[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring Policy Rules with the C-Web Interface

The type of policy rule that you can create depends on the type and applicability of the policy list in which you create the policy rule. For JUNOSe policy rules, there are two types—IPv6 and IPv6. For PCMM policy rules, there is only one type. For JUNOS policy lists, you can create the following policy rule types:

Before You Configure JUNOS Policy Rules

The following are prerequisites to using policy rules on JUNOS routing platforms.

JUNOS Scheduler and JUNOS Shaping Policy Rules

Before you use the JUNOS scheduler and JUNOS shaping policy rules, check that your Physical Interface Card (PIC) supports JUNOS scheduling and shaping rate. Also, check that your interface supports the per-unit-scheduler.

You must enable the per-unit-scheduler on the interface. To do so, on the JUNOS routing platform, include the per-unit-scheduler statement at the [edit interfaces interface-name] hierarchy level:

[edit interfaces interface-name]

per-unit-scheduler;

JUNOS ASP Policy Rules

Before you use the Adaptive Services PIC (ASP) policy rule to create a stateful firewall or NAT policy, you must configure the Adaptive Services PIC on the JUNOS routing platform. For example:

sp-0/1/0 {
    unit 0 {
        family inet {
            address 10.10.1.1/32;
        }
    }
}

For more information about configuring Adaptive Services PICs, see the JUNOS Services Interfaces Configuration Guide.

Setting the Policy Rule Precedence

Policy lists can have more than one policy rule. Policy rules are assigned a precedence that determines the order in which the policy manager applies policy rules. Rules are evaluated from lowest to highest precedence value. For JUNOSe policies, rules with equal precedence are evaluated in the order of creation. For JUNOS policies, rules with equal precedence are evaluated in random order.

Note that for JUNOS SCHEDULER and JUNOS POLICER policy rules, precedence is not a factor.

The router classifies packets beginning with the classify condition in the policy list that has the policy rule with the lowest precedence.

For JUNOSe routers, if you want the router to take two corresponding actions on a packet, you would create a JUNOSe policy list that has more than one policy rule with the same precedence. For example, you may want a policy rule that marks a packet and a policy rule that forwards the packet to the next interface. Or you could have a policy rule that applies a traffic class and a policy rule that forwards the packet to the next hop.

Adding a Policy Rule

You create policy rules within policy lists.

To add a policy rule:

  1. In the side pane, select a policy list that has already been created and configured.
  2. From the Create new list, select Rule. Type a name for the new rule, and click OK.
  3. Enter information as described in the Help text in the main pane, and click Apply.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]