Technical Documentation

Example: Setting a Rate Limit for Incoming Layer 2 Control Packets

Configure rate limiting for incoming Layer 2 control packets. In order to meet this requirement, you must configure an input filter with the family type any and apply this filter to the interface:

[edit]firewall {policer p1 {if-exceeding {bandwidth-limit 5m;burst-size-limit 10m;}then discard;}policer p2 {if-exceeding {bandwidth-limit 40m;burst-size-limit 100m;}then discard;}policer p3 {if-exceeding {bandwidth-limit 600m;burst-size-limit 1g;}then discard;}interface-set ifset {fe-*;}family any {filter L2-filter {term t1 {from {interface fe-0/0/0.0;}then policer p1;}term t2 {from {interface-set ifset;}then policer p2;}term t3 {then policer p3;}}}}[edit]interfaces {fe-0/0/0 {unit 0 {family inet {address 10.1.1.1/30;}}}fe-1/0/0 {unit 0 {family inet {address 10.2.2.1/30;}}}lo0 {unit 0 {family any {filter {input L2-filter;}}}}}

Published: 2010-04-15