On Friday, 15 May 2009, david....@orange-ftgroup.com wrote: > You can use ARP Policer per vlan : > > On your interface : > > set interface ge-X/Y/Y unit XXX family inet policer arp ARP-POLICER > > firewall policer ARP-Policer { > if-exceeding { > bandwidth-limit 32k; > burst-size-limit 32k; > } > then discard; > }
We have also found out the hard way. Doing above using a group configuration makes it easy to implement; set groups klant-interface interfaces <*> unit <*> family inet policer arp per-interface-arp-limiter set interfaces ge-0/3/0 apply-groups klant-interface [...] set firewall policer per-interface-arp-limiter if-exceeding bandwidth-limit 150k set firewall policer per-interface-arp-limiter if-exceeding burst-size-limit 15k set firewall policer per-interface-arp-limiter then discard -- Niels
pgp6e0qYRozKh.pgp
Description: PGP signature
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp