Ethernet Switching
Reply
Trusted Contributor
jozef.klacko
Posts: 142
Registered: ‎07-19-2010
0

policing l2 port

Hi,

 

ex4200 10.0S10.1

How can _police_ input traffic on whole port to be only 4m (on ex4200)? I also want to have firewall as you can see an example. I am thinking about this configuration but I am not sure what the the firewall will in first term do without action modifier "next term" which is not supported on ex4200.

For example traffic that is matched with term allow-udp. What is the default aciton without action modifier stated? deny?

Will it firstly match with term allow-udp and then with term policer? Will the maximum input bandwidth be 4m?

 

Is just easier to do this on input filter of vlan interface with IP address stated in matched terms?

 

# show interfaces ge-0/0/4  
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members 1234;
        }
        filter {
            input from-abc;
        }
    }
}

# show firewall
policer f-policer-4m {
    filter-specific;
    if-exceeding {
        bandwidth-limit 4m;
        burst-size-limit 650k;
    }
    then discard;
}

# show firewall
    filter from-abc {
        term allow-udp {
            from {
                protocol udp;
                source-port 234;
            }
            then {
                count abc1;
                policer f-policer-4m;
            }
        }
        term allow-tcp {
            from {
                protocol tcp;
                source-port 345;
            }
            then count abc1;
        }
        term allow-arp {
            from {
                ether-type arp;
            }
            then policer policer-1m;
        }
        term policer {
            then policer f-policer-4m;
        }
        term deny-other {
            then discard;
        }
    }

 

Jozef Klacko

 

Trusted Contributor
jozef.klacko
Posts: 142
Registered: ‎07-19-2010
0

Re: policing l2 port

... Please. Anyone.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.