[j-nsp] inet forwarding-options filter in a VRF routing-instance
Harshit Kumar
harshit at juniper.net
Sat Dec 3 15:19:42 EST 2005
Can you try action "then syslog" in both terms and see what
Kind of traffic is hitting each of them. Or you can try
Applying a firewall filter on the interface and see if the
Interface belonging to that vrf is indeed getting the traffic.
-Harshit
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> Sorin CONSTANTINESCU
> Sent: Saturday, December 03, 2005 10:10 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] inet forwarding-options filter in a VRF
> routing-instance
>
> Hi, all.
>
> I need to filter traffic from a specific source inside a vrf
> routing-instance. I have an M7i running 7.3R1.5.
>
> The problem is that i don't get any matches on any of the counters.
>
> === cut here ===
> adonay at M7i> show firewall filter filter-vrf-customer
> Filter: filter-vrf-customer
> Counters:
> Name Bytes
> Packets
> counter-customer-deny-1.2.3.4 0
> 0
> counter-filter-vrf-customer-accept 0
> 0
>
> adonay at M7i>
> === and here ===
>
> Here's my config. Thanks,
>
> === cut here ===
> adonay at M7i# show firewall family inet filter filter-vrf-customer
> term 1 {
> from {
> source-address {
> 1.2.3.4/32;
> }
> }
> then {
> count counter-customer-deny-1.2.3.4;
> discard;
> }
> }
> term 2 {
> then {
> count counter-filter-vrf-customer-accept;
> accept;
> }
> }
>
> [edit]
> adonay at M7i#
>
>
> adonay at M7i# show routing-instances vrf-customer-internet
> forwarding-options
> family inet {
> filter {
> input filter-vrf-customer;
> }
> }
>
> [edit]
> adonay at M7i#
> === and here ===
>
> --
> Sorin CONSTANTINESCU
> JNCIS-M, CCNP
> consta at gmail.com
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list