Juniper EX9200 Features Manual page 122

Traffic Policers Feature Guide for EX9200 Switches
Step-by-Step
Procedure
Results
104
bandwidth-limit 1m;
burst-size-limit 63k;
}
then discard;
}
family inet {
prefix-action psa-1Mbps-per-source-24-32-256 {
policer 1Mbps-policer;
subnet-prefix-length 24;
source-prefix-length 32;
}
}
Configuring an IPv4 Filter That References the Prefix-Specific Action
To configure an IPv4 standard firewall filter that references the prefix-specific action:
Enable configuration of the IPv4 standard firewall filter.
1.
[edit]
user@host# edit firewall family inet filter limit-source-one-24
Prefix-specific counting and policing can be defined for IPv4 traffic only.
Configure the filter term to match on the packet source address or destination
2.
address.
[edit firewall family inet filter limit-source-one-24]
user@host# set term one from source-address 10.10.10.0/24
Configure the filter term to reference the prefix-specific action.
3.
[edit firewall family inet filter limit-source-one-24]
user@host# set term one then prefix-action psa-1Mbps-per-source-24-32-256
You could also use the
(HTTP) traffic to each host to transmit at 500 Kbps and have the total HTTP traffic
limited to 1 Mbps.
Confirm the configuration of the prefix-specific action by entering the
configuration mode command. If the command output does not display the intended
configuration, repeat the instructions in this procedure to correct the configuration.
[edit]
user@host# show firewall
policer 1Mbps-policer {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 63k;
}
then discard;
}
family inet {
prefix-action psa-1Mbps-per-source-24-32-256 {
policer 1Mbps-policer;
subnet-prefix-length 24;
source-prefix-length 32;
next term action to configure all Hypertext Transfer Protocol
show firewall
Copyright © 2016, Juniper Networks, Inc.