SRX

last person joined: 16 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX Layer 2 port and BA Classifier/Multifiled Classifier

    Posted 10-11-2017 06:53

    Hi everyone,

     

    Can we use BA DSCP classifier under layer 2 port on SRX 650?

    I do not see any option to Multified classifier using Filter family ethernet-switching under layer 2 port on SRX 100 but i am not sure if this is the case for SRX 650 as well?

     

    Thanks and have a nice day!!



  • 2.  RE: SRX Layer 2 port and BA Classifier/Multifiled Classifier

     
    Posted 10-11-2017 08:21

    BA/Multifiled classifiers works based on values from IP Header (DSCP and other L3/L4 information), which cannot be used on L2 cos.

    You can use "ieee-802.1" for L2 COS.

     

    Its same as BA classifier, below given is an example for L2 classifier. Remaining things like schedulers and all remains same as L3.

     

     

    set class-of-service classifiers ieee-802.1 BE forwarding-class best-effort loss-priority low code-points 001

     

     

    Below given is the default classifier.

    root>  class-of-service classifier type ieee-802.1   
    Classifier: ieee8021p-default, Code point type: ieee-802.1, Index: 11
      Code point         Forwarding class                    Loss priority
      000                best-effort                         low         
      001                best-effort                         high        
      010                expedited-forwarding                low         
      011                expedited-forwarding                high        
      100                assured-forwarding                  low         
      101                assured-forwarding                  high        
      110                network-control                     low         
      111                network-control                     high 



  • 3.  RE: SRX Layer 2 port and BA Classifier/Multifiled Classifier

    Posted 10-11-2017 08:31

    Hi Suraj,

    let me explain my set up in a bit detail ( sorry, should have done it )

     

     

    IP device-----fe0/0/0 SRX--Layer3

     

    IP device is connecetd to access port on fe0/0/0 in vlan 420

    I can not use BA Classifier (dot p) to classify traffic as there is no dot1q tag.  Traffic arriving on f0/0/0 are untagged.

    So can we classify these traffic?  we can use multifiled firewall filter family ethernet switching to look into IP/TCP/UDP header to do classification but SRX does not support firewall filter family ethernet switching .  End Ip device can not  set DSCP marking.



  • 4.  RE: SRX Layer 2 port and BA Classifier/Multifiled Classifier
    Best Answer

     
    Posted 10-11-2017 08:49

    I believe vlan 420 has an L3 interface/Ip address assigned , is that correct? If so, you can apply normal BA/MF classifier on that vlan interface.

     

    For example if the L3 interface for vlan 420 is vlan.420, you can assign classifier on this.



  • 5.  RE: SRX Layer 2 port and BA Classifier/Multifiled Classifier

    Posted 10-11-2017 21:37

    Well, I do  not see that vlan.420 show up when configuring classifier:

     

    This is from SRX 100, not sure if SRX 650 is the same way.

     

    root# set class-of-service interfaces ?

    SNIP!!

    Possible completions:
    fe-0/0/3 Interface name (or wildcard)
    fe-0/0/4 Interface name (or wildcard)
    fe-0/0/5 Interface name (or wildcard)

     

    root> show interfaces terse | match up

    SNIP!!

    vlan.420 up up inet 43.43.43.1/24

     

     

     

     



  • 6.  RE: SRX Layer 2 port and BA Classifier/Multifiled Classifier

     
    Posted 10-11-2017 23:16

    Can you try applying it manually, like "set class- of-serrvice interfaces vlan.420 classifier"