[an error occurred while processing this directive][an error occurred while processing this directive]



then {(accept | discard);count (application | application-group | application-group-any | none);forwarding-class class-name;policer policer-name;}

Hierarchy Level

[edit services aacl rule rule-name term term-name]

Release Information

Statement introduced in JUNOS Release 9.5.

policer statement added in JUNOS Release 9.6.


Define the AACL term actions. You can configure the router to accept or discard the targeted traffic. The action modifiers (count and forwarding-class) are optional.


You can configure one of the following actions:

  • accept—Accept the packets and all subsequent packets in flows that match the rules.
  • discard—Discard the packet and all subsequent packets in flows that match the rules.

When you select accept as the action, you can optionally configure one or both of the following action modifiers. No action modifiers are allowed with the discard action.

  • count (application | application-group | application-group-any | none)—For all accepted packets that match the rules, record a packet count using AACL statistics practices. You can specify one of the following options; there is no default setting:
    • application—Count the application that matched in the from clause.
    • application-group—Count the application group that matched in the from clause.
    • application-group-any—Count all application groups that match from application-group-any under the any group name.
    • none—Same as not specifying count as an action.
  • forwarding-class class-name—Specify the packets’ forwarding-class name.

policer policer-name—Apply rate-limiting properties to the traffic as configured at the [edit firewall policer policer-name] hierarchy level. This configuration allows bit-rate and burst-size attributes to be applied to the traffic that are not supported by AACL rules. When you include a policer, the only allowed action is discard. For more information on policers, see the JUNOS Policy Framework Configuration Guide.

Usage Guidelines

See Configuring AACL Rules.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Published: 2010-04-28

[an error occurred while processing this directive]