This article provides information on how to match the IPv4 packet header address or port fields in MPLS flows.
To match an MPLS-tagged IPv4 packet on the source or destination address field in the IPv4 header, specify the match condition at the [edit firewall family mpls filter filter-name term term-name from ip-version ipv4] hierarchy level. But this will work only for T-series routers. This option is not supported on M/MX-series routers.
To match MPLS-tagged IPv4 packets on M/MX-series routers, perform the following procedure:
1. Create a firewall filter for the IPv4 family under the group.
2. Create a firewall filter for the MPLS family and call the defined group under this firewall filter. For example, matching ICMP packets that are passing through LSP.
There is a LSP between R1and R3:
R1-ge-1/3/9----ge-1/3/11-R2-ge-1/3/10----ge-3/1/6-R3 R2# show groups test { firewall { family inet { filter IPv4_filter { term 1 { from { protocol icmp; } then { discard; } } } } } } [edit] R2# show firewall family mpls { filter MPLS_filter { term 1 { from { apply-groups test; } then discard; } term 2 { then accept; } } } [edit] R2# show interfaces ge-1/3/11 unit 0 { family inet { address 10.1.1.2/24; } family mpls { filter { input MPLS_filter; } } } [edit]