SRX Services Gateway
SRX Services Gateway

SRX Layer 2 port and BA Classifier/Multifiled Classifier

10.11.17   |  
a week ago

Hi everyone,

 

Can we use BA DSCP classifier under layer 2 port on SRX 650?

I do not see any option to Multified classifier using Filter family ethernet-switching under layer 2 port on SRX 100 but i am not sure if this is the case for SRX 650 as well?

 

Thanks and have a nice day!!

5 REPLIES
SRX Services Gateway

Re: SRX Layer 2 port and BA Classifier/Multifiled Classifier

10.11.17   |  
a week ago

BA/Multifiled classifiers works based on values from IP Header (DSCP and other L3/L4 information), which cannot be used on L2 cos.

You can use "ieee-802.1" for L2 COS.

 

Its same as BA classifier, below given is an example for L2 classifier. Remaining things like schedulers and all remains same as L3.

 

 

set class-of-service classifiers ieee-802.1 BE forwarding-class best-effort loss-priority low code-points 001

 

 

Below given is the default classifier.

root>  class-of-service classifier type ieee-802.1   
Classifier: ieee8021p-default, Code point type: ieee-802.1, Index: 11
  Code point         Forwarding class                    Loss priority
  000                best-effort                         low         
  001                best-effort                         high        
  010                expedited-forwarding                low         
  011                expedited-forwarding                high        
  100                assured-forwarding                  low         
  101                assured-forwarding                  high        
  110                network-control                     low         
  111                network-control                     high 

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway

Re: SRX Layer 2 port and BA Classifier/Multifiled Classifier

[ Edited ]
10.11.17   |  
a week ago

Hi Suraj,

let me explain my set up in a bit detail ( sorry, should have done it )

 

 

IP device-----fe0/0/0 SRX--Layer3

 

IP device is connecetd to access port on fe0/0/0 in vlan 420

I can not use BA Classifier (dot p) to classify traffic as there is no dot1q tag.  Traffic arriving on f0/0/0 are untagged.

So can we classify these traffic?  we can use multifiled firewall filter family ethernet switching to look into IP/TCP/UDP header to do classification but SRX does not support firewall filter family ethernet switching .  End Ip device can not  set DSCP marking.

SRX Services Gateway

Re: SRX Layer 2 port and BA Classifier/Multifiled Classifier

10.11.17   |  
a week ago

I believe vlan 420 has an L3 interface/Ip address assigned , is that correct? If so, you can apply normal BA/MF classifier on that vlan interface.

 

For example if the L3 interface for vlan 420 is vlan.420, you can assign classifier on this.

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway

Re: SRX Layer 2 port and BA Classifier/Multifiled Classifier

10.11.17   |  
a week ago

Well, I do  not see that vlan.420 show up when configuring classifier:

 

This is from SRX 100, not sure if SRX 650 is the same way.

 

root# set class-of-service interfaces ?

SNIP!!

Possible completions:
fe-0/0/3 Interface name (or wildcard)
fe-0/0/4 Interface name (or wildcard)
fe-0/0/5 Interface name (or wildcard)

 

root> show interfaces terse | match up

SNIP!!

vlan.420 up up inet 43.43.43.1/24

 

 

 

 

Highlighted
SRX Services Gateway

Re: SRX Layer 2 port and BA Classifier/Multifiled Classifier

10.11.17   |  
a week ago

Can you try applying it manually, like "set class- of-serrvice interfaces vlan.420 classifier"

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too