On Jul 29, 2013, at 9:45 AM, Huan Pham wrote: > I think this brings an administrative burden (to keep the interface list > updated, as it might change) but that would fix my problem.
If the networks from which you allow administrative access to your network infrastructure devices keep changing, you're Doing Something Wrong, heh. You should only allow direct access from a relatively small number of hosts, which are essentially 'jump-off' servers - i.e., you ssh into the jump-off server (hopefully using preshared keys and OTP), and then ssh from there to your routers/switches. Your network management systems, NetFlow collection/analysis systems, confirmation management systems, et. al., shouldn't change very much, either. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
