Configuring Policers to Control Traffic Rates (CLI Procedure)
You can configure policers to rate limit traffic on EX Series switches. After you configure a policer, you can include it in an ingress firewall filter configuration.
When you configure a firewall filter, you can specify a policer action for any term or terms within the filter. All traffic that matches a term that contains a policer action goes through the policer that the term references. Each policer that you configure includes an implicit counter. To get term-specific packet counts, you must configure a separate policer for each filter term that requires policing.
On all EX Series switches except EX8200 switches, each policer that you configure includes an implicit counter. To ensure term-specific packet counts, configure a policer for each term in the filter that requires policing. For EX8200 switches, configure a policer and associate it with a global management counter using the counter option.
The following policer limits apply on a switch:
A maximum of 512 policers can be configured for port firewall filters.
A maximum of 512 policers can be configured for VLAN and Layer 3 firewall filters.
If the number of policers in the firewall filter configuration exceeds these limits, the switch returns the following message when you commit the configuration:
Cannot assign policers: Max policer limit reached
This topic includes these tasks:
Configuring Policers
To configure a policer:
Specifying Policers in a Firewall Filter Configuration
To reference a policer for a single firewall, configure a filter term that includes the policer action:
[edit firewall family ethernet-switching] user@switch# set filter limit-hosts term term-one from source-address 192.0.2.0/28 users@witch# set filter limit-hosts term term-one then policer policer-one
Applying a Firewall Filter That Is Configured with a Policer
A firewall filter that is configured with one or more policer actions, like any other firewall filter, must be applied to a port, VLAN, or Layer 3 interface. For information about applying firewall filters, see the sections on applying firewall filters in Configuring Firewall Filters (CLI Procedure).