[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Applying a Policer
On Gigabit Ethernet IQ and Gigabit Ethernet PICs
with SFPs (except the 10-port Gigabit Ethernet PIC and the built-in
Gigabit Ethernet port on the M7i platform), you can apply input and
output policers that define rate limits for premium and aggregate
traffic received on the logical interface. Aggregate policers are
supported on Gigabit Ethernet PICs with SFPs (except the 10-port Gigabit
Ethernet PIC and the built-in Gigabit Ethernet port on the M7i platform).
These policers allow you to perform simple traffic
policing without configuring a firewall filter. For information about
defining these policers, see Configuring Gigabit Ethernet Policers.
To apply policers to specific source MAC addresses,
include the accept-source-mac statement:
-
accept-source-mac {
-
-
mac-address mac-address {
-
-
policer {
- input cos-policer-name;
- output cos-policer-name;
- }
- }
- }
You can include these statements at the following
hierarchy levels:
-
[edit interfaces interface-name unit logical-unit-number ]
-
[edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number]
You can specify the MAC address as nn:nn:nn:nn:nn:nn or nnnn.nnnn.nnnn, where n is a hexadecimal number.
You can configure up to 64 source addresses. To specify more than
one address, include multiple mac-address statements in the
logical interface configuration.
 |
Note:
On untagged Gigabit Ethernet interfaces you should not configure
the source-address-filter statement at the [edit interfaces ge-fpc/pic/port gigether-options] hierarchy level
and the accept-source-mac statement at the [edit interfaces ge-fpc/pic/port gigether-options unit logical-unit-number] hierarchy level simultaneously. If these statements are configured
for the same interfaces at the same time, an error message is displayed.
On tagged Gigabit Ethernet interfaces you should not configure
the source-address-filter statement at the [edit interfaces ge-fpc/pic/port gigether-options] hierarchy level
and the accept-source-mac statement at the [edit interfaces ge-fpc/pic/port gigether-options unit logical-unit-number] hierarchy level with an identical MAC address specified in
both filters. If these statements are configured for the same interfaces
with an identical MAC address specified, an error message is displayed.
|
|
Note:
If the remote Ethernet card is changed, the interface
does not accept traffic from the new card because the new card has
a different MAC address.
|
The MAC addresses you include in the configuration
are entered into the routing platform’s MAC database. To view
the routing platform’s MAC database, enter the show interfaces
mac-database interface-name command:
- user@host> show interfaces mac-database interface-name
In the input statement, list the name
of one policer template to be evaluated when packets are received
on the interface.
In the output statement, list the name
of one policer template to be evaluated when packets are transmitted
on the interface.
|
Note:
On IQ2 PIC interfaces, the default value for maximum
retention of entries in the MAC address table has changed, for cases
in which the table is not full. The new holding time is 12 hours.
The previous retention time of 3 minutes is still in effect when the
table is full.
|
You can use the same policer one or more times.
If you apply both policers and firewall filters
to an interface, input policers are evaluated before input firewall
filters, and output policers are evaluated after output firewall filters.
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
