Hi Gunjan, Won't that simply rate-limit *all* traffic traversing that interface to 5m? You'd need to identify arp traffic specifically, using a firewall filter and apply that to the interface.
A shared, non-configurable policer is applied to all Ethernet interfaces on which family inet is configured in a chassis. You can configure an ARP policer on a per interface basis. This will override the default policer. Guy On 28/06/07, Gunjan GANDHI (BR/EPA) <[EMAIL PROTECTED]> wrote: > Jens, > It is possible to do this on a per interface basis, not sure if you can > do on a per node basis. Here is a sample syntax example. > > [edit] > [EMAIL PROTECTED] show interfaces ge-0/0/0 > vlan tagging; > unit 502 { > vlan-id 502; > family inet { > policer { > arp Block_ARP; > } > address 172.20.16.52/24; > } > } > > [edit] > [EMAIL PROTECTED] show firewall > policer Block_ARP { > if-exceeding { > bandwidth-limit 5m; > burst-size-limit 50k; > } > } > > Cheers > //Gunjan > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Thursday, 28 June 2007 3:01 AM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] Ratelimiting ARP-Requests > > Dear colleagues, > > I'm looking for an advice about the possibilities to ratelimit incomming > ARP requests. > > What's the correct syntax for an effective filter rule to solve this > problem ? > > Kind Regards > Jens > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp