Hi,
Yes, you can classify the traffic on the edge port by source/destination IP/port, DSCP values, etc.
The problem is that there is no term 2 in the firewall-filter, so all the L2 traffic (ARP, broadcast,etc.) are dropped by default. Can you please add "term 2 then accept" in the filter?
Regards
Sheetanshu
------------------------------
Sheetanshu Shekhar
------------------------------
Original Message:
Sent: 09-21-2023 15:23
From: Uri Ivanov
Subject: CoS MF classifier on ethernet-switching
Hi,
I've created FW filter:
family ethernet-switching {
filter by_dest_ip {
term 1 {
from {
ip-protocol icmp;}
then {
forwarding-class no-loss;
loss-priority high;
}}}}
And port configured:
root# show interfaces xe-0/0/44
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vl100;
}
filter {
input by_dest_ip;}}}
root# show vlans
vl100 {
vlan-id 100;
l3-interface irb.100;
}
root# show interfaces irb
unit 100 {
family inet {
address 4.0.0.1/24;
}
}
IP 4.0.0.10 sits behind switch and ping works id from stranza is deactivated.
If I remove destination address and set from ip-protocol icmp ping doesnot work too.
Can I classify traffic on edge port somehow by port proto and destination IP?