Dang, they're teasing us Will !
On another note, I was surprised when you told me there was a new version of
software for the ACX5048... I just started reading the D50 release notes. I
was pleased to see that there are a lot of IPv6 enhancements. This is
perfect timing as I was just about to get
Subject: Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http,
snmp)
BTW, this appears to now be fixed in 12.3X54-D25.7.
ne@ACX1000-lab# load set terminal
[Type ^D at a new line to end input]
set firewall family inet filter local_acl term terminal_access from address
172.17.143.0/24
set
BTW, this appears to now be fixed in 12.3X54-D25.7.
ne@ACX1000-lab# load set terminal
[Type ^D at a new line to end input]
set firewall family inet filter local_acl term terminal_access from address
172.17.143.0/24
set firewall family inet filter local_acl term terminal_access from
protocol tcp
On 2/Apr/16 11:04, Saku Ytti wrote:
>
> I've always wondered why is this a hard problem, especially in low
> end? Naively I'd think that from your ASIC waste one revenue port as
> host-bound facing and implement normal port ACLs there.
It is exactly for that reason. Vendors will assume all low-
On 2 April 2016 at 11:41, Mark Tinka wrote:
>> ACX does not support lo0 filter presently, which sucks. Good news is
>> that it's on the roadmap for sometime this year I believe. No clue why
>> they left it out in the first place...
>
> Well that sucks...
It does, and even when it will support th
On 1/Apr/16 22:02, Daniel Verlouw wrote:
>
> ACX does not support lo0 filter presently, which sucks. Good news is
> that it's on the roadmap for sometime this year I believe. No clue why
> they left it out in the first place...
Well that sucks...
Mark.
_
Subject: Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)
Hi,
On Fri, Apr 1, 2016 at 9:52 PM, Aaron wrote:
> agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit
> 0 family inet]
> 'filter'
> Referenced filter 'local_acl&
l Message-
From: Eduardo Schoedler [mailto:lis...@esds.com.br]
Sent: Friday, April 1, 2016 3:00 PM
To: Aaron
Cc: Wayne Lee ; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)
Aaron,
It's a known issue, has been discussed here.
Look for
Hi,
On Fri, Apr 1, 2016 at 9:52 PM, Aaron wrote:
> agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0
> family inet]
> 'filter'
> Referenced filter 'local_acl' can not be used as default/physical
> interface specific with lo0 not supported on ingress loopback interface
0 family inet address 127.0.0.1/32
>
>
>
> -Original Message-
> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
> Wayne Lee via juniper-nsp
> Sent: Friday, April 1, 2016 10:48 AM
> Cc: juniper-nsp@puck.nether.net
>
-nsp@puck.nether.net
Subject: Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http,
snmp)
>
> I need to only allow 172.17.0.0/16 to be able to remotely access the
> ACX5048
> for snmp, telnet, ssh, http(s) services. How would I do this?
>
Standard Junos firewall filter
>
> I need to only allow 172.17.0.0/16 to be able to remotely access the
> ACX5048
> for snmp, telnet, ssh, http(s) services. How would I do this?
>
Standard Junos firewall filter applied to lo0 should do the trick
___
juniper-nsp mailing list juniper-n
I need to only allow 172.17.0.0/16 to be able to remotely access the ACX5048
for snmp, telnet, ssh, http(s) services. How would I do this?
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/
13 matches
Mail list logo
