Related Documentation
- LN, SRX Series
- VPLS Filters and Policers Overview
- VPLS Configuration Overview
- Example: Configuring VPLS Policers
- Additional Information
- MPLS Feature Guide for Security Devices
Example: Configuring VPLS Filters
This example shows how to configure VPLS filters.
Requirements
Before you begin:
- Configure the interfaces that will carry the VPLS traffic between the PE router and the CE devices. See Example: Configuring Routing Interfaces on the VPLS PE Router and Example: Configuring the Interface to the VPLS CE Device.
- Create a VPLS routing instance on each PE router that is participating in the VPLS. See Example: Configuring the VPLS Routing Instance.
- Configure an IGP on the PE routers to exchange routing information. See Example: Configuring OSPF on the VPLS PE Router.
- Configure RSVP-TE on the PE routers. See Example: Configuring RSVP on the VPLS PE Router.
Overview
This example describes how to configure filtering and accounting for VPLS.
 | Caution: MPLS is disabled by default on SRX Series devices. You must explicitly configure your device to allow MPLS traffic. However, when MPLS is enabled, all flow-based security features are deactivated and the device performs packet-based processing. Flow-based services such as security policies, zones, NAT, ALGs, chassis clustering, screens, firewall authentication, and IPsec VPNs are unavailable on the device. |
Configuration
CLI Quick Configuration
To quickly configure VPLS filters, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Step-by-Step Procedure
To configure filters for VPLS:
- Configure a filter with a GE interface as the match condition
and count as the action.[edit ]user@host# set firewall family vpls filter blue term term1 from interface ge-3/0/0.512
- Configure a filter with an FE interface as the match condition
and count as the action.[edit ]user@host# set firewall family vpls filter blue term term1 from interface fe-5/0/0.512
- Configure the count.[edit ]user@host# set firewall family vpls filter blue term term1 then count count1
- Configure the accounting profile to refer it to the counter.[edit ]user@host# set firewall family vpls filter blue accounting-profile fw_profile
- Configure the account file size.[edit ]user@host# set accounting-options file fw_acc size 500k
- Configure the account transfer interval.[edit ]user@host# set accounting-options file fw_acc transfer-interval 5
- Configure the filter for the accounting profile.[edit ]user@host# set accounting-options filter-profile fw_profile file fw_acc
- Configure the filter for the interval.[edit ]user@host# set accounting-options filter-profile fw_profile interval 1
- Configure the counter.[edit ]user@host# set accounting-options filter-profile fw_profile counters count1
- Apply the filter to the interface.[edit ]user@host# set interfaces ge-0/0/1 unit 512 family vpls filter input blue
- If you are done configuring the device, commit the configuration.[edit ]user@host# commit
Verification
To verify the configuration is working properly, enter the show firewall and show accounting records commands.
Related Documentation
- LN, SRX Series
- VPLS Filters and Policers Overview
- VPLS Configuration Overview
- Example: Configuring VPLS Policers
- Additional Information
- MPLS Feature Guide for Security Devices
Modified: 2014-04-29
Related Documentation
- LN, SRX Series
- VPLS Filters and Policers Overview
- VPLS Configuration Overview
- Example: Configuring VPLS Policers
- Additional Information
- MPLS Feature Guide for Security Devices
