[j-nsp] Policers on VLAN, layer 3 interface in output direction is not supported?
kashif rana
kashifrana84 at gmail.com
Sat Dec 5 01:51:50 EST 2009
Hi,
I have 7 users VLAN on core switch (four 4200 switchs in virtual chassis).
VLAN 2 is on access switch (three 4200 switches are in virtual chassis).
VLAN 2 virtual chassis access switch is connected to aggregate interface to
core virtual chassis switch.
I want to limit VLAN 2 http upload traffic to 1mb and there should be no
restriciton on other traffic. I made the following policers and firewall
filter on core switch.
policer http-upload-policer {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 625;
}
then discard;
}
family ethernet-switching {
filter "Rate limiting policy for VLAN 2" {
term "rate limit for http traffic" {
from {
protocol tcp;
destination-port http;
}
then {
count http-upload-counter
policer http-upload-policer;
accept;
}
}
term "No rate limit for other traffic" {
then accept;
}
}
}
Now problem is that:
1- When i tried to apply this filter as "input direction" on core switch
uplink to VLAN 2 swtich. It was giving the error policer is not supported on
aggregate interface.
2-When i tried to apply this filter as "output direction" on core switch on
VLAN 2. It was giving the error firewall filter is not supported in egress
direction. Although documentation said we can apply firewall filter on vlan
in input and output both direction.
3- Then I applied this firewall filter as "input direction" on l-3 interface
for VLAN 2 but i noticed there is no policing for http traffic.
The junos version is 9.3. One more thing when i run the command show policer
it gave error this command is not supported on ex-4200. I could not get it
configuration allowing me to configure policer in firewall filter but show
commands gave error.
Is there any license require for policer to work?
Kindly help me out
Thanks
More information about the juniper-nsp
mailing list