Routing
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
soumyakulkarni
Visitor
soumyakulkarni
Posts: 5
Registered: ‎01-04-2011
0

Firewall filter Vpls match conditions

Options

‎02-01-2012 02:30 AM

Hi,

 I have a query on firewall filter family vpls match conditions.

For family vpls, there are two match conditions – ether-type  and vlan-ether-type.When I tested them on T-series ( T1600 and T4000), both match conditions are matching for the  *same* field in the  packet stream.

I wanted to understand, how they are different from each other ? Can anyone please provide me info on the same.

 

Thanks

Soumya

Message 1 of 5 (285 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
aarseniev
Posts: 1,181
Registered: ‎08-21-2009
0

Re: Firewall filter Vpls match conditions

[ Edited ]
Options

‎02-02-2012 07:27 AM - edited ‎02-02-2012 07:36 AM

Hello,

Would you please be able to clarify your statement?

Are you saying that VPLS filter match conditions "from ether-type HEX" and "from "vlan-ether-type HEX" are both matching the same frame where 2 bytes immediately after source MAC field contain value HEX?

Thanks

Alex 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Message 2 of 5 (268 Views)
 
Reply
soumyakulkarni
Visitor
soumyakulkarni
Posts: 5
Registered: ‎01-04-2011
0

Re: Firewall filter Vpls match conditions

Options

‎02-06-2012 08:54 AM

Hi,

 Yeah. I had 'ether-type' set to 'ppp' in packet stream.

 

Configuration :

[edit]
soumyadk@lernaean# show firewall
family vpls {
             filter f {
                  term t3 {
                          from {
                             ether-type [ oam ppp ];
                                  }
                          then {
                               count c_eth;
                                 next term;
                                 }

                   term t7 {
                                from {
                             vlan-ether-type ppp;
                                        }
                               then {
                                    count c_veth;
                                    next term;
                                       }
                                     }
      

Results:

[edit]
soumyadk@lernaean# run show firewall

Filter: __default_bpdu_filter__

Filter: f
Counters:
Name                      Bytes                    Packets

c_eth                   313554706140         2528666985

c_veth                  313554705768          2528666982

 

Message 3 of 5 (239 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
aarseniev
Posts: 1,181
Registered: ‎08-21-2009
0

Re: Firewall filter Vpls match conditions

Options

‎02-07-2012 04:04 AM

Hello,

Sorry, you config matches tagged frames where both ether-type and vlan-ether-type is set to PPP (0x880B), that's why both counters increment.

Please send the untagged frames with ether-type set to PPP (2 bytes after src.mac contain value 0x880B) and report back the results.

Thanks

Alex 

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Message 4 of 5 (228 Views)
 
Reply
soumyakulkarni
Visitor
soumyakulkarni
Posts: 5
Registered: ‎01-04-2011
0

Re: Firewall filter Vpls match conditions

Options

‎02-07-2012 11:51 PM

Hi Alex,

 I tried with untagged. It behaves same. 

 

Soumya

Message 5 of 5 (220 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.