Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Two-Color Policing at Layer 2 Overview

This topic covers the following information:

Guidelines for Configuring Two-Color Policing of Layer 2 Traffic

The following guidelines apply to two-color policing of Layer 2 traffic:

  • You can apply a two-color policer to ingress or egress Layer 2 traffic at a logical interface hosted on a Gigabit Ethernet interface (ge-) or a 10-Gigabit Ethernet interface (xe-) only.
  • A single logical interface supports Layer 2 policing in both directions.
  • You can apply a two-color policer to Layer 2 traffic as a logical interface policer only. You cannot apply a two-color policer to Layer 2 traffic as a stateless firewall filter action.
  • You can apply a two-color policer to Layer 2 traffic by referencing the policer in the interface configuration at the logical unit level, and not at the protocol level.

For information about configuring three-color policing of Layer 2 traffic, see Three-Color Policing at Layer 2 Overview.

Statement Hierarchy for Configuring a Two-Color Policer for Layer 2 Traffic

To enable a single-rate two-color policer to rate-limit Layer 2 traffic, include the logical-interface-policer statement in the policer configuration.

firewall {policer policer-name {logical-interface-policer;if-exceeding {(bandwidth-limit bps | bandwidth-percent percentage);burst-size-limit bytes;}then {discard;forwarding-class class-name;loss-priority (high | low | medium-high | medium-low);}}}

You can include the configuration at the following hierarchy levels:

  • [edit]
  • [edit logical-systems logical-system-name]

Statement Hierarchy for Applying a Two-Color Policer to Layer 2 Traffic

To apply a logical interface policer to Layer 2 traffic, include the layer2-policer input-policer policer-name statement or the layer2-policer output-policer policer-name statement to a supported logical interface. Use the input-policer or output-policer statements to apply a two-color policer at Layer 2.

interfaces {(ge-fpc/pic/port | xe-fpc/pic/port) {unit unit-number {layer2-policer {input-policer policer-name;output-policer policer-name;}}}}

You can include the configuration at the following hierarchy levels:

  • [edit]
  • [edit logical-systems logical-system-name]
 

Related Documentation

 

Published: 2012-11-16

Previous Page Next Page