Related Documentation
- J, M, MX, T Series
- Ethernet Interfaces Overview
- M, MX, PTX, SRX, T Series
- source-address-filter
- M, MX, T Series
- Configuring Gigabit Ethernet Policers
- Configuring Aggregated Ethernet LACP
- Additional Information
- Junos® OS Ethernet Interfaces
Enabling Ethernet MAC Address Filtering
By default, source address filtering is disabled. On aggregated Ethernet interfaces, Fast Ethernet, Gigabit Ethernet, Gigabit Ethernet IQ, and Gigabit Ethernet PICs with SFPs (except the 10-port Gigabit Ethernet PIC and the built-in Gigabit Ethernet port on the M7i router), you can enable source address filtering, which blocks all incoming packets to an interface.
 | Note: Source address filtering is not supported on J Series Services Routers. |
To enable the filtering, include the source-filtering statement:
To explicitly disable filtering, include the no-source-filtering statement:
You can include these statements at the following hierarchy levels:
- [edit interfaces interface-name aggregated-ether-options]
- [edit interfaces interface-name fastether-options]
- [edit interfaces interface-name gigether-options]
Note: When you integrate a standalone T640 router into a routing matrix, the PIC media access control (MAC) addresses for the integrated T640 router are derived from a pool of MAC addresses maintained by the TX Matrix router. For each MAC address you specify in the configuration of a formerly standalone T640 router, you must specify the same MAC address in the configuration of the TX Matrix router.
Similarly, when you integrate a standalone T1600 router into a routing matrix, the PIC MAC addresses for the integrated T1600 router are derived from a pool of MAC addresses maintained by the TX Matrix Plus router. For each MAC address you specify in the configuration of a formerly standalone T1600 router, you must specify the same MAC address in the configuration of the TX Matrix Plus router.
Filtering Specific MAC Addresses
When source address filtering is enabled, you can configure the interface to receive packets from specific MAC addresses. To do this, specify the MAC addresses in the source-address-filter statement:
You can include these statements at the following hierarchy levels:
- [edit interfaces interface-name aggregated-ether-options]
- [edit interfaces interface-name fastether-options]
- [edit interfaces interface-name gigether-options]
You can specify the MAC address as nn:nn:nn:nn:nn:nn or nnnn .nnnn.nnnn, where n is a hexadecimal number. You can configure up to 64 source addresses. To specify more than one address, include the source-address-filter statement multiple times.
| Note: The source-address-filter statement is not supported on Gigabit Ethernet IQ and Gigabit Ethernet PICs with SFPs (except the 10-port Gigabit Ethernet PIC and the built-in Gigabit Ethernet port on the M7i router); instead, include the accept-source-mac statement. For more information, see Configuring Gigabit Ethernet Policers. If the remote Ethernet card is changed, the interface cannot receive packets from the new card because it has a different MAC address. Source address filtering does not work when Link Aggregation Control Protocol (LACP) is enabled. This behavior is not applicable to T series routers and PTX Series Packet Transport Switches. For more information about LACP, see Configuring Aggregated Ethernet LACP. |
| Note: On untagged Gigabit Ethernet interfaces, you should not configure the source-address-filter statement at the [edit interfaces ge-fpc/pic/port gigether-options] hierarchy level and the accept-source-mac statement at the [edit interfaces ge-fpc/pic/port gigether-options unit logical-unit-number] hierarchy level simultaneously. If these statements are configured for the same interfaces at the same time, an error message is displayed. On tagged Gigabit Ethernet interfaces, you should not configure the source-address-filter statement at the [edit interfaces [edit interfaces ge-fpc/pic/port gigether-options] hierarchy level and the accept-source-mac statement at the [edit interfaces ge-fpc/pic/port gigether-options unit logical-unit-number] hierarchy level with an identical MAC address specified in both filters. If these statements are configured for the same interfaces with an identical MAC address specified, an error message is displayed. |
| Note: Source address filtering is not supported on 200G 40x10G MPC and 200G 4x100G MPC for MX Series. |
Related Documentation
- J, M, MX, T Series
- Ethernet Interfaces Overview
- M, MX, PTX, SRX, T Series
- source-address-filter
- M, MX, T Series
- Configuring Gigabit Ethernet Policers
- Configuring Aggregated Ethernet LACP
- Additional Information
- Junos® OS Ethernet Interfaces
Published: 2012-12-11
Related Documentation
- J, M, MX, T Series
- Ethernet Interfaces Overview
- M, MX, PTX, SRX, T Series
- source-address-filter
- M, MX, T Series
- Configuring Gigabit Ethernet Policers
- Configuring Aggregated Ethernet LACP
- Additional Information
- Junos® OS Ethernet Interfaces
