In the following example IP policy p1 and
IP policy p2 are attached at interface atm5/0.1 as input attachments.
Subsequently, policy p3 is attached at the same point. Then policies
p1 and p2 are attached as output at atm 5/0.2.
- Create IP policy p1.
- host1(config)#ip classifier-list C1 tcp host
1.1.1.1 any eq 80
- host1(config)#ip classifier-list C2 icmp any
any 8 0
- host1(config)#ip policy-list p1
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-policy-classifier-group)#forward
next-hop 10.1.1.1
- host1(config-policy-classifier-group)#exit
- host1(config-policy)#classifier-group C2 precedence
10
- host1(config-policy-classifier-group)#filter
- host1(config-policy-classifier-group)#exit
- Create IP policy p2.
- host1(config)#ip classifier-list C1 tcp host
1.1.1.1 any eq 80
- host1(config)#ip classifier-list C3 ip any
host 2.2.2.2
- host1(config)#ip policy-list p2
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-policy-classifier-group)#forward
next-hop 20.1.1.1
- host1(config-policy-classifier-group)#exit
- host1(config-policy)#classifier-group C3 precedence
10
- host1(config-policy-classifier-group)#filter
- host1(config-policy-classifier-group)#exit
- host1(config-policy)#classifier-group * precedence
1000
- host1(config-policy-classifier-group)#forward
- host1(config-policy-classifier-group)#exit
- Attach IP policy p1 as input at interface atm5/0.1.
- host1(config)#Interface atm 5/0.1
- host1(config-subif)#ip policy input p1 statistics
enable merge
- host1(config-subif)#exit
- Attach IP policy p2 as input at interface atm 5/0.1. A
merged policy is created.
- host1(config)#Interface atm 5/0.1
- host1(config-subif)#ip policy input p2 statistics
enable merge
- host1(config-subif)#exit
- Display the policy lists.
host1#show policy-list
Policy Table
------ -----
IP Policy p1
Administrative state: enable
Reference count: 1
Classifier control list: C2, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_5
IP Policy p2
Administrative state: enable
Reference count: 1
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 20.1.1.1, order 100, rule 3 (active)
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_5
IP Policy mpl_5
Administrative state: enable
Reference count: 1
Classifier control list: C2, precedence 10
filter
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
next-hop 20.1.1.1, order 100, rule 3 (reachable)
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
ATM5/0.1 input policy, statistics enabled, virtual-router default
Referenced by profiles:
None
Component policies:
p1
p2
- Show configuration.
host1#show conf
! Configuration script being generated on TUE APR 26 2005 17:33:01 UTC
! Juniper Edge Routing Switch ERX-1440
! Version: 9.9.9 development-4.0 (April 4, 2005 15:39)
! Copyright (c) 1999-2005 Juniper Networks, Inc. All rights reserved.
!
! Commands displayed are limited to those available at privilege level 15
!
…
interface atm 5/0.1
ip policy input p1 statistics enabled merge
ip policy input p2 statistics enabled merge
exit
…
…
ip policy-list p1
classifier-group C2 precedence 10
filter
classifier-group C1 precedence 90
forward next-hop 10.1.1.1
!
ip policy-list p2
classifier-group C3 precedence 10
filter
classifier-group C1 precedence 90
forward next-hop 20.1.1.1
classifier-group * precedence 1000
forward
!
…
…
! End of generated configuration script.
- Display interface statistics.
host1#show ip interface atm 5/0.1
ATM5/0.1 line protocol Atm1483 is up, ip is up
Network Protocols: IP
Internet address is 99.99.99.2/255.255.255.0
Broadcast address is 255.255.255.255
Operational MTU = 9180 Administrative MTU = 0
Operational speed = 155520000 Administrative speed = 0
Discontinuity Time = 721112
Router advertisement = disabled
Proxy Arp = disabled
Network Address Translation is disabled
TCP MSS Adjustment = disabled
Administrative debounce-time = disabled
Operational debounce-time = disabled
Access routing = disabled
Multipath mode = hashed
Auto Configure = disabled
Auto Detect = disabled
Inactivity Timer = disabled
In Received Packets 0, Bytes 0
Unicast Packets 0, Bytes 0
Multicast Packets 0, Bytes 0
In Policed Packets 0, Bytes 0
In Error Packets 0
In Invalid Source Address Packets 0
In Discarded Packets 0
Out Forwarded Packets 0, Bytes 0
Unicast Packets 0, Bytes 0
Multicast Routed Packets 0, Bytes 0
Out Scheduler Dropped Packets 0, Bytes 0
Out Policed Packets 0, Bytes 0
Out Discarded Packets 0
IP policy input mpl_5
classifier-group C2 entry 1
0 packets, 0 bytes
filter
classifier-group C3 entry 1
0 packets, 0 bytes
filter
classifier-group C1 entry 1
0 packets, 0 bytes
forward
classifier-group *
0 packets, 0 bytes
forward
queue 0: traffic class best-effort, bound to ip ATM5/0.1
Queue length 0 bytes
Forwarded packets 0, bytes 0
Dropped committed packets 0, bytes 0
Dropped conformed packets 0, bytes 0
Dropped exceeded packets 0, bytes 0
- Attach IP policy p1 at atm 5/0.2 as output.
- host1(config)#interface atm 5/0.2
- host1(config-subif)#ip policy output p1 statistics
enable merge
- host1(config-subif)#exit
- Attach IP policy p2 at atm 5/0.2 as output. Merge policy
mpl_5 is now attached.
- host1(config)#interface atm 5/0.2
- host1(config-subif)#ip policy output p2 merge
- host1(config-subif)#exit
- Display policies to verify that mpl_5 is created.
host1#show policy-list
Policy Table
------ -----
IP Policy p1
Administrative state: enable
Reference count: 1
Classifier control list: C2, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_5
IP Policy p2
Administrative state: enable
Reference count: 1
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 20.1.1.1, order 100, rule 3 (active)
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_5
IP Policy mpl_5
Administrative state: enable
Reference count: 2
Classifier control list: C2, precedence 10
filter
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
next-hop 20.1.1.1, order 100, rule 3 (reachable)
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
ATM5/0.1 input policy, statistics enabled, virtual-router default
ATM5/0.2 output policy, statistics enabled, virtual-router default
Referenced by profiles:
None
Component policies:
p1
p2
- Create and attach IP policy p3 at atm 5/0.1. A new merge
policy mpl_7 is created, which is a combination of p1, p2, and p3.
The previous merge policy attachment is removed.
- host1(config)#ip classifier-list C4 udp host
1.1.1.1 any eq 900
- host1(config)#ip policy-list p3
- host1(config-policy)#classifier-group C4 precedence
900
- host1(config-policy-classifier-group)#color
red
- host1(config-policy-classifier-group)#exit
- host1(config-policy)#classifier-group C1 precedence
80
- host1(config-policy-classifier-group)#color
yellow
- host1(config-policy-classifier-group)#exit
- host1(config-policy)#exit
- host1(config)#interface atm 5/0.1
- host1(config-subif)#ip policy input p3 statistics
enable merge
- host1(config-subif)#exit
- Display policies to verify that mpl_5 and mpl_7 have been
created.
host1#show policy-list
Policy Table
------ -----
IP Policy p1
Administrative state: enable
Reference count: 2
Classifier control list: C2, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_5
mpl_7
IP Policy p2
Administrative state: enable
Reference count: 2
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 20.1.1.1, order 100, rule 3 (active)
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_5
mpl_7
IP Policy p3
Administrative state: enable
Reference count: 1
Classifier control list: C1, precedence 80
color yellow
Classifier control list: C4, precedence 900
color red
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_7
IP Policy mpl_5
Administrative state: enable
Reference count: 1
Classifier control list: C2, precedence 10
filter
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
next-hop 20.1.1.1, order 100, rule 3 (reachable)
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
ATM5/0.2 output policy, statistics enabled, virtual-router default
Referenced by profiles:
None
Component policies:
p1
p2
IP Policy mpl_7
Administrative state: enable
Reference count: 1
Classifier control list: C2, precedence 10
filter
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 80
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
next-hop 20.1.1.1, order 100, rule 3 (reachable)
color yellow
Classifier control list: C4, precedence 900
color red
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
ATM5/0.1 input policy, statistics enabled, virtual-router default
Referenced by profiles:
None
Component policies:
p1
p2
p3
- Detach p2 from atm 5/0.1. A new merge policy mpl_8 is
created, which is a combination of p1 and p3. The previous merge policy
mpl_7 is detached and, because this policy has no attachments, it
is deleted.
- host1(config)#interface atm 5/0.1
- host1(config-subif)#no ip policy input p2
- host1(config-subif)#exit
- Display policies to verify that the mpl_7 is removed and
the new merge policy mpl_8 is created.
host1#show policy-list
Policy Table
------ -----
IP Policy p1
Administrative state: enable
Reference count: 2
Classifier control list: C2, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_5
mpl_8
IP Policy p2
Administrative state: enable
Reference count: 1
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 20.1.1.1, order 100, rule 3 (active)
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_5
IP Policy p3
Administrative state: enable
Reference count: 1
Classifier control list: C1, precedence 80
color yellow
Classifier control list: C4, precedence 900
color red
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_8
IP Policy mpl_5
Administrative state: enable
Reference count: 1
Classifier control list: C2, precedence 10
filter
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
next-hop 20.1.1.1, order 100, rule 3 (reachable)
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
ATM5/0.2 output policy, statistics enabled, virtual-router default
Referenced by profiles:
None
Component policies:
p1
p2
IP Policy mpl_8
Administrative state: enable
Reference count: 1
Classifier control list: C2, precedence 10
filter
Classifier control list: C1, precedence 80
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
next-hop 20.1.1.1, order 100, rule 3 (reachable)
color yellow
Classifier control list: C4, precedence 900
color red
Referenced by interfaces:
ATM5/0.1 input policy, statistics enabled, virtual-router default
Referenced by profiles:
None
Component policies:
p1
p3
- Detach p1 from atm 5/0.1. Merge policy mpl_8 is detached
and deleted, and only p3 is attached to this interface.
- host1(config)#interface atm 5/0.1
- host1(config-subif)#no ip policy input p1
- host1(config-subif)#exit
- Display policies to verify that p3 is attached to atm
5/0.1 and mpl_8 is removed.
host1#show policy-list
Policy Table
------ -----
IP Policy p1
Administrative state: enable
Reference count: 1
Classifier control list: C2, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_5
IP Policy p2
Administrative state: enable
Reference count: 1
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 20.1.1.1, order 100, rule 3 (active)
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
None
Referenced by profiles:
None
Referenced by merge policies:
mpl_5
IP Policy p3
Administrative state: enable
Reference count: 1
Classifier control list: C1, precedence 80
color yellow
Classifier control list: C4, precedence 900
color red
Referenced by interfaces:
ATM5/0.1 input policy, statistics disabled, virtual-router default
Referenced by profiles:
None
Referenced by merge policies:
None
IP Policy mpl_5
Administrative state: enable
Reference count: 1
Classifier control list: C2, precedence 10
filter
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
next-hop 20.1.1.1, order 100, rule 3 (reachable)
Classifier control list: *, precedence 1000
forward
Referenced by interfaces:
ATM5/0.2 output policy, statistics enabled, virtual-router default
Referenced by profiles:
None
Component policies:
p1
p2
- Detach p3 from atm 5/0.1.
- host1(config)#interface atm 5/0.1
- host1(config-subif)#no ip policy input p3
- host1(config-subif)#exit
- Detach p1 from atm 5/0.2. Merge policy mpl_5 is detached
and deleted and only p2 is now attached.
- host1(config)#interface atm 5/0.2
- host1(config-subif)#no ip policy output p1
- host1(config-subif)#exit
- Detach p2 from atm 5/0.2.
- host1(config)#interface atm 5/0.2
- host1(config-subif)#no ip policy output p2
- host1(config-subif)#exit
- Display policies to verify that no merge policies exist
and that all other policies have a 0 reference count because they
are not attached anywhere.
host1#show policy-list
Policy Table
------ -----
IP Policy p1
Administrative state: enable
Reference count: 0
Classifier control list: C2, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 10.1.1.1, order 100, rule 2 (active)
IP Policy p2
Administrative state: enable
Reference count: 0
Classifier control list: C3, precedence 10
filter
Classifier control list: C1, precedence 90
forward
Virtual-router: default
List:
next-hop 20.1.1.1, order 100, rule 3 (active)
Classifier control list: *, precedence 1000
forward
IP Policy p3
Administrative state: enable
Reference count: 0
Classifier control list: C1, precedence 80
color yellow
Classifier control list: C4, precedence 900
color red
