New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Juniper JN0-351 Exam - Topic 9 Question 48 Discussion

Actual exam question for Juniper's JN0-351 exam
Question #: 48
Topic #: 9
[All JN0-351 Questions]

You are asked to create a new firewall filter to evaluate Layer 3 traffic that is being sent between VLANs. In this scenario, which two statements are correct? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, D

A firewall filter is a configuration that defines the rules that determine whether to forward or discard packets at specific processing points in the packet flow. A firewall filter can also modify the attributes of the packets, such as priority, marking, or logging.A firewall filter can be applied to various interfaces, protocols, or routing instances on a Juniper device1.

A firewall filter has a family attribute, which specifies the type of traffic that the filter can evaluate.The family attribute can be one of the following: inet, inet6, mpls, vpls, iso, or ethernet-switching2. The family inet firewall filter is used to evaluate IPv4 traffic, which is the most common type of Layer 3 traffic on a network.

To create a family inet firewall filter, you need to specify the appropriate match criteria and actions for each term in the filter. The match criteria can include various fields in the IPv4 header, such as source address, destination address, protocol, port number, or DSCP value.The actions can include accept, discard, reject, count, log, policer, or next term3.

To apply a firewall filter to Layer 3 traffic that is being sent between VLANs, you need to apply the filter to the appropriate IRB interface. An IRB interface is an integrated routing and bridging interface that provides Layer 3 functionality for a VLAN on a Juniper device. An IRB interface has an IP address that acts as the default gateway for the hosts in the VLAN.An IRB interface can also participate in routing protocols and forward packets to other VLANs or networks4.

Therefore, option C is correct, because you should create a family inet firewall filter with the appropriate match criteria and actions. Option D is correct, because you should apply the firewall filter to the appropriate IRB interface.

Option A is incorrect, because you should not create a family ethernet-switching firewall filter with the appropriate match criteria and actions. A family ethernet-switching firewall filter is used to evaluate Layer 2 traffic on a Juniper device.A family ethernet-switching firewall filter can only match on MAC addresses or VLAN IDs, not on IP addresses or protocols5.

Option B is incorrect, because you should not apply the firewall filter to the appropriate VLAN. A VLAN is a logical grouping of hosts that share the same broadcast domain on a Layer 2 network. A VLAN does not have an IP address or routing capability.A firewall filter cannot be applied directly to a VLAN; it must be applied to an interface that belongs to or connects to the VLAN6.


1:Firewall Filters Overview2:Configuring Firewall Filters3:Configuring Firewall Filter Match Conditions and Actions4:Understanding Integrated Routing and Bridging Interfaces5: Configuring Ethernet-Switching Firewall Filters6: Understanding VLANs

by Ressie at Nov 20, 2025, 12:35 AM

Limited Time Offer

25%

Off

Get Premium JN0-351 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tandra
8 days ago
Wait, applying to IRB? That seems off...
upvoted 0 times
...
Roosevelt
13 days ago
Definitely B) for sure!
upvoted 0 times
...
Sherell
18 days ago
I think C) is the right choice too.
upvoted 0 times
...
Dick
23 days ago
Haha, Ethernet-switching filter? What is this, the 90s? Layer 3 is where it's at, folks.
upvoted 0 times
...
Jestine
28 days ago
C and D, easy peasy. Now, where's the coffee to keep me awake during this exam?
upvoted 0 times
...
Viola
1 month ago
A and B? Nah, that's for amateurs. Real network pros go for the Layer 3 action.
upvoted 0 times
...
Vannessa
1 month ago
Hmm, I'm torn between C and D. Guess I'll have to flip a coin on this one.
upvoted 0 times
...
Eleonore
1 month ago
I recall something about applying filters to IRB interfaces for inter-VLAN traffic, so D sounds like a good option too.
upvoted 0 times
...
Santos
2 months ago
I’m a bit confused about whether to use family inet or Ethernet-switching for this. I think C could be the right choice, but I’m not sure.
upvoted 0 times
...
Dierdre
2 months ago
I feel like applying the filter to the VLAN is definitely important, so B seems right to me.
upvoted 0 times
...
Malinda
2 months ago
I remember we discussed that Ethernet-switching filters are mainly for Layer 2, so I think A might not be correct.
upvoted 0 times
...
Delsie
2 months ago
Got it! The correct answers are C and D. We create an inet firewall filter with the appropriate match criteria and actions, and then apply it to the IRB interface to evaluate the Layer 3 traffic between VLANs.
upvoted 0 times
...
Peggie
2 months ago
C and D are the correct answers. Gotta love those Layer 3 filters!
upvoted 0 times
...
Glenn
2 months ago
I think the key here is that we're dealing with traffic between VLANs, so we need to create an inet firewall filter and apply it to the IRB interface. The Ethernet-switching filter is for Layer 2 traffic within a VLAN.
upvoted 0 times
...
Alease
3 months ago
Okay, let me think this through. We need to filter Layer 3 traffic, so the inet firewall filter makes sense. But I'm not sure if we should apply it to the IRB interface or the VLAN. I'll have to double-check the details.
upvoted 0 times
...
Terina
3 months ago
I’m with A and B. Filters must match VLAN traffic directly.
upvoted 0 times
...
Carey
3 months ago
A) and B) are spot on!
upvoted 0 times
...
Novella
3 months ago
Hmm, I'm a bit confused. Shouldn't we be creating an Ethernet-switching firewall filter and applying it to the VLAN instead? I'm not sure about the inet filter and IRB interface part.
upvoted 0 times
...
Dierdre
4 months ago
I'm pretty sure the answer is C and D. We need to create an inet firewall filter and apply it to the IRB interface to evaluate Layer 3 traffic between VLANs.
upvoted 0 times
...

Save Cancel