Can we use BA DSCP classifier under layer 2 port on SRX 650?
I do not see any option to Multified classifier using Filter family ethernet-switching under layer 2 port on SRX 100 but i am not sure if this is the case for SRX 650 as well?
Thanks and have a nice day!!
BA/Multifiled classifiers works based on values from IP Header (DSCP and other L3/L4 information), which cannot be used on L2 cos.
You can use "ieee-802.1" for L2 COS.
Its same as BA classifier, below given is an example for L2 classifier. Remaining things like schedulers and all remains same as L3.
set class-of-service classifiers ieee-802.1 BE forwarding-class best-effort loss-priority low code-points 001
Below given is the default classifier.root> class-of-service classifier type ieee-802.1 Classifier: ieee8021p-default, Code point type: ieee-802.1, Index: 11 Code point Forwarding class Loss priority 000 best-effort low 001 best-effort high 010 expedited-forwarding low 011 expedited-forwarding high 100 assured-forwarding low 101 assured-forwarding high 110 network-control low 111 network-control high
let me explain my set up in a bit detail ( sorry, should have done it )
IP device-----fe0/0/0 SRX--Layer3
IP device is connecetd to access port on fe0/0/0 in vlan 420
I can not use BA Classifier (dot p) to classify traffic as there is no dot1q tag. Traffic arriving on f0/0/0 are untagged.
So can we classify these traffic? we can use multifiled firewall filter family ethernet switching to look into IP/TCP/UDP header to do classification but SRX does not support firewall filter family ethernet switching . End Ip device can not set DSCP marking.
I believe vlan 420 has an L3 interface/Ip address assigned , is that correct? If so, you can apply normal BA/MF classifier on that vlan interface.
For example if the L3 interface for vlan 420 is vlan.420, you can assign classifier on this.
Well, I do not see that vlan.420 show up when configuring classifier:
This is from SRX 100, not sure if SRX 650 is the same way.
root# set class-of-service interfaces ?
Possible completions: fe-0/0/3 Interface name (or wildcard) fe-0/0/4 Interface name (or wildcard) fe-0/0/5 Interface name (or wildcard)
root> show interfaces terse | match up
vlan.420 up up inet 18.104.22.168/24
Can you try applying it manually, like "set class- of-serrvice interfaces vlan.420 classifier"