Verification
Confirm that the configuration is working properly.
•
Displaying the Firewall Filters Applied to an Interface on page 106
•
Displaying Prefix-Specific Actions Statistics for the Firewall Filter on page 106
Displaying the Firewall Filters Applied to an Interface
Purpose
Verify that the firewall filter
limit-source-one-24
is applied to the IPv4 input traffic at
logical interface
so-0/0/2.0
.
Action
Use the
show interfaces statistics
operational mode command for logical interface
so-0/0/2.0
, and include the
detail
option. In the command output section for
Protocol inet
,
the
Input Filters
field displays
limit-source-one-24
, indicating that the filter is applied
to IPv4 traffic in the input direction:
user@host>
show interfaces statistics so-0/0/2.0 detail
Logical interface so-0/0/2.0 (Index 79) (SNMP ifIndex 510) (Generation 149)
Flags: Hardware-Down Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPP
Protocol inet, MTU: 4470, Generation: 173, Route table: 0
Flags: Sendbcast-pkt-to-re, Protocol-Down
Input Filters: limit-source-one-24
Addresses, Flags: Dest-route-down Is-Preferred Is-Primary
Destination: 10.39/16, Local: 10.39.1.1, Broadcast: 10.39.255.255,
Generation: 163
Displaying Prefix-Specific Actions Statistics for the Firewall Filter
Purpose
Verify the number of packets evaluated by the policer.
Action
Use the
show firewall prefix-action-stats
filter
filter-name
prefix-action
name
operational
mode command to display statistics about a prefix-specific action configured on a firewall
filter.
As an option, you can use the
from
set-index
to
set-index
command option to specify the
starting and ending counter or policer to be displayed. A policer set is indexed from 0
through 65535.
The command output displays the specified filter name followed by a listing of the number
of bytes and packets processed by each policer in the policer set.
For a term-specific policer, each policer in the set is identified as follows:
prefix-specific-action-name-term-name-set-index
For a filter-specific policer, each policer is identified in the command output as follows:
prefix-specific-action-name-set-index
Because the example prefix-specific action
psa-1Mbps-per-source-24-32-256
is referenced
by only one term of the example filter
limit-source-one-24
, the example policer
1Mbps-policer
is configured as term-specific. In the
show firewall prefix-action-stats
command output, the policer statistics are displayed as
Copyright © 2016, Juniper Networks, Inc.
106
Traffic Policers Feature Guide for EX9200 Switches
Summary of Contents for EX9200 Series
Page 8: ...Copyright 2016 Juniper Networks Inc viii Traffic Policers Feature Guide for EX9200 Switches ...
Page 10: ...Copyright 2016 Juniper Networks Inc x Traffic Policers Feature Guide for EX9200 Switches ...
Page 12: ...Copyright 2016 Juniper Networks Inc xii Traffic Policers Feature Guide for EX9200 Switches ...
Page 20: ...Copyright 2016 Juniper Networks Inc 2 Traffic Policers Feature Guide for EX9200 Switches ...
Page 32: ...Copyright 2016 Juniper Networks Inc 14 Traffic Policers Feature Guide for EX9200 Switches ...
Page 34: ...Copyright 2016 Juniper Networks Inc 16 Traffic Policers Feature Guide for EX9200 Switches ...
Page 42: ...Copyright 2016 Juniper Networks Inc 24 Traffic Policers Feature Guide for EX9200 Switches ...
Page 54: ...Copyright 2016 Juniper Networks Inc 36 Traffic Policers Feature Guide for EX9200 Switches ...
Page 56: ...Copyright 2016 Juniper Networks Inc 38 Traffic Policers Feature Guide for EX9200 Switches ...
Page 72: ...Copyright 2016 Juniper Networks Inc 54 Traffic Policers Feature Guide for EX9200 Switches ...
Page 132: ...Copyright 2016 Juniper Networks Inc 114 Traffic Policers Feature Guide for EX9200 Switches ...
Page 152: ...Copyright 2016 Juniper Networks Inc 134 Traffic Policers Feature Guide for EX9200 Switches ...
Page 162: ...Copyright 2016 Juniper Networks Inc 144 Traffic Policers Feature Guide for EX9200 Switches ...
Page 178: ...Copyright 2016 Juniper Networks Inc 160 Traffic Policers Feature Guide for EX9200 Switches ...
Page 186: ...Copyright 2016 Juniper Networks Inc 168 Traffic Policers Feature Guide for EX9200 Switches ...
Page 188: ...Copyright 2016 Juniper Networks Inc 170 Traffic Policers Feature Guide for EX9200 Switches ...
Page 202: ...Copyright 2016 Juniper Networks Inc 184 Traffic Policers Feature Guide for EX9200 Switches ...
Page 212: ...Copyright 2016 Juniper Networks Inc 194 Traffic Policers Feature Guide for EX9200 Switches ...
Page 214: ...Copyright 2016 Juniper Networks Inc 196 Traffic Policers Feature Guide for EX9200 Switches ...
Page 278: ...Copyright 2016 Juniper Networks Inc 260 Traffic Policers Feature Guide for EX9200 Switches ...