Hi,
I have 7 users VLAN on core switch (four 4200 switchs in virtual chassis). VLAN 2 is on access switch (three 4200 switches are in virtual chassis). VLAN 2 virtual chassis access switch is connected to aggregate interface to core virtual chassis switch. I want to limit VLAN 2 http upload traffic to 1mb and there should be no restriciton on other traffic. I made the following policers and firewall filter on core switch. policer http-upload-policer { if-exceeding { bandwidth-limit 1m; burst-size-limit 625; } then discard; } family ethernet-switching { filter "Rate limiting policy for VLAN 2" { term "rate limit for http traffic" { from { protocol tcp; destination-port http; } then { count http-upload-counter policer http-upload-policer; accept; } } term "No rate limit for other traffic" { then accept; } } } Now problem is that: 1- When i tried to apply this filter as "input direction" on core switch uplink to VLAN 2 swtich. It was giving the error policer is not supported on aggregate interface. 2-When i tried to apply this filter as "output direction" on core switch on VLAN 2. It was giving the error firewall filter is not supported in egress direction. Although documentation said we can apply firewall filter on vlan in input and output both direction. 3- Then I applied this firewall filter as "input direction" on l-3 interface for VLAN 2 but i noticed there is no policing for http traffic. The junos version is 9.3. One more thing when i run the command show policer it gave error this command is not supported on ex-4200. I could not get it configuration allowing me to configure policer in firewall filter but show commands gave error. Is there any license require for policer to work? Kindly help me out Thanks _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp