Hi Gunjan,
Won't that simply rate-limit *all* traffic traversing that interface
to 5m? You'd need to identify arp traffic specifically, using a
firewall filter and apply that to the interface.
A shared, non-configurable policer is applied to all Ethernet
interfaces on which family inet is configured in a chassis. You can
configure an ARP policer on a per interface basis. This will override
the default policer.
Guy
On 28/06/07, Gunjan GANDHI (BR/EPA) <[EMAIL PROTECTED]> wrote:
> Jens,
> It is possible to do this on a per interface basis, not sure if you can
> do on a per node basis. Here is a sample syntax example.
>
> [edit]
> [EMAIL PROTECTED] show interfaces ge-0/0/0
> vlan tagging;
> unit 502 {
> vlan-id 502;
> family inet {
> policer {
> arp Block_ARP;
> }
> address 172.20.16.52/24;
> }
> }
>
> [edit]
> [EMAIL PROTECTED] show firewall
> policer Block_ARP {
> if-exceeding {
> bandwidth-limit 5m;
> burst-size-limit 50k;
> }
> }
>
> Cheers
> //Gunjan
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Thursday, 28 June 2007 3:01 AM
> To: [email protected]
> Subject: [j-nsp] Ratelimiting ARP-Requests
>
> Dear colleagues,
>
> I'm looking for an advice about the possibilities to ratelimit incomming
> ARP requests.
>
> What's the correct syntax for an effective filter rule to solve this
> problem ?
>
> Kind Regards
> Jens
> _______________________________________________
> juniper-nsp mailing list [email protected]
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list [email protected]
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
