The "accept" is what is allowing full bandwidth - you never hit the policer.
firewall { family inet { filter policer { term 10 { from { source-address { 192.168.10.35/32; } then { policer teste; } } } } } On Thu, 02 Sep 2010 13:07:08 -0300, Giuliano Cardozo Medalha <giulian...@uol.com.br> wrote: > People, > > We are trying to configure policers to logical interfaces created > under IQ2E PIC. > > All policers are using firewall filters. > > One of them is a different situation ... we cannot rate all interface > but only 3 IPs that pass thought the interface. > > But the policer is not worlink correctly: > > > set firewall policer teste if-exceeding bandwidth limit 10m burst size 1000 > set firewall policer teste then discar > > set firewall family inet filter policer term 10 from source-address > 192.168.10.35/32 > set firewall family inet filter policer term 10 then accept > set firewall family inet filter policer term 10 then policer teste > set firewall family inet filter policer term 20 from source-address > 192.168.10.36/32 > set firewall family inet filter policer term 20 then accept > set firewall family inet filter policer term 20 then policer teste > set firewall family inet filter policer term 30 from source-address > 192.168.10.37/32 > set firewall family inet filter policer term 30 then accept > set firewall family inet filter policer term 30 then policer teste > set firewall family inet filter policer term 40 then accept > > set interface ge-0/0/0 unit 100 vlan-id 100 family inet filter input policer > > > The problem is ... the 3 chosen IPs are exceeding 10m. Sometimes 12, > sometimes 18 Mbps. > > We need to use some special command for it ? Like - logical > interface under policer ? > > What is the correct manner to use it ? > > Or we need to put it all in the same term ? > > Thanks a lot, > > Giuliano > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp