Set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM626C264BED Set interfaces ge-0/0/1 unit 0 family inet filter input Deny-SSH-On-Interface Set system processes dhcp-service traceoptions flag packet Set system processes dhcp-service traceoptions level all Set system processes dhcp-service traceoptions file size 10m Set system processes dhcp-service traceoptions file dhcp_logfile Set system syslog file messages authorization info Set system syslog file messages any notice Set system syslog file interactive-commands interactive-commands any Do Not Disrupt any other traffic f.e traversal SSH traffic into other segments of the network f.e SSH into vMX2's Loopback interface of 2.2.2.2/32 (( Host5 should be able to do this )) or ping or http traffic to elsewhere inside the network (( there is a Linux Server running Apache2 on Port 80 at 10.8.8.80 on the right side of the Network Map ))Īnyone has another or better (more elegant) solution for the above scenario?Īdding show configuration | display set (( root password ommited )) show configuration | display set Only Allow SSH into vMX1 on its loopback 0 IP address and Only From MGMT-Prefix List( on which Host7 is included)- Do Not Allow SSH into vMX1 on IP 192.168.77.1 (for noone )- Do Not Allow Host5 to SSH into vMX1 on any of the IPs ( belonging to lo0.0 or ge-0/0/1.0 ) - No 1.1.1.1 or 192.168.77.1 for Host5 > Host5 is added with its IP 192.168.77.5 to the Not-Allowed-To-SSH-To-1111 source prefix list All this during my journey through the JNCIA material of Juniper.
Took me a while to figure this one out and I think I managed to do it right as per the tests I did on Eve-NG Pro Juniper Lab.
0 kommentar(er)
