Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring a Policer for a Firewall Filter

    You can configure policers to rate limit traffic on a device. After you configure a policer, you can include it in an ingress firewall filter configuration.

    When you configure a firewall filter, you can specify a policer action for any term or terms within the filter. All traffic that matches a term that contains a policer action goes through the policer that the term references. Each policer that you configure includes an implicit counter. To get term-specific packet counts, you must configure a new policer for each filter term that requires policing.

    The following policer limits apply on the switch:

    • A maximum of 512 policers can be configured for port firewall filters.
    • A maximum of 512 policers can be configured for VLAN and Layer 3 firewall filters.
    1. In the navigation tree, select Device Manager > Devices. In Device Manager, select the device for which you want to configure a policer.
    2. In the configuration tree, expand Firewall.
    3. Perform the configuration tasks as described in Table 1.

    Note: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See Updating Devices for more information.

    Table 1: Configuring a Policer for a Firewall Filter

    Task

    Action

    Create the policer for expedited forwarding, and give the policer a name—for example, ef-policer.

    Select Policer and click Add new entry.

    In the Policer name box, type ef-policer.

    Set the burst limit for the policer—for example, 2k.

    Set the bandwidth limit or percentage for the bandwidth allowed for this type of traffic—for example, use a bandwidth percent of 10.

    1. Select If exceeding.
    2. In the Burst Size Limit box, type a limit for the burst size allowed—for example, 2k.
    3. Select Bandwidth Limit, select bandwidth-limit.
    4. In the box, type 10.
    5. Click OK.

    Enter the loss priority for packets exceeding the limits established by the policer—for example, high.

    1. Select Then.
    2. In the Comment field, enter high.
    3. Click OK.

    Published: 2013-01-02