Yes, u r right but we in JNCIP book making this policies to prevent loops... R6 and R7 running OSPF and RIP and redis RIP - OSPF and vis versa...
so this produce loops.. as OSPF external routes will be redis to RIP router, and the accepted from him as RIP routes coz RIP pref < OSPF ex pref so 1st policy is ensuring that R6 not get RIP from R7 and vise versa and 2nd one is ensuring to R6 and R7 not getting OSPF routes from RIP routetr but my policy is target to prevent any non-RIP routs to be received from RIP routers, in same time ensure that RIP routes is ONLY recieved from RIP router! am I correct ? Thanks Ahmad ________________________________ From: andy <n...@shady.org> To: Ahmad Alhady <ahmad.alh...@yahoo.com> Sent: Friday, December 19, 2008 9:57:01 AM Subject: Re: [j-nsp] JNCIP book, OSPF policy The first policy matches all routes, your policy only matches RIP routes within the prefix 192.168.0.0/22 AND a next hop value. So, there may be routes matched by the first policy that your policy fails to accept. Bear in mind that every condition is checked in order like a logical AND. So, your policy states from protocol RIP AND has a next hop of 172.16.40.1 AND within the prefix 192.168.0.0/22 or longer. so all 3 conditions have to be correct. Id assume that not all prefixes within 192.168.0.0/22 have a next hop of 172.16.40.1 and still require to be matched. Or prefixes outwith 192.168.0.0/22 have a next hop value of 172.16.40.1 and require to be matched. However, ive not read the book, but thats certainly what it looks like. Cheers On Thu, Dec 18, 2008 at 10:42:27PM -0800, Ahmad Alhady wrote: > Hi all, > > in JNCIP book there are 2 diffrent rip import policies. > > l...@r6# show policy-options policy-statement rip-in > term 1 { > from { > protocol rip; > next-hop 172.16.40.1; > } > then accept; > } > term 2 { > then reject; > } > > > l...@r7# show policy-options policy-statement rip-in > term 1 { > from { > protocol rip; > route-filter 192.168.0.0/22 orlonger; > } > then accept; > } > term 2 { > then reject; > > > > 1st one is ensuring to not get RIP from R7 > > and 2nd one is ensuring to not get OSPF routes from RIP routetr > > why we dont do like this > > > l...@r7# show policy-options policy-statement rip-in > term 1 { > from { > protocol rip; > next-hop 172.16.40.1; > route-filter 192.168.0.0/22 orlonger; > } > then accept; > } > term 2 { > then reject; > > so Dont accept except ONLY RIP routes from RIP router.... > > > ?!! > > > Ahmad > > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- andy a...@shady.org ----------------------------------------------- Never argue with an idiot. They drag you down to their level, then beat you with experience. ----------------------------------------------- _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp