Table of Contents
Advertisement
Table 386: Configuration Components: Switch Ports on a 48-Port All-PoE Switch (continued)
Switch and Port Number
ge-0/0/4, ge-0/0/5
ge-0/0/6, ge-0/0/7
ge-0/0/9
ge-0/1/0
Configuring an Ingress Port Firewall Filter to Prioritize Voice Traffic and Rate-Limit TCP and
ICMP Traffic
CLI Quick
Configuration
Copyright © 2010, Juniper Networks, Inc.
VLAN Membership
guest-vlan
camera-vlan
voice-vlan
To configure and apply firewall filters for port, VLAN, and router interfaces, perform these
tasks:
To quickly configure and apply a port firewall filter to prioritize voice traffic and rate-limit
packets that are destined for the
and paste them into the switch terminal window:
[edit]
set firewall policer tcp-connection-policer if-exceeding burst-size-limit 30k bandwidth-limit
1m
set firewall policer tcp-connection-policer then discard
set firewall policer icmp-connection-policer if-exceeding burst-size-limit 30k bandwidth-limit
1m
set firewall policer icmp-connection-policer then discard
set firewall family ethernet-switching filter ingress-port-voip-class-limit-tcp-icmp term
voip-high from source-mac-address 00.05.85.00.00.01
set firewall family ethernet-switching filter ingress-port-voip-class-limit-tcp-icmp term
voip-high from source-mac-address 00.05.85.00.00.02
set firewall family ethernet-switching filter ingress-port-voip-class-limit-tcp-icmp term
voip-high from protocol udp
set firewall family ethernet-switching filter ingress-port-voip-class-limit-tcp-icmp term
voip-high then forwarding-class expedited-forwarding
set firewall family ethernet-switching filter ingress-port-voip-class-limit-tcp-icmp term
voip-high then loss-priority low
set firewall family ethernet-switching filter ingress-port-voip-class-limit-tcp-icmp term
network-control from precedence net-control
set firewall family ethernet-switching filter ingress-port-voip-class-limit-tcp-icmp term
network-control then forwarding-class network-control
set firewall family ethernet-switching filter ingress-port-voip-class-limit-tcp-icmp term
network-control then loss-priority low
set firewall family ethernet-switching filter ingress-port-voip-class-limit-tcp-icmp term
tcp-connection from destination-address 192.0.2.16/28
Chapter 101: Examples of Firewall Filters Configuration
IP and MAC Addresses
through
192.0.2.34
192.0.2.35
through
192.0.2.49
192.0.2.50
IP address:
192.0.2.14
MAC
address:
00.05.85.00.00.0E
IP address:
192.0.2.65
subnet, copy the following commands
employee-vlan
Port Devices
Two hubs into which visitors
can plug in their PCs. Hubs are
located in an area open to
visitors, such as a lobby or
conference room
Two security cameras
Gatekeeper device. The
gatekeeper manages call
registration, admission, and
call status for VoIP phones.
Layer 3 connection to a router;
note that this is a port on the
switch's uplink module
3043
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Juniper JUNOS OS 10.3 - SOFTWARE
Related Products for Juniper JUNOS OS 10.3 - SOFTWARE
- Juniper IDP OS 5.1R1 - S REV 1
- Juniper JUNOS OS 10.4 - S REV 5
- Juniper JUNOS OS 10.4 - FOR EX REV 1
- Juniper JUNOS OS 10.4 - XML API OPERATIONAL
- Juniper IDP OS 5.1R1
- Juniper JUNOS SOFTWARE 10.2 - SOFTWARE INSTALLATION AND UPGRADE GUIDE 4-28-2010
- Juniper OCX1100
- Juniper ADVANCED INSIGHT SCRIPTS 2.5 - S REV 1