Hello, list (again), I've been trying to use VLAN BUM traffic filter on QFX5100. The configuration on the test VLAN was quite trivial: Model: qfx5100-48s-6q Junos: 17.2R2.8 # show vlans Testvlan vlan-id 4030; forwarding-options { filter { input Testvlan-ingress; } flood { input Testvlan-flood; } } I connected two linux hosts to the test VLAN: # show interfaces ge-0/0/42 unit 0 { family ethernet-switching { vlan { members Testvlan; } } } # show interfaces ge-0/0/43 unit 0 { family ethernet-switching { vlan { members Testvlan; } } } The firewall filter wwas quite simple: # show firewall family ethernet-switching filter Testvlan-ingress term accept { then accept; } The flood input filter I was trying to use. According to the documentation, only Broadcast, Unknown unicast and Multicast (BUM) traffic goes here. The regular unicast traffic should be left intact by it. # show firewall family ethernet-switching filter Testvlan-flood term allow_arp { from { ether-type arp; } then accept; } term allow_ipv6_ns { from { destination-mac-address { 33:33:ff:00:00:00/24; } ether-type 0x86dd; } then accept; } term discard_all { then discard; } I started hosts to ping (and snif) each other.. And I saw only ARP requests/responses. "show ethernet-switching table" displayed that both hosts MAC were successfully learned, thus traffic between them should be considered as regular unicast. However, the last term in Testvlan-flood filter was blocking it. If I replace it with "accept" - traffic begins to flow. Are any Juniper QFX gurus here? I would really appreciate some advice.