policer (Configuring)
Syntax
policer policer-name {
filter-specific;
counter {
counter-id counter-index;}
if-exceeding {
bandwidth-limit bps;
bandwidth-percent number;
burst-size-limit bytes;
}
logical-bandwidth-policer;
logical-interface-policer;
physical-interface-policer;
shared-bandwidth-policer;
then {
policer-action;
}
}
Hierarchy Level
[edit dynamic-profiles profile-name firewall], [edit firewall], [edit logical-systems logical-system-name firewall]
Description
Configure policer rate limits and actions. When
included at the [edit firewall] hierarchy level, the policer statement creates a template, and you do not have to
configure a policer individually for every firewall filter or interface.
To activate a policer, you must include the policer-action modifier in the then statement in a firewall filter term
or on an interface.
You can configure the policer in static firewall filters or dynamic firewall filters in a dynamic client profile or a dynamic service profile.
Except for EX8200 switches, each policer that you configure includes an implicit counter. To obtain term-specific packet counts, configure a policer for each term in the filter that requires policing. For EX8200 switches, configure a policer and associate it with a global management counter using the counter option.
Options
| policer-action | One or more actions to take:
|
| policer-name | Name that identifies the policer. The name can contain
letters, numbers, and hyphens (-), and can be up to 255 characters
long. To include spaces in the name, enclose it in quotation marks
(“ ”). Policer names cannot begin with an underscore
in the form |
| then | Actions to take on matching packets. |
The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
firewall—To view this statement in the configuration.
firewall-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
The out-of-profile policer action added in Junos
OS Release 8.1.
The logical-bandwidth-policer statement added in
Junos OS Release 8.2.
Logical systems support introduced in Junos OS Release 9.3.
The physical-interface-policer statement introduced
in Junos OS Release 9.6.
The shared-bandwidth-policer statement added in Junos
OS Release 11.2.
Support at the [edit dynamic-profiles ... firewall] hierarchy level introduced in Junos OS Release 11.4.