Hi,
since the EX4300MP series does not support the "
if-exceeding bandwidth-percent" inside a policer FW rule, my question is how to deal with dynamic speed interfaces (mge-)? I cannot determine the interface speed from the interface name anymore. The can be 2.5, 5G, 10G speeds behind this mge- name. But I cannot police a 2,5G interface the same way as a 10G interface. But I have 24 workstations behind mge- interfaces that I need to police ingress.
Example:
interfaces {
mge-0/0/4 {
unit 0 {
family ethernet-switching {
filter {
input POLICE_INGRESS_FWFILTER_MGE;
}
}
}
}
}
firewall {
policer POLICE_INGRESS_MGE_BESTEFFORT_FWCLASS {
if-exceeding {
bandwidth-limit 9500m;
burst-size-limit 60m;
}
then discard;
}
filter POLICE_INGRESS_FWFILTER_MGE {
term POLICE-CATCHALL {
then {
accept;
policer POLICE_INGRESS_MGE_BESTEFFORT_FWCLASS;
}
}
}
}
Thanks for helping!