[j-nsp] clarification of enabling sample
Brian Spade
bitkraft at gmail.com
Sat Oct 25 21:38:33 EDT 2008
Docs show to create a firewall filter for sampling, i.e.:
firewall {
family inet filter catch_all term default then {
sample; accept; }}
I have enabled sampling directly on the interface without using a firewall
filter. Everything works fine.
ge-3/1/0 {
unit 0 {
family inet {
sampling {
input;
output;
}
address 10.100.20.3/30;
}
}
}
Do you really need this firewall filter? What is the difference of just
enabling sample on the interface?
/b
More information about the juniper-nsp
mailing list