Will, You mean the export policy restricting 0/0 from area 0 to area 1 must be on the srx that has an interface from area 0, and an interface from area 1. Correct?
I've tried this with no luck on my ospf export policy: + term deny-test { + from { + area 0.0.0.0; + route-filter 192.168.30.156/30 exact; + } + to area 0.0.0.1; + then reject; + } On Wed, May 9, 2012 at 3:50 PM, Morgan McLean <wrx...@gmail.com> wrote: > I tried the restrict statement under area 1 for another route as a test: > > [edit protocols ospf area 0.0.0.1] > + area-range 192.168.30.156/30 { > + restrict; > + exact; > + } > > And I still see it on the other end: > > > 192.168.30.156/30 *[OSPF/10] 22:22:03, metric 2 > > to 192.168.30.110 via ge-7/0/0.0 > > Morgan > > > On Wed, May 9, 2012 at 3:18 PM, OBrien, Will <obri...@missouri.edu> wrote: > >> Your export policy must be applied at the announcement router. For >> example, my area 0 router only announces a default route and nothing else. >> Set a match and don't forget the reject. >> >> Will >> >> On May 9, 2012, at 4:30 PM, "Morgan Mclean" <wrx...@gmail.com> wrote: >> >> > Hi everyone, >> > >> > I have a two network segments, OSPF area 0 and 1. I have a firewall >> cluster with interfaces in both areas. I need to stop say a default route >> from area 0 making its way into area 1. >> > >> > I've tried import and export policies but nothing seems to really work. >> Can anybody please give me an example? Is this against how OSPF works? >> > >> > Thanks, >> > Morgan >> > _______________________________________________ >> > juniper-nsp mailing list juniper-nsp@puck.nether.net >> > https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp