[j-nsp] help

___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] protect ssh and telnet

I'm new to Juniper. and I'm looking to protect ssh/telnet on all interfaces on my juniper ACX5048's. In Cisco you can protect the virtual interface (vty) with a acl (access-class) so that any remote login attempts (ssh or telnet) or protected. How do I protect ssh and telnet globally in

Re: [j-nsp] help

Disregard this... -Original Message- From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Wednesday, March 30, 2016 6:54 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] help ___ juniper-nsp mailing list

Re: [j-nsp] access-internal routes

Thanks Aaron ...and sorry folks for that email showing up on the list twice... for some reason I was unable to post for the last 3 days (your blessing , lol) ... ahhrmm, so during that time I tried posting that access-internal route question twice... both came through today. Y'all have a nice

[j-nsp] help

___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] access-internal routes

Any DHCP routes appear as access-internal. There may be other reasons but that’s the most common. > On Mar 30, 2016, at 5:46 PM, Aaron wrote: > > what are these routes (access-internal) ? i'm seeing them actually being > sent over my MPLS L3VPN into my other pe's as /32

[j-nsp] access-internal routes

what are these routes (access-internal) ? i'm seeing them actually being sent over my MPLS L3VPN into my other pe's as /32 routes. very interesting. and seemingly very inefficient and busy. not sure that I like the idea of host routes for 10's of thousands of hosts being injected into my mpls

Re: [j-nsp] access-internal routes

Thanks Daniel, I recall that's what another guy suggested... he gave my like 20 lines of junos code... then I found that one-line that did the trick. Aaron -Original Message- From: dverl...@gmail.com [mailto:dverl...@gmail.com] On Behalf Of Daniel Verlouw Sent: Friday, April 1, 2016

Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)

Thanks Daniel, this is encouraging... I wonder if I can get the specifics on when that will be available Aaron -Original Message- From: dverl...@gmail.com [mailto:dverl...@gmail.com] On Behalf Of Daniel Verlouw Sent: Friday, April 1, 2016 3:03 PM To: Aaron Cc:

Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)

Right, http://kb.juniper.net/InfoCenter/index?page=content=KB28893=RSS I tried that too... perhaps I missed something, but my forwarding plane filter didn't seem to work either. I'll have to give that another look. I'm annoyed that cisco deals with this on pretty much every device using VTY

Re: [j-nsp] access-internal routes

Hi, On Wed, Mar 30, 2016 at 10:41 PM, Aaron wrote: > what are these routes (access-internal) ? i'm seeing them actually being > sent over my MPLS L3VPN into my other pe's as /32 routes. very interesting. > and seemingly very inefficient and busy. not sure that I like the idea

Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)

Hi, On Fri, Apr 1, 2016 at 9:52 PM, Aaron wrote: > agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0 > family inet] > 'filter' > Referenced filter 'local_acl' can not be used as default/physical > interface specific with lo0 not supported on ingress

Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)

Aaron, It's a known issue, has been discussed here. Look for KB28893. Regards, 2016-04-01 16:52 GMT-03:00 Aaron : > Thanks Wayne, I tried it and get this error... > > agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0 > family inet] > 'filter' >

Re: [j-nsp] access-internal routes

Thanks Tim/Tarko, This fixed it for me... set routing-instances one forwarding-options dhcp-relay group ftth route-suppression access-internal I couldn't get the helpers bootp thing to work. It did get the DISCOVER and OFFERS happening at the server, but it wouldn't ever REQUEST / ACK... so I

Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)

Thanks Wayne, I tried it and get this error... agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0 family inet] 'filter' Referenced filter 'local_acl' can not be used as default/physical interface specific with lo0 not supported on ingress loopback interface error:

Re: [j-nsp] access-internal routes

hey, how do I turn off the /32 route injection at the acx5048 ? I don't have test setup at hand but I belive it is "forwarding-options dhcp-relay route-suppression access-internal" They can be safely disabled if you only use basic dhcp relay functionality. Due to (junos) complicated

[j-nsp] access-internal routes

what are these routes (access-internal) ? i'm seeing them actually being sent over my MPLS L3VPN into my other pe's as /32 routes. very interesting. and seemingly very inefficient and busy. not sure that I like the idea of host routes for 10's of thousands of hosts being injected into my mpls

Re: [j-nsp] (no subject)

Obviously Den 1 apr 2016 18:48 skrev "Peter Ehiwe" : > Swssr > > -- > Sent from Mobile > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp >

Re: [j-nsp] Best Place to Buy Used Juniper

The major difference is that equipment purchased through the Juniper channel is supported and is not treated as Grey market. I agree completely that pricing is based on your relationship and purchasing history with Juniper. JimG Via iPad > On Apr 1, 2016, at 09:35, Luis Balbinot

[j-nsp] (no subject)

Swssr -- Sent from Mobile ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Best Place to Buy Used Juniper

I got a quote from them a while ago, it's not worth it. The MPC we quoted is available to us new from Juniper for $35k, used from Hula for $10k and they asked $50k. Their prices float according to the relationship you have with Juniper. On Mon, Mar 28, 2016 at 1:49 PM, Colton Conor

Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)

> > I need to only allow 172.17.0.0/16 to be able to remotely access the > ACX5048 > for snmp, telnet, ssh, http(s) services. How would I do this? > Standard Junos firewall filter applied to lo0 should do the trick ___ juniper-nsp mailing list

[j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)

I need to only allow 172.17.0.0/16 to be able to remotely access the ACX5048 for snmp, telnet, ssh, http(s) services. How would I do this? Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net

Re: [j-nsp] negative arp cache on JunOS?

On 3/31/16 3:49 PM, Jared Mauch wrote: > For reasons that can’t be easily solved, we have a large subnet > connected on a device that connects wireless and other devices. I’m > looking for a quick answer if someone has been able to configure > negative arp caching on JunOS to prevent ARP floods