[j-nsp] physical interface policer

Mac GroupStudy mac.groupstudy at gmail.com
Wed Oct 13 09:23:44 EDT 2010 

Let me position my thoughts as well, I have been out of JUNOS for some time
but I did get pretty far in my knowledge there along the way. Also, this is
from the Juniper site for configuring policers on a physical interface:

Applying Firewall Filters That Reference Physical Interface Policers

After you configure a firewall filter that references a physical interface
policer, you apply it as an input or an output filter to a logical
interface.

To apply a firewall filter that references a physical interface policer as
an input filter:

   - Include the input *filter-name* statement at the [edit interfaces *
   interface-name* unit *logical-unit-number* family *family-name*
filter]hierarchy level.

To apply a firewall filter that references a physical interface policer as
an output filter:

   - Include the output *filter-name* statement at the [edit interfaces *
   interface-name* unit *logical-unit-number* family
*family-name*]hierarchy level.

In the following example, firewall filter inet-filter is applied to family
inet on interface ge-1/2/0.0. The filter is applied to incoming IPv4 traffic
on the interface.
 [edit] interfaces {  ge-1/2/0 {  unit 0 {  family inet {  filter { input
inet-filter; }  address 10.100.16.2/24 }  }

On Wed, Oct 13, 2010 at 9:20 AM, Mac GroupStudy <mac.groupstudy at gmail.com>wrote:

> Help me with my JUNOS commands structure and interfaces but unit 0 is the
> physical interface correct? I mean, you always have to configure unit 0 so
> to me that is just part of the interface configuration.
>
>
> On Wed, Oct 13, 2010 at 8:36 AM, Bit Gossip <bit.gossip at chello.nl> wrote:
>
>> This is Mx480 Junos10.2R2.11 and DPC.
>> Any idea why I can not apply a physical-interface-policer to a
>> physical-interface?
>> While it can be applied to 'unit 0' of the same interface.
>>
>> Thanks,
>> bit.
>>
>> [edit interfaces xe-4/1/0]
>> l at rc2# run show configuration firewall policer L-ECN
>> physical-interface-policer;
>> if-exceeding {
>>    bandwidth-percent 90;
>>    burst-size-limit 64k;
>> }
>> then loss-priority high;
>>
>> [edit interfaces xe-4/1/0]
>>
>> l at rc2# set layer2-policer ?
>> Possible completions:
>> + apply-groups         Groups from which to inherit configuration data
>> + apply-groups-except  Don't inherit configuration data from these
>> groups
>>
>> [edit interfaces xe-4/1/0]
>> l at rc2# set unit 0 layer2-policer ?
>> Possible completions:
>> + apply-groups         Groups from which to inherit configuration data
>> + apply-groups-except  Don't inherit configuration data from these
>> groups
>>  input-policer        Two-color policer for received packets
>>  input-three-color    Color-blind three-color policer for received
>> packets
>>  output-policer       Two-color policer for transmitted packets
>>  output-three-color   Three-color policer for transmitted packets
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>

More information about the juniper-nsp mailing list