On 13/02/2015 00:08, Olivier Benghozi wrote:
By the way in current JunOS 12.3 it looks there's at least one fix; in: http://www.juniper.net/documentation/en_US/junos12.3/topics/concept/firewall-filter-ex-series-overview.html <http://www.juniper.net/documentation/en_US/junos12.3/topics/concept/firewall-filter-ex-series-overview.html>they write that "You can apply port, VLAN, or router firewall filters to both IPv4 and IPv6 traffic on these switches:" [...] • EX3300 switch • EX6200 switch [...]
That's an extremely misleading bit of text that I had a very grumpy conversation with Juniper about.
You can indeed apply the firewall filters to IPv6 traffic. But you can't specify any IPv6 protocols fields as matches.
So w00t a default deny or ethertype deny will apply to IPv6 as opposed to skipping it entirely.
EX3300 apparently has no IPv6 field matching capability in hardware. Which is almost unbelievable for a current-gen switch, but that's what Juniper told us, repeatedly.
Cheers, Phil _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
