___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
I'm new to Juniper. and I'm looking to protect ssh/telnet on all interfaces
on my juniper ACX5048's.
In Cisco you can protect the virtual interface (vty) with a acl
(access-class) so that any remote login attempts (ssh or telnet) or
protected.
How do I protect ssh and telnet globally in
Disregard this...
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Aaron
Sent: Wednesday, March 30, 2016 6:54 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] help
___
juniper-nsp mailing list
Thanks Aaron
...and sorry folks for that email showing up on the list twice... for some
reason I was unable to post for the last 3 days (your blessing , lol) ...
ahhrmm, so during that time I tried posting that access-internal route question
twice... both came through today.
Y'all have a nice
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Any DHCP routes appear as access-internal. There may be other reasons but
that’s the most common.
> On Mar 30, 2016, at 5:46 PM, Aaron wrote:
>
> what are these routes (access-internal) ? i'm seeing them actually being
> sent over my MPLS L3VPN into my other pe's as /32
what are these routes (access-internal) ? i'm seeing them actually being
sent over my MPLS L3VPN into my other pe's as /32 routes. very interesting.
and seemingly very inefficient and busy. not sure that I like the idea of
host routes for 10's of thousands of hosts being injected into my mpls
Thanks Daniel, I recall that's what another guy suggested... he gave my like 20
lines of junos code... then I found that one-line that did the trick.
Aaron
-Original Message-
From: dverl...@gmail.com [mailto:dverl...@gmail.com] On Behalf Of Daniel Verlouw
Sent: Friday, April 1, 2016
Thanks Daniel, this is encouraging... I wonder if I can get the specifics on
when that will be available
Aaron
-Original Message-
From: dverl...@gmail.com [mailto:dverl...@gmail.com] On Behalf Of Daniel Verlouw
Sent: Friday, April 1, 2016 3:03 PM
To: Aaron
Cc:
Right, http://kb.juniper.net/InfoCenter/index?page=content=KB28893=RSS
I tried that too... perhaps I missed something, but my forwarding plane filter
didn't seem to work either. I'll have to give that another look.
I'm annoyed that cisco deals with this on pretty much every device using VTY
Hi,
On Wed, Mar 30, 2016 at 10:41 PM, Aaron wrote:
> what are these routes (access-internal) ? i'm seeing them actually being
> sent over my MPLS L3VPN into my other pe's as /32 routes. very interesting.
> and seemingly very inefficient and busy. not sure that I like the idea
Hi,
On Fri, Apr 1, 2016 at 9:52 PM, Aaron wrote:
> agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0
> family inet]
> 'filter'
> Referenced filter 'local_acl' can not be used as default/physical
> interface specific with lo0 not supported on ingress
Aaron,
It's a known issue, has been discussed here.
Look for KB28893.
Regards,
2016-04-01 16:52 GMT-03:00 Aaron :
> Thanks Wayne, I tried it and get this error...
>
> agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0
> family inet]
> 'filter'
>
Thanks Tim/Tarko,
This fixed it for me...
set routing-instances one forwarding-options dhcp-relay group ftth
route-suppression access-internal
I couldn't get the helpers bootp thing to work. It did get the DISCOVER and
OFFERS happening at the server, but it wouldn't ever REQUEST / ACK... so I
Thanks Wayne, I tried it and get this error...
agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0
family inet]
'filter'
Referenced filter 'local_acl' can not be used as default/physical
interface specific with lo0 not supported on ingress loopback interface
error:
hey,
how do I turn off the /32 route injection at the
acx5048 ?
I don't have test setup at hand but I belive it is
"forwarding-options dhcp-relay route-suppression access-internal"
They can be safely disabled if you only use basic dhcp relay functionality.
Due to (junos) complicated
what are these routes (access-internal) ? i'm seeing them actually being
sent over my MPLS L3VPN into my other pe's as /32 routes. very interesting.
and seemingly very inefficient and busy. not sure that I like the idea of
host routes for 10's of thousands of hosts being injected into my mpls
Obviously
Den 1 apr 2016 18:48 skrev "Peter Ehiwe" :
> Swssr
>
> --
> Sent from Mobile
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
The major difference is that equipment purchased through the Juniper channel is
supported and is not treated as Grey market. I agree completely that pricing is
based on your relationship and purchasing history with Juniper.
JimG
Via iPad
> On Apr 1, 2016, at 09:35, Luis Balbinot
Swssr
--
Sent from Mobile
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
I got a quote from them a while ago, it's not worth it. The MPC we
quoted is available to us new from Juniper for $35k, used from Hula
for $10k and they asked $50k. Their prices float according to the
relationship you have with Juniper.
On Mon, Mar 28, 2016 at 1:49 PM, Colton Conor
>
> I need to only allow 172.17.0.0/16 to be able to remotely access the
> ACX5048
> for snmp, telnet, ssh, http(s) services. How would I do this?
>
Standard Junos firewall filter applied to lo0 should do the trick
___
juniper-nsp mailing list
I need to only allow 172.17.0.0/16 to be able to remotely access the ACX5048
for snmp, telnet, ssh, http(s) services. How would I do this?
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
On 3/31/16 3:49 PM, Jared Mauch wrote:
> For reasons that can’t be easily solved, we have a large subnet
> connected on a device that connects wireless and other devices. I’m
> looking for a quick answer if someone has been able to configure
> negative arp caching on JunOS to prevent ARP floods
24 matches
Mail list logo