SRX Services Gateway
Reply
Visitor
juniper-mike
Posts: 7
Registered: ‎08-13-2011
0

SRX240 802.1p CoS classifier help please, i just need to mark not police.

Hi

 

I need to mark some packets not police leaving the SRX on a phsyical interface ge-0/0/15 to telco kit on a 1q trunk

 

The Telco device upstream will police depending on the tagging that i mark.

 

The interface is a trunk and has VLAN id in it i capture with wireshark and a hub.

 

How do i  mark certain frames based on source IP leaving the interface towards the telco device?

 

 

Do i just need to do the following to mark the outgoing 1.q tagged taffic from the 10.10.10.0/24 network?

 

firewall {
    filter mf_class {
        term fromVOICE {
            from {
                address {
                    10.10.10.0/24;
                }
            }
            then {
                loss-priority low;
                forwarding-class expedited-forwarding;
                accept;
            }
        }
    }
}


ge-0/0/15 {
        vlan-tagging;
        unit 100 {
            vlan-id 100;
            family inet {
                filter {
                    output mf_class;
                }
                address 1.1.1.3/28;
            }
        }
    }
}

 thanks for looking



 


 

Distinguished Expert
Distinguished Expert
pk
Posts: 793
Registered: ‎10-09-2008
0

Re: SRX240 802.1p CoS classifier help please, i just need to mark not police.

Hi

 

You will also need to configure rewrite-rules. See for example this thread

 

http://forums.juniper.net/t5/SRX-Services-Gateway/How-to-set-802-1p-Cos/m-p/110554

 

please tell me if this works for you.

Best Regards,
Petr (PK)

Juniper Ambassador, Juniper Networks Certified Instructor,
JNCIE-SEC #98, JNCIE-ENT #393, JNCIE-SP #2253
[Juniper Authorized Education & Support in Russia]
Visitor
juniper-mike
Posts: 7
Registered: ‎08-13-2011
0

Re: SRX240 802.1p CoS classifier help please, i just need to mark not police.

thankyou pk , im looking forward to getting back into work tomorrow to test it out.

(i wish i'd of brought the kit home)

Visitor
juniper-mike
Posts: 7
Registered: ‎08-13-2011
0

Re: SRX240 802.1p CoS classifier help please, i just need to mark not police.

i've managed to get DSCP rewrite working, but the 802.1p doesnt work, never changes from 000

 

i need 802.1p   not DSCP though.

 

Visitor
juniper-mike
Posts: 7
Registered: ‎08-13-2011
0

Re: SRX240 802.1p CoS classifier help please, i just need to mark not police.

[ Edited ]

sorted, i had to use a hub to be able to see the priority level in the 802.1q tag :smileyhappy:   it was working all along my monitoring was flawed. i'll post up my configs for others at the weekend.

Distinguished Expert
Distinguished Expert
pk
Posts: 793
Registered: ‎10-09-2008
0

Re: SRX240 802.1p CoS classifier help please, i just need to mark not police.

Glad that it is working now. Please also post your software version.

Best Regards,
Petr (PK)

Juniper Ambassador, Juniper Networks Certified Instructor,
JNCIE-SEC #98, JNCIE-ENT #393, JNCIE-SP #2253
[Juniper Authorized Education & Support in Russia]
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.