Table of Contents
Advertisement
Complete Software Guide for Junos
Firewall Filter Types
3002
®
OS for EX Series Ethernet Switches, Release 10.3
The following firewall filter types are supported for EX Series switches:
Port (Layer 2) firewall filter—Port firewall filters apply to Layer 2 switch ports. You can
apply port firewall filters in both ingress and egress directions on a physical port.
VLAN firewall filter—VLAN firewall filters provide access control for packets that enter
a VLAN, are bridged within a VLAN, or leave a VLAN. You can apply VLAN firewall filters
in both ingress and egress directions on a VLAN. VLAN firewall filters are applied to all
packets that are forwarded to or forwarded from the VLAN.
Router (Layer 3) firewall filter—You can apply a router firewall filter in both ingress and
egress directions on Layer 3 (routed) interfaces and routed VLAN interfaces (RVIs).
You can apply a router firewall filter in the ingress direction on the loopback interface
(
lo0
) also.
NOTE: You can apply a firewall filter to aggregated Ethernet interfaces
and loopback interfaces also. Firewall filters configured on loopback
interfaces are applied only to packets that are sent to the Routing Engine
CPU for further processing. Firewall filters are not applied to packets
transiting the management interface (
On Juniper Networks EX3200, EX4200, and EX8200 Ethernet switches, you can apply
a router firewall filter to both IPv4 and IPv6 traffic. You can apply firewall filter match
conditions to IPv6 traffic on Layer 3 interfaces, aggregated Ethernet interfaces, and
loopback interfaces. To configure port firewall filters and VLAN firewall filters for IPv6
traffic, you must include the match condition
Layer 2 interfaces or VLANs. When you include the match condition
a term, you must ensure that other match conditions specified in the term are valid for
IPv6 traffic. If the port firewall filter or VLAN firewall filter term contains the match
condition
ether-type ipv6
is matched.
NOTE: A term without the match condition
IPv4 traffic, and a term with that match condition applies only to IPv6 traffic.
Hence, to configure port and VLAN firewall filters for both IPv4 and IPv6
traffic, you should configure two different terms, once each for IPv4 and IPv6
traffic.
To apply a firewall filter, you must:
Configure the firewall filter.
1.
Apply the firewall filter to a port, VLAN, or Layer 3 interface.
2.
me0
ether-type ipv6
, with no other IPv6 match condition specified, all IPv6 traffic
).
and apply the filter on
ether-type ipv6
applies only to
ether-type ipv6
Copyright © 2010, Juniper Networks, Inc.
in
Advertisement
Chapters
Table of Contents
Troubleshooting
