How to limit the traffic rate (bandwidth) on Juniper SRX 210 interface acting as switch

> First create a l3-interface to the VLAN you are trying to limit
>This way you will apply rate limit filter on transit traffic going in / out of VLAN e.g.

1) Filter Definition

firewall {
policer 2Mbps {
if-exceeding {
bandwidth-limit 2m;
burst-size-limit 100k;
}
then discard;
}
filter Filter-2Mbps {
term a {
from {
source-address {
192.168.1.0/24;
}
}
then {
policer 2Mbps;
accept;
}
}
}
}

2) Apply on VLAN Interface

interfaces {
vlan {
unit 0 {
family inet {
filter {
output 2Mbps;
}
address 192.168.1.1/24;
}
}
}
}

Comments

Post a Comment

Popular posts from this blog

HPE MSR series router NAT, DHCP, SSH config

Image
1. NAT Configuration    1.1. Define Access List [Router] acl basic 2001  [Router] step 1 [Router] rule 0 permit [Router] rule 10 deny 2. Interfaces Configuration    2.1. External (WAN) interface configuration [Router] interface GigabitEthernet 0/0/0 [Router] ip address 10.163.195.2 255.255.255.0 [Router] nat outbound 2001     2.2. Internal (LAN) sub-interfaces configuration [Router] interface GigabitEthernet 0/0/1.2 [Router] ip address 192.168.1.2 255.255.255.0 [Router] vlan-type dot1q vid 2 [Router] interface GigabitEthernet 0/0/1.3 [Router] ip address 192.168.2.2 255.255.255.0 [Router] vlan-type dot1q vid 3 [Router] interface GigabitEthernet 0/0/1.4 [Router] ip address 192.168.3.2 255.255.255.0 [Router] vlan-type dot1q vid 4 3. DHCP Server Configuration     3.1. Enable DHCP service on router [Router] dhcp enable     3.2. Define dhcp settings for vlan 2 [Router] dhcp server ip-pool vlan 2 [Router] ne
Read more

Juniper SRX Routing Instances Configuration and Importing Routes to and from virtual routers

Image
Our goal is to configure routing instances on all devices and provide routing between all instances with ospf protocol. Configure routing instances on SRX1: We will be using a tagged interface ge-0/0/1 where vlan 10 is for vr10.10 routing instance and vlan 20 is for vr20.20: set interfaces ge-0/0/1 vlan-tagging set interfaces ge-0/0/1 unit 10 vlan-id 10 set interfaces ge-0/0/1 unit 10 family inet address 172.16.10.1/24 set interfaces ge-0/0/1 unit 20 vlan-id 20 set interfaces ge-0/0/1 unit 20 family inet address 172.16.20.1/24 Now create routing instances and assign interfaces to them: set routing-instances vr10.10 instance-type virtual-router set routing-instances vr10.10 interface ge-0/0/1.10 set routing-instances vr20.20 instance-type virtual-router set routing-instances vr20.20 interface ge-0/0/1.20 Configure rib-groups to import routes from one routing instance to another (Another alternative is to configure policy-options for importing): set routing-instances vr10.10 routing-opti
Read more

Install Junos with USB

You discover that your Junos EX or SRX device does not complete normal boot up. The image seems to be corrupted for some reason, such as a continuous power failure. If this occurs, don’t worry, you can get it back up within few minutes using the USB port. Step 1. Get a USB flash drive. Copy the Junos image to the USB drive (without creating folders). Use FAT file format if the USB size is less than 2 GB. Use FAT32 if the USB size is greater than or equal to 4 GB. The example below uses the file image junos-srxsme-10.4R1.9-domestic .tgz. Step 2. Insert the flash into an EX/SRX USB port. Step 3. Reboot the device. When Junos boots up, you will see the message : Press Space to abort autoboot Do nothing. A little while later, you will see: Hit [Enter] to boot immediately, or space bar for command prompt. Press the space bar. You will be at loader mode; the prompt should be loader>. If the prompt is > , type >boot to make it loader>. Step 4. Now type the following command: lo
Read more