On Friday, 15 May 2009, david....@orange-ftgroup.com wrote:
> You can use ARP Policer per vlan :
>
> On your interface :
>
> set interface ge-X/Y/Y unit XXX family inet policer arp ARP-POLICER
>
> firewall policer ARP-Policer {
> if-exceeding {
> bandwidth-limit 32k;
> burst-size-limit 32k;
> }
> then discard;
> }We have also found out the hard way. Doing above using a group configuration makes it easy to implement; set groups klant-interface interfaces <*> unit <*> family inet policer arp per-interface-arp-limiter set interfaces ge-0/3/0 apply-groups klant-interface [...] set firewall policer per-interface-arp-limiter if-exceeding bandwidth-limit 150k set firewall policer per-interface-arp-limiter if-exceeding burst-size-limit 15k set firewall policer per-interface-arp-limiter then discard -- Niels
pgp6e0qYRozKh.pgp
Description: PGP signature
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
