You don't need to write source address in filter. use this... policer 10m { filter-specific; if-exceeding { bandwidth-limit 10m; burst-size-limit 100k; } then discard; }
family ethernet-switching { filter rate-limit-10m { interface-specific; term 1 { then policer 10m; } Regards, Masood Blog: http://weblogs.com.pk/jahil/ > Here is what i came up with, but it didnt seem to work. I just want to > rate-limit ALL traffic to 10 meg, so i assume using the source address of > 0.0.0.0/0 is correct. > > I had this interface pegged at 100 meg, and when i commited the filter it > didnt seem to reduce the traffic. Any ideas? > > ge-0/0/4 { > description Customer A; > unit 0 { > family ethernet-switching { > port-mode access; > vlan { > members 38; > } > filter { > input rate-limit-10m; > > > policer 10m { > filter-specific; > if-exceeding { > bandwidth-limit 10m; > burst-size-limit 100k; > } > then discard; > } > family ethernet-switching { > filter rate-limit-10m { > interface-specific; > term 1 { > from { > source-address { > 0.0.0.0/0; > } > } > then policer 10m; > > > r...@switch> show firewall filter rate-limit-10m-ge-0/0/4.0-i > > Filter: rate-limit-10m-ge-0/0/4.0-i > Policers: > Name Packets > 10m 2012276 > > > > > > > ----- Original Message ----- > From: mas...@nexlinx.net.pk > To: "Brendan" <manne...@nexlinx.net.pk>, juniper-nsp@puck.nether.net > Sent: Tuesday, May 19, 2009 6:02:57 PM GMT -05:00 US/Canada Eastern > Subject: Re: [j-nsp] Ex Series Bandwidth Policer > > The way you have done it, bandwidth will be shared among multiple > interfaces. Adding filter-specific knob to the policer will make them > unique. Further, use the "interface-specific" command in the firewall > filter, In this case you can use the same filter in multiple interfaces > without having shared bandwidth. > > firewall { > policer 10m { > filter-specific;------------ this will make all policer unique. > if-exceeding { > bandwidth-limit 10m; > burst-size-limit 100k; > } > then discard; > > Create a filter instead of applying filter directly on an interface and > use filter-specific under [edit firewall family family-name filter > filter-name] > > Regards, > Masood > Blog: http://weblogs.com.pk/jahil/ > > > > > -----Original Message----- > From: juniper-nsp-boun...@puck.nether.net > [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Brendan Mannella > Sent: Tuesday, May 19, 2009 7:36 PM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] Ex Series Bandwidth Policer > > > > Hi, > > > > I was wondering what the best way to limit bandwidth per customer port on > a EX3200 would be. > > > > Lets say i have customer A on port 3 and customer B on port 4 and would > like to give each one 10 mbits per sec up and down. Something like this... > > > > > > ge-0/0/3 { > description Customer A; > unit 0 { > family ethernet-switching { > port-mode access; > vlan { > members 43; > > > > > ge-0/0/4 { > description Customer B; > unit 0 { > family ethernet-switching { > port-mode access; > vlan { > members 44 ; > > > > firewall { > policer 10m { > if-exceeding { > bandwidth-limit 10m; > burst-size-limit 100k; > } > then discard; > > > Then i would just apply the 10m policer to both interfaces for both input > and output? > > > > Any clarification on this would be helpful. > > > > Thanks, > > > > Brendan > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp