Can you try action "then syslog" in both terms and see what
Kind of traffic is hitting each of them. you can try
Applying a firewall filter on the interface and see if the
Interface belonging to that vrf is indeed getting the traffic.
-Har****
Message
From: juniper-nsp-bounces (AT) puck (DOT) nether.net
[mailto:juniper-nsp-bounces (AT) puck (DOT) nether.net] Behalf
Sorin CNSTANTINESCU
Sent: Saturday, December 03, 2005 10:10 AM
To: juniper-nsp (AT) puck (DOT) nether.net
Subject: [j-nsp] inet forwarding-options filter in a VRF
routing-instance
Hi, all.
I need to filter traffic from a specific source inside a vrf
routing-instance. I have an M7i running 7.3R1.5.
The problem is that i don't get any matches on any of the counters.
cut here
adonay@M7ishow firewall filter filter-vrf-customer
Filter: filter-vrf-customer
Counters:
Name Bytes
Packets
counter-customer-deny-1.2.3.4 0
0
0
0
adonay@M7i>
and here
Here's my config. Thanks,
cut here
adonay@M7i# show firewall family inet filter filter-vrf-customer
term 1 {
from {
source-address {
1.2.3.4/32;
}
}
then {
count counter-customer-deny-1.2.3.4;
discard;
}
}
term 2 {
then {
count ;
accept;
}
}
[edit]
adonay@M7i#
adonay@M7i# show routing-instances vrf-customer-internet
forwarding-options
family inet {
filter {
input filter-vrf-customer;
}
}
[edit]
adonay@M7i#
and here