[j-nsp] JUNOS POLICER

Derick Winkworth dwinkworth at att.net
Thu Sep 2 14:45:08 EDT 2010


You need to put it all in the same term.




________________________________
From: Giuliano Cardozo Medalha <giulianocm at uol.com.br>
To: juniper-nsp at puck.nether.net
Sent: Thu, September 2, 2010 11:07:08 AM
Subject: [j-nsp] JUNOS POLICER

People,

We are trying to configure policers to logical interfaces created under IQ2E 
PIC.

All policers are using firewall filters.

One of them is a different situation ... we cannot rate all interface but only 3 
IPs that pass thought the interface.

But the policer is not worlink correctly:


set firewall policer teste if-exceeding bandwidth limit 10m burst size 1000
set firewall policer teste then discar

set firewall family inet filter policer term 10 from source-address 
192.168.10.35/32
set firewall family inet filter policer term 10 then accept
set firewall family inet filter policer term 10 then policer teste
set firewall family inet filter policer term 20 from source-address 
192.168.10.36/32
set firewall family inet filter policer term 20 then accept
set firewall family inet filter policer term 20 then policer teste
set firewall family inet filter policer term 30 from source-address 
192.168.10.37/32
set firewall family inet filter policer term 30 then accept
set firewall family inet filter policer term 30 then policer teste
set firewall family inet filter policer term 40 then accept

set interface ge-0/0/0 unit 100 vlan-id 100 family inet filter input policer


The problem is ... the 3 chosen IPs are exceeding 10m.  Sometimes 12, sometimes 
18 Mbps.

We need to use some special command for it ?  Like - logical interface under 
policer ?

What is the correct manner to use it ?

Or we need to put it all in the same term ?

Thanks a lot,

Giuliano
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list