Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Supported Platforms

 

Related Documentation

 

then

Syntax

then {(accept | discard);count (application | application-group | application-group-any | nested-application | none);forwarding-class class-name;log event-type;policer policer-name;}

Hierarchy Level

[edit services aacl rule rule-name term term-name]

Release Information

Statement introduced in Junos OS Release 9.5.

policer statement added in Junos OS Release 9.6.

The nested-application option for the count statement introduced in Junos OS Release 11.1.

Description

Define the AACL term actions. You can configure the router to accept or discard the targeted traffic. The action modifiers (count and forwarding-class) are optional.

Options

You can configure one of the following actions:

  • accept—Accept the packets and all subsequent packets in flows that match the rules.
  • discard—Discard the packet and all subsequent packets in flows that match the rules.

When you select accept as the action, you can optionally configure one or both of the following action modifiers. No action modifiers are allowed with the discard action.

  • count (application | application-group | application-group-any | nested-application | none)—For all accepted packets that match the rules, record a packet count using AACL statistics practices. You can specify one of the following options; there is no default setting:
    • application—Count the application that matched in the from clause.
    • application-group—Count the application group that matched in the from clause.
    • application-group-any—Count all application groups that match from application-group-any under the any group name.
    • nested-application—Count all nested applications that matched in the from clause.
    • none—Same as not specifying count as an action.
  • forwarding-class class-name—Specify the packets’ forwarding-class name.

policer policer-name—Apply rate-limiting properties to the traffic as configured at the [edit firewall policer policer-name] hierarchy level. This configuration allows bit-rate and burst-size attributes to be applied to the traffic that are not supported by AACL rules. When you include a policer, the only allowed action is discard. For more information on policers, see the Routing Policy Feature Guide for Routing Devices.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

 

Related Documentation

 

Published: 2013-08-29

Supported Platforms

 

Related Documentation

 

Published: 2013-08-29

Previous Page Next Page