beautypg.com

Juniper Networks JUNOS OS 10.4 User Manual

Page 125

background image

To configure filtering of frames by MAC address:

1.

Configure

evil-mac-address

, the firewall filter:

[edit firewall]
family bridge {

filter evil-mac-address {

term one {

from {

source-mac-address 88:05:00:29:3c:de/48;

}
then {

count evil-mac-address; # Counts frame with the bad source MAC address
discard;

}
term two {

then accept; # Make sure to accept other traffic

}

}

}

}

2.

Apply

evil-mac-address

as an input filter to

vlan100200

on Router 1:

[edit routing-instances]
virtual-switch-R1-1 {

bridge-domains {

vlan100200 {

domain-type bridge;
forwarding-options {

filter {

input evil-mac-address;

}

}

}

}

}

Related

Documentation

Layer 2 Firewall Filters

Firewall Filters for Bridge Domains and VPLS Instances on page 101

Example: Configuring Policing and Marking of Traffic Entering a VPLS Core on page 102

Example: Configuring Filtering of Frames by IEEE 802.1p Bits on page 106

Example: Configuring Filtering of Frames by Packet Loss Priority on page 107

105

Copyright © 2013, Juniper Networks, Inc.

Chapter 9: Layer 2 Firewall Filters

See also other documents in the category Juniper Networks Hardware: