Experts, any idea why? The firewall term VRRP matches packets because if I change the action to reject the vrrp status changes to master because vrrp from the other router are not heard anymore.
Nevertheless matched packet are neither counted nor logged :-( l...@jr4> show configuration firewall filter LUCA term VRRP { from { protocol vrrp; } then { count RT-VRRP; log; accept; } } term FXP0-ACCEPT { from { interface fxp0.0; } then { count FXP0-ACCEPT; accept; } } l...@jr4> show firewall log l...@jr4> show firewall filter LUCA Filter: LUCA Counters: Name Bytes Packets RT-VRRP 0 0 FXP0-ACCEPT 43570 802 l...@jr4> show vrrp detail Physical interface: ge-1/3/0, Unit: 1, Vlan-id: 1, Address: 10.15.4.74/26 Index: 71, SNMP ifIndex: 135, VRRP-Traps: disabled Interface state: up, Group: 126, State: backup Priority: 100, Advertisement interval: 1, Authentication type: none Delay threshold: 100, Computed send rate: 0 Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 10.15.4.126 Dead timer: 2.833s, Master priority: 100, Master router: 10.15.4.75 Virtual router uptime: 00:47:44 Tracking: disabled l...@jr4> monitor traffic interface ge-1/3/0 no-resolve matching "dst host 224.0.0.18" detail count 1 Address resolution is OFF. Listening on ge-1/3/0, capture size 1514 bytes 14:47:32.936935 In IP (tos 0xc0, ttl 255, id 0, offset 0, flags [none], proto: VRRP (112), length: 40) 10.15.4.75 > 224.0.0.18: VRRPv2-advertisement 20: vrid=126 prio=100 authtype=none intvl=1 addrs: 10.15.4.126 l...@jr4> show configuration interfaces lo0 unit 0 { family inet { filter { input LUCA; } address 127.0.0.1/32; address 1.1.1.1/32 { primary; preferred; } } family iso { address 49.6666.0000.0000.0000.0000.0001.00; } } l...@jr4> show configuration interfaces ge-1/3/0 vlan-tagging; link-mode full-duplex; gigether-options { no-flow-control; } unit 1 { vlan-id 1; family inet { no-redirects; policer { arp ARP-POLICER; } address 10.15.4.74/26 { vrrp-group 126 { virtual-address 10.15.4.126; advertise-interval 1; accept-data; } } } family iso; family mpls; } _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp