[j-nsp] EX3300 family ethernet-switching IPv6 matches?
Han Hwei Woo
han at astutehosting.com
Thu Jan 9 19:47:33 EST 2014
I believe you're looking for next-header
e.g. set from next-header tcp
http://www.juniper.net/techpubs/en_US/junos12.3/topics/reference/general/firewall-filter-match-conditions-for-ipv6-traffic.html
Han Hwei Woo
han at astutehosting.com
Astute Hosting Incorporated
T: 1.888.685.1661 (604.637.7939)
M: 604.417.2092
F: 604.738.0518
www.astutehosting.com
100% Uptime Dedicated Hosting in Vancouver, Seattle,
Los Angeles, Toronto, New York, Miami, and London
On 1/8/2014 10:07 AM, Phil Mayers wrote:
> All,
>
> The release notes for the EX3300 are a little vague on this, but
> strongly imply that as of Junos 12.3, IPv6 firewall filters are
> supported. However:
>
> [edit firewall family ethernet-switching filter FPP term deny-ra]
> admin at sh-299y# set from ip-version ?
> Possible completions:
> + apply-groups Groups from which to inherit configuration data
> + apply-groups-except Don't inherit configuration data from these groups
> > ipv4 Define L3/L4 match items to match IPv4 packets
>
> Note: no IPv6.
>
> I can match on the IPv6 ether-type, but not any L3/L4 items:
>
> [edit firewall family ethernet-switching filter FPP term deny-ra from]
> 'protocol'
> ipv4 match item not allowed when ether-type is ipv6
> [edit firewall family ethernet-switching filter FPP term deny-ra from]
> 'icmp-type'
> ipv4 match item not allowed when ether-type is ipv6
>
> Is this expected to work? Or is the "ipv6 support" for routed packets
> only, and not for ethernet-switching?
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list