Howdy List,
I can't seem to get a dynamic-db prefix-list to work correctly on either an
ex3200 or ex2200 on JUNOS 12.3 and 12.10.
I'm starting to suspect it simply won't work on these models (or maybe on
EX-series at all, or maybe only on routing policies).
Using a dynamic-db prefix-list in a filter leads to NO packets passing on the
interface it is instantiated on. (tested on l2 and l3 interface filtering).
It seems to be a simple implementation (create the same prefix-list name in the
normal configuration as the dynamic-db prefix list and tag it 'dynamic-db',
then use in a filter), so I'm currently not suspecting myself as the culprit.
Combining manual prefixes with the dynamic-db in one prefix-list results in
only the manual prefixes being honored, while the dynamic-db ones are still
ignored (same as above).
Thanks list!
Also, here's my configuration's relevant parts:
DYNAMIC CONFIGURATION:
========================
policy-options {
prefix-list badips {
192.168.75.35/32;
192.168.75.100/32;
192.168.100.251/32;
}
}
STATIC CONFIGURATION:
======================
policy-options {
prefix-list badips {
dynamic-db;
1.1.1.1/32;
}
}
firewall {
family inet {
filter blocktest {
term block-dy {
from {
destination-prefix-list {
badips;
}
}
then {
discard;
}
}
term allow-all-else {
then accept;
}
}
}
}
interfaces {
vlan {
unit 33 {
family inet {
filter {
input blocktest;
}
address 192.168.78.1/24;
}
}
}
}
vlans {
noc24-test {
vlan-id 33;
interface {
ge-0/0/3.0;
}
l3-interface vlan.33;
}
}
Dan Farrell
Applied Innovations Corp.
d...@appliedi.net
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
