On Wed, 16 May 2001, Jonathan Tse wrote:
> Hi all,
>
> Cisco has specific acl to deal with the terminal (telnet, ssh) access.
> Understand from Juniper's documentation that similar action can be done by
> putting filter at lo0.
>
> Q1. Does lo0 be the only interface I need to secure? e.g. can I telnet to
> other interface IPs to by pass lo0 filter?
Yes. Any traffic bound for the routing engine will be filtered by that.
> Q2. If I choose lo1 be the router ID and be the one handling routing
> protocols. Should I update the filter as well?
There is no lo1. There are only multiple addresses on lo0 unit 0 (lo0.0).
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:42 EDT