Applying Firewall Filter Tricolor Marking Policers to Interfaces

To apply a tricolor marking policer to an interface, you must reference the filter name in the interface configuration. To do this, include the filter statement:

filter {input filter-name;output filter-name;}

You can include these statements at the following hierarchy levels:

[edit interfaces interface-name unit logical-unit-number family family]
[edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number family family]

The filter name that you reference should have an attached tricolor marking policer, as shown in Applying Tricolor Marking Policers to Firewall Filters.

Example: Applying a Single-Rate Tricolor Marking Policer to an Interface

Apply the trtcm1-cb policer to an interface:

firewall {three-color-policer srtcm1 { # Configure the srtcm1-cb policer.single-rate {color-blind;committed-information-rate 1048576;committed-burst-size 65536;excess-burst-size 131072;}}filter fil { # Configure the fil firewall filter, applying the srtcm1-cb policer.term default {then {three-color-policer {single-rate srtcm1-cb; # The TCM policer must be single-rate.}}}interfaces { # Configure the interface, which attaches the fil firewall filter.so-1/0/0 {unit 0 {family inet {filter {input fil;}}}}