Juniper EX9200 Features Manual page 87

Results
Step-by-Step
Procedure
Copyright © 2016, Juniper Networks, Inc.
Confirm the configuration of the policers by entering the
command. If the command output does not display the intended configuration, repeat
the instructions in this procedure to correct the configuration.
[edit]
user@host# show firewall
policer p-all-1m-5k-discard {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 5k;
}
then discard;
}
policer p-ftp-10p-500k-discard {
if-exceeding {
bandwidth-percent 10;
burst-size-limit 500k;
}
then discard;
}
policer p-icmp-500k-500k-discard {
if-exceeding {
bandwidth-limit 500k;
burst-size-limit 500k;
}
then discard;
}
Configuring the IPv4 Firewall Filter
To configure the IPv4 firewall filter:
Enable configuration of the IPv4 firewall filter.
1.
[edit]
user@host# edit firewall family inet filter filter-ipv4-with-limits
Configure the firewall filter as interface-specific.
2.
[edit firewall family inet filter filter-ipv4-with-limits]
user@host# set interface-specific
The firewall filter must be interface-specific because one of the policers referenced
is configured with a bandwidth limit expressed as a percentage value.
Enable configuration of a filter term to rate-limit FTP packets.
3.
[edit firewall family inet filter filter-ipv4-with-limits]
user@host# edit term t-ftp
[edit firewall family inet filter filter-ipv4-with-limits term t-ftp]
user@host# set from protocol tcp
user@host# set from port [ ftp ftp-data ]
FTP messages are sent over TCP port 20 (
port 21 ( ).
ftp-data
Chapter 7: Basic Single-Rate Two-Color Policers
configuration mode
show firewall
) and received over TCP
ftp
69