To configure this example, perform the following tasks:
•
Configuring a Policer for Prefix-Specific Counting and Policing on page 102
•
Configuring a Prefix-Specific Action Based on the Policer on page 103
•
Configuring an IPv4 Filter That References the Prefix-Specific Action on page 104
•
Applying the Firewall Filter to IPv4 Input Traffic at a Logical Interface on page 105
CLI Quick
Configuration
To quickly configure this example, copy the following configuration commands into a
text file, remove any line breaks, and then paste the commands into the CLI at the
[edit]
hierarchy level.
set firewall policer 1Mbps-policer if-exceeding bandwidth-limit 1m
set firewall policer 1Mbps-policer if-exceeding burst-size-limit 63k
set firewall policer 1Mbps-policer then discard
set firewall family inet prefix-action psa-1Mbps-per-source-24-32-256 policer
1Mbps-policer
set firewall family inet prefix-action psa-1Mbps-per-source-24-32-256 count
set firewall family inet prefix-action psa-1Mbps-per-source-24-32-256
subnet-prefix-length 24
set firewall family inet prefix-action psa-1Mbps-per-source-24-32-256 source-prefix-length
32
set firewall family inet filter limit-source-one-24 term one from source-address
10.10.10.0/24
set firewall family inet filter limit-source-one-24 term one then prefix-action
psa-1Mbps-per-source-24-32-256
set interfaces so-0/0/2 unit 0 family inet filter input limit-source-one-24
set interfaces so-0/0/2 unit 0 family inet address 10.39.1.1/16
Configuring a Policer for Prefix-Specific Counting and Policing
Step-by-Step
Procedure
To configure a policer to be used for prefix-specific counting and policing:
Enable configuration of a single-rate two-color policer.
[edit]
1.
user@host#
edit firewall
1Mbps-policer
2.
Define the traffic limit.
[edit firewall policer 1Mbps-policer]
user@host#
set if-exceeding bandwidth-limit 1m
user@host#
set if-exceeding burst-size-limit 63k
Packets in a traffic flow that conforms to this limit are passed with the PLP set to
low
.
3.
Define the actions for nonconforming traffic.
[edit firewall policer 1Mbps-policer]
user@host#
set then discard
Packets in a traffic flow that exceeds this limit are discarded. Other configurable
actions for a single-rate two-color policer are to set the forwarding class and to set
the PLP level.
Copyright © 2016, Juniper Networks, Inc.
102
Traffic Policers Feature Guide for EX9200 Switches
Summary of Contents for EX9200 Series
Page 8: ...Copyright 2016 Juniper Networks Inc viii Traffic Policers Feature Guide for EX9200 Switches ...
Page 10: ...Copyright 2016 Juniper Networks Inc x Traffic Policers Feature Guide for EX9200 Switches ...
Page 12: ...Copyright 2016 Juniper Networks Inc xii Traffic Policers Feature Guide for EX9200 Switches ...
Page 20: ...Copyright 2016 Juniper Networks Inc 2 Traffic Policers Feature Guide for EX9200 Switches ...
Page 32: ...Copyright 2016 Juniper Networks Inc 14 Traffic Policers Feature Guide for EX9200 Switches ...
Page 34: ...Copyright 2016 Juniper Networks Inc 16 Traffic Policers Feature Guide for EX9200 Switches ...
Page 42: ...Copyright 2016 Juniper Networks Inc 24 Traffic Policers Feature Guide for EX9200 Switches ...
Page 54: ...Copyright 2016 Juniper Networks Inc 36 Traffic Policers Feature Guide for EX9200 Switches ...
Page 56: ...Copyright 2016 Juniper Networks Inc 38 Traffic Policers Feature Guide for EX9200 Switches ...
Page 72: ...Copyright 2016 Juniper Networks Inc 54 Traffic Policers Feature Guide for EX9200 Switches ...
Page 132: ...Copyright 2016 Juniper Networks Inc 114 Traffic Policers Feature Guide for EX9200 Switches ...
Page 152: ...Copyright 2016 Juniper Networks Inc 134 Traffic Policers Feature Guide for EX9200 Switches ...
Page 162: ...Copyright 2016 Juniper Networks Inc 144 Traffic Policers Feature Guide for EX9200 Switches ...
Page 178: ...Copyright 2016 Juniper Networks Inc 160 Traffic Policers Feature Guide for EX9200 Switches ...
Page 186: ...Copyright 2016 Juniper Networks Inc 168 Traffic Policers Feature Guide for EX9200 Switches ...
Page 188: ...Copyright 2016 Juniper Networks Inc 170 Traffic Policers Feature Guide for EX9200 Switches ...
Page 202: ...Copyright 2016 Juniper Networks Inc 184 Traffic Policers Feature Guide for EX9200 Switches ...
Page 212: ...Copyright 2016 Juniper Networks Inc 194 Traffic Policers Feature Guide for EX9200 Switches ...
Page 214: ...Copyright 2016 Juniper Networks Inc 196 Traffic Policers Feature Guide for EX9200 Switches ...
Page 278: ...Copyright 2016 Juniper Networks Inc 260 Traffic Policers Feature Guide for EX9200 Switches ...