inside the Packet Forwarding Engine,
the route lookup in the latter routing table (designated by an FBF routing instance)
must result in a different next hop from any next hop specified in a table that has
already been applied to the packet.
If an input interface is configured for FBF, the source lookup is disabled for those
packets headings to a different routing instance, since the routing table is not set up
to handle the source lookup.
For more information about FBF configuration, see the JUNOS Routing Protocols
Configuration Guide. For more information about port mirroring, see the JUNOS
Services Interfaces Configuration Guide.
212
Applying a Filter to an Interface
fxp0
or
em0
) or the loopback interface (
Defining Interface Groups in Firewall Filters on page 212
Filter-Based Forwarding on the Output Interface on page 212
Example: Applying a Filter to an Interface on page 213
group filter-group-number;
[edit interfaces interface-name unit logical-unit-number family family filter]
[edit logical-systems logical-system-name interfaces interface-name unit
logical-unit-number family family filter]
, it is applied to packets received or
lo0
lo0
).
interface-group
match statement, as described
statement:
group
Advertisement
Table of Contents
