Junos
Highlighted
Junos

Counters for IPv6 Firewall Filter Does Not Showing

‎04-26-2020 09:45 PM

Hello,

 

I have IPv6 firewall filter which contains multiple terms. Each term in the firewall has its own counter but when I show firewall, only counter in the first term appear. Any idea or suggestion that might help to solve this?

> show configuration firewall family inet6 filter IPV6-TEST-IN  
term 1 {
    from {
        source-address {
            2002:1234:0:7::2/128;
        }
        destination-prefix-list {
            LOCAL-TRAFFIC;
        }
    }
    then {
        policer 50M;
        count IPV6-TEST-IN-LOCAL;
    }
}
term 2 {
    from {
        source-address {
            2002:1234:0:7::2/128;
        }
    }
    then {
        policer 15M;
        count IPV6-TEST-IN-GLOBAL;
    }
}
term DEFAULT {
    then accept;
}
> show firewall filter IPV6-TEST-IN 

Filter: IPV6-TEST-IN                                           
Counters:
Name                                                Bytes              Packets
IPV6-TEST-IN-LOCAL                                      0                    0
Policers:
Name                                                Bytes              Packets
50M-5                                                   0                    0

 

Appreciate for any input.

Regards,

Seyma
JNCIP-ENT, SEC, SP
4 REPLIES 4
Junos
Solution
Accepted by topic author Seyma
‎04-27-2020 12:05 AM

Re: Counters for IPv6 Firewall Filter Does Not Showing

‎04-26-2020 11:27 PM

Hi Seyma,

 

This can happen in a case where term 1 and term 2 are configured the same. However, I see that you have a destination-prefix-list configured with LOCAL-TRAFFIC.

 

Can you share the configuration related to the destination-prefix-list LOCAL-TRAFFIC you used in term 1. If it is configured to include the entire range of IPv6 IP's, then the terms are equivalent and this is expected.

 

Hope this helps.

 

Thanks and Regards,

Pradeep Kumar M

 

|| If this solves your problem, please mark this post as "Accepted Solution" so we can help others too ||

Highlighted
Junos

Re: Counters for IPv6 Firewall Filter Does Not Showing

‎04-26-2020 11:29 PM

Hi Seyma, 

 

Greetings, 

 

I understand that it is not displaying the other counter, could you try the below and share if works:
Try displaying the counter specifically : 

> show firewall filter IPV6-TEST-IN counter IPV6-TEST-IN-GLOBAL

 

Please mark "Accept as solution" if this answers your query. 

 

Kudos are appreciated too! 

 

Regards, 

Sharat Ainapur

Highlighted
Junos

Re: Counters for IPv6 Firewall Filter Does Not Showing

‎04-27-2020 12:04 AM

Hello Pradeep,

 

Appreciated for your reply. This provided me clue to check about that and finally found the mistake. The prefix-list LOCAL-TRAFFIC contains only IPv4 addresses which I copied from other router. I then removed it and put only IPv6 addresses solved the problem.

 

Thank you very much,

 

 

Seyma
JNCIP-ENT, SEC, SP
Highlighted
Junos

Re: Counters for IPv6 Firewall Filter Does Not Showing

‎04-27-2020 12:34 AM

Hi Seyma,

 

Glad that helped.

 

Thanks and Regards,

Pradeep Kumar M

Feedback