What are two valid actions that can be applied to a frame by a Layer 2 firewall filter? (Choose two)
Click on the arrows to vote for the correct answer
A. B. C. D.BD
You can specify the following filter actions (Note that log and sample are only available for layer 3 packets not layer 2 frames):
* accept
* count counter-name
* discard
* dscp code-point (family inet only)
* forwarding-class class-name
* ipsec-sa ipsec-sa (family inet only)
* load-balance group-name (family inet only)
* log (family inet and inet6 only)
* logical-system logical-system-name (family inet and inet6 only)
* loss-priority (high | medium-high | medium-low | low)
* next term
* next-hop-group group-name (family inet only)
* policer policer-name
* port-mirror (family bridge, ccc, inet, inet6, and vpls only)
* prefix-action action-name (family inet only)
* reject <message-type> (family inet and inet6 only)
* routing-instance routing-instance-name (family inet and inet6 only)
* sample (family inet, inet6, and mpls only)
* service-accounting (service filters and family inet or inet6 only)
* service-filter-hit (service filters and family inet or inet6 only)
* syslog (family inet and inet6 only)
* three-color-policer policer-name
* topology topology-name (family inet and inet6 only)
* traffic-class code-point (family inet6) only
A Layer 2 firewall filter operates at the data link layer of the OSI model and can filter traffic based on MAC addresses, VLAN tags, and other data link layer fields. It can be used to apply various actions to a frame, depending on the filter rules.
The two valid actions that can be applied to a frame by a Layer 2 firewall filter are:
Log: This action allows the filter to log information about the traffic that matches the filter rule. The filter can log information such as the source and destination MAC addresses, VLAN tags, and other data link layer fields. The logs can be used for troubleshooting or auditing purposes.
Count: This action allows the filter to count the number of times that traffic matches the filter rule. The filter can keep track of the number of packets or bytes that match the rule. This information can be useful for network administrators to monitor network traffic and identify potential security threats.
The other two options, loss-priority and sample, are not valid actions for a Layer 2 firewall filter.
Loss-priority: This option is used in Quality of Service (QoS) configurations to specify the level of priority for traffic when there is network congestion. It is not applicable to Layer 2 firewall filters.
Sample: This option is used to take a sample of network traffic and forward it to a designated destination for analysis. It is typically used in network monitoring and analysis tools, but it is not applicable to Layer 2 firewall filters.