Re: [j-nsp] ACX control plane filter

https://kb.juniper.net/InfoCenter/index?page=content&id=KB28893&actp=RSS https://puck.nether.net/pipermail/juniper-nsp/2016-April/032346.html - Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/jun

Re: [j-nsp] ACX control plane filter

Had already been answered in the thread: "The script is building only /32 "local" prefixes. Your suggestion is building "direct" prefixes and when matching at the FTF, you can achieve "undesired" results." Best Regards, Krasi On 22 March 2017 at 20:00, Eduardo Schoedler wrote: > have you trie

Re: [j-nsp] ACX control plane filter

You probably don't want to protect customer LANs same way as you want to protect your control-plane. On 22 March 2017 at 20:12, Eduardo Schoedler wrote: > Better example: > > {master}[edit] > jnpr@R1-RE0# *show policy-options prefix-list router-ipv4* > apply-path "interfaces <*> unit <*> family i

Re: [j-nsp] ACX control plane filter

Better example: {master}[edit] jnpr@R1-RE0# *show policy-options prefix-list router-ipv4* apply-path "interfaces <*> unit <*> family inet address <*>"; {master}[edit] jnpr@R1-RE0# *show policy-options prefix-list router-ipv4 | display inheritance* ## ## apply-path was expanded to: ## 192.168.

Re: [j-nsp] ACX control plane filter

have you tried to do a prefix-list like this? {master}[edit] regress@R1-RE0# *show policy-options | no-more* prefix-list router-ipv4 { apply-path "interfaces <*> unit <*> family inet address <*>"; } -- Eduardo Schoedler Em seg, 20 de mar de 2017 às 06:24, Johan Borch escreveu: > Hi > >

Re: [j-nsp] ACX control plane filter

On Mon, Mar 20, 2017 at 10:19:35AM +0100, Johan Borch wrote: > Do anyone have a control plane filter for ACX they can share? :) they don't > seem to support using standard loopback filters. See this thread: https://puck.nether.net/pipermail/juniper-nsp/2016-April/032422.html and specifically thi

Re: [j-nsp] ACX control plane filter

Here's how I block telnet and ssh I have to add a firewall destination-address entry for each local route that I do not want accessible for telnet and ssh...and then apply it to the forwarding plane of the routing-instance that these addresses belong to. set firewall family inet filter protec

[j-nsp] ACX control plane filter

Hi Do anyone have a control plane filter for ACX they can share? :) they don't seem to support using standard loopback filters. Johan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp