Ethernet Switching
Ethernet Switching

Junos layer 2 policing

[ Edited ]
‎06-27-2019 10:01 PM

Hello,

 

I am writing for advise about doing policer on family ethernet-switching. I notice that there are command available to apply filter in/out under interface as well as under VLAN. But I'm not sure which option is recommended and efective.

seyma@EX2300# show firewall 
family ethernet-switching {
    filter VL10-CUST01 {
        term 10 {
            then policer 100M;
        }
    }
}
policer 100M {
    if-exceeding {
        bandwidth-limit 100m;
        burst-size-limit 7500000;
    }
    then discard;
}
###Option 1: Apply under interface
seyma@EX2300# show interfaces ge-0/0/0  
description CUST01;
unit 0 {
    family ethernet-switching {
        interface-mode access;
        vlan {
            members 10;
        }
        filter {
            input VL10-CUST01;
            output VL10-CUST01;
        }
        storm-control default;
    }
}
###Option 2: Apply with VLAN 
seyma@EX2300# show vlans 
VL10-CUST01 {
    vlan-id 10;
    forwarding-options {
        filter {
            input VL10-CUST01;
            output VL10-CUST01;
        }
    }
}

Thanks and regards,

Seyma
JNCIP-ENT, SEC, SP
1 REPLY 1
Ethernet Switching
Solution
Accepted by topic author Seyma
‎06-27-2019 11:21 PM

Re: Junos layer 2 policing

‎06-27-2019 10:18 PM

Hello,

This may help

https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-ex-series-understan...

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !