All,
The release notes for the EX3300 are a little vague on this, but
strongly imply that as of Junos 12.3, IPv6 firewall filters are
supported. However:
[edit firewall family ethernet-switching filter FPP term deny-ra]
admin@sh-299y# set from ip-version ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> ipv4 Define L3/L4 match items to match IPv4 packets
Note: no IPv6.
I can match on the IPv6 ether-type, but not any L3/L4 items:
[edit firewall family ethernet-switching filter FPP term deny-ra from]
'protocol'
ipv4 match item not allowed when ether-type is ipv6
[edit firewall family ethernet-switching filter FPP term deny-ra from]
'icmp-type'
ipv4 match item not allowed when ether-type is ipv6
Is this expected to work? Or is the "ipv6 support" for routed packets
only, and not for ethernet-switching?
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
