Firewall filters: Layer 2 egress filtering: EVPN-VXLAN interfaces

The filtering of Layer 2 traffic exiting access interfaces on which EVPN-VXLAN is running.

To set up this feature:

• Create a Layer 2 egress filter.
• In the filter, specify one or more of these match criteria:
• Source or destination MAC address
• Ethernet type
• VLAN ID
• Specify one or more of these actions:
• Accept
• Count
• Discard
• Apply the filter to a physical interface or an aggregated Ethernet interface.

The following sample configuration creates a Layer 2 egress firewall filter named epacl, which you apply to interface xe-0/0/10.0. The first term specifies that the interface accepts and counts packets from

source MAC address 00:00:5e:00:53:a1/48. The second term specifies that the interface discards all other packets and counts them.

set firewall family ethernet-switching filter epacl term t1 from source-mac-address 00:00:5e:00:53:a1/48

set firewall family ethernet-switching filter epacl term t1 then accept

set firewall family ethernet-switching filter epacl term t1 then count epacl-accept

set firewall family ethernet-switching filter epacl term t2 then discard

set firewall family ethernet-switching filter epacl term t2 then count epacl-discard

set interfaces xe-0/0/10 unit 0 family ethernet-switching filter output epacl