[j-nsp] EX3300 family ethernet-switching IPv6 matches?
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jan 8 13:07:39 EST 2014
All,
The release notes for the EX3300 are a little vague on this, but
strongly imply that as of Junos 12.3, IPv6 firewall filters are
supported. However:
[edit firewall family ethernet-switching filter FPP term deny-ra]
admin at sh-299y# set from ip-version ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> ipv4 Define L3/L4 match items to match IPv4 packets
Note: no IPv6.
I can match on the IPv6 ether-type, but not any L3/L4 items:
[edit firewall family ethernet-switching filter FPP term deny-ra from]
'protocol'
ipv4 match item not allowed when ether-type is ipv6
[edit firewall family ethernet-switching filter FPP term deny-ra from]
'icmp-type'
ipv4 match item not allowed when ether-type is ipv6
Is this expected to work? Or is the "ipv6 support" for routed packets
only, and not for ethernet-switching?
More information about the juniper-nsp
mailing list