Juniper EX9200 Features Manual page 86

Traffic Policers Feature Guide for EX9200 Switches
68
Configure the first policer.
2.
[edit firewall policer p-all-1m-5k-discard]
user@host# set if-exceeding bandwidth-limit
user@host# set if-exceeding
user@host# set then discard
Enable configuration of a two-color policer that discards packets that do not conform
3.
to a bandwidth specified as "10 percent" and a burst size of 500,000 bytes.
You apply this policer only to the FTP traffic at the single-tag VLAN logical interface.
You apply this policer as the action of an IPv4 firewall filter term that matches FTP
packets from TCP.
[edit firewall policer p-all-1m-5k-discard]
user@host# up
[edit]
user@host# edit firewall policer p-ftp-10p-500k-discard
Configure policing limits and actions.
4.
[edit firewall policer p-ftp-10p-500k-discard]
user@host# set if-exceeding
user@host# set if-exceeding burst-size-limit 500k
user@host# set then discard
Because the bandwidth limit is specified as a percentage, the firewall filter that
references this policer must be configured as an interface-specific filter.
NOTE: If you wanted this policer to rate-limit to 10 percent of the logical
interface configured shaping rate (rather than to 10 percent of the
physical interface media rate), you would need to include the
logical-bandwidth-policer
p-all-1m-5k-discard]
logical-bandwidth policer.
Enable configuration of the IPv4 firewall filter policer for ICMP packets.
5.
[edit firewall policer p-ftp-10p-500k-discard]
user@host# up
[edit]
user@host# edit firewall policer p-icmp-500k-500k-discard
Configure policing limits and actions.
6.
[edit firewall policer p-icmp-500k-500k-discard]
user@host# set if-exceeding bandwidth-limit 500k
user@host# set if-exceeding burst-size-limit 500k
user@host# set then discard
1m
burst-size-limit 5k
bandwidth-percent 10
statement at the [edit firewall policer
hierarchy level. This type of policer is called a
Copyright © 2016, Juniper Networks, Inc.