On Mon, 20 Feb 2012, Jonas Björklund wrote:
I want all networks learned from BGP (even those from OSPF) pass the policy.
advertise-inactive on bgp group seem to be the magic. :-)
/Jonas___
juniper-nsp mailing list juniper-nsp@puck.nether.net
Hello,
Im used to Cisco and Cisco doesnt annonce other networks then learned from BGP
default.
I only want to announce networks that my Juniper learns from other iBGP routers.
I tried a policy.
policy-statement my-export-routes {
term t10 {
from {
protocol bgp;
[edit firewall family inet filter admin-access]
user@host# show
term ssh-access {
from {
source-address {
10.1.2.0/24;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
Thanks! source-address solved the problem.
However, I also need to acc
On Mon, 30 Jan 2012, Stacy W. Smith wrote:
On Jan 30, 2012, at 1:05 AM, Per Granath wrote:
Im trying a basic filer to deny traffic to lo0.
SSH, OSPF and ICMP is allowed.
It doesnt work, it allows all traffic.
Same filter work on a ge-interface.
ge-1/0/0 {
unit 0 {
family inet
Hello,
Im trying a basic filer to deny traffic to lo0.
SSH, OSPF and ICMP is allowed.
It doesnt work, it allows all traffic.
Same filter work on a ge-interface.
ge-1/0/0 {
unit 0 {
family inet {
filter {
input admin-access;
}
addr
5 matches
Mail list logo