Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Example: Configuring a layer2-policer for rate limiting on a physical port in Access Mode

0

0

Article ID: KB27277 KB Last Updated: 03 Feb 2014Version: 1.0
Summary:

This article describes how to configure a basic layer2-policer for rate limiting on a physical port in Access Mode.

Symptoms:
 
Cause:
 
Solution:

Topology

                             Bridge Domain TEST
PC1 ------<ge-1/3/8> | R1 | <ge-1/3/9> ------- <ge-2/3/9>  |R2|  <ge-2/3/8>------- PC2
10.1.1.1/24                                                                10.1.1.2/24


Hardware used

R1 --> FPC 1 REV 17 750-021157 YB4434 DPCE 40x 1GE R TX
R2 --> FPC 2 REV 17 750-021157 YA9121 DPCE 40x 1GE R TX

Configuration

In this topology, a layer2-policer is applied on ge-1/3/9.0:

R1

set interfaces ge-1/3/8 unit 0 family bridge interface-mode access
set interfaces ge-1/3/8 unit 0 family bridge vlan-id 10
set interfaces ge-1/3/9 unit 0 filter input TEST-L2-POLICER
set interfaces ge-1/3/9 unit 0 filter output TEST-L2-POLICER
set interfaces ge-1/3/9 unit 0 family bridge interface-mode access
set interfaces ge-1/3/9 unit 0 family bridge vlan-id 10

set bridge-domains TEST domain-type bridge
set bridge-domains TEST vlan-id 10


set firewall family any filter TEST-L2-POLICER term 1 then policer L2-Policer
set firewall family any filter TEST-L2-POLICER term 1 then count L2-packets
set firewall policer L2-Policer if-exceeding bandwidth-limit 10m
set firewall policer L2-Policer if-exceeding burst-size-limit 15m
set firewall policer L2-Policer then discard


R2

set interfaces ge-2/3/8 unit 0 family bridge interface-mode access
set interfaces ge-2/3/8 unit 0 family bridge vlan-id 10
set interfaces ge-2/3/9 unit 0 filter input TEST-L2-POLICER
set interfaces ge-2/3/9 unit 0 filter output TEST-L2-POLICER
set interfaces ge-2/3/9 unit 0 family bridge interface-mode access
set interfaces ge-2/3/9 unit 0 family bridge vlan-id 10

set bridge-domains TEST domain-type bridge
set bridge-domains TEST vlan-id 10

Verification

Verify the outcome of the above configuration:

1. Enable FTP server on PC1.
2. Connect FTP from PC2 and copy a huge file around 500 MB. Note: IXIA can be used to generate traffic and test the setup.
3. Check if the firewall counter is incrementing by running the following command:

R1# run show firewall filter TEST-L2-POLICER counter L2-packets

Filter: TEST-L2-POLICER
Counters:
Name                                       Bytes                           Packets
L2-packets                   202012424                           221753

R1> monitor interface ge-1/3/9.0

From the output of the monitor interface command, you can see the rate limiting.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search