Re: Secure the Routing Engine

• Next message: Andrea Reitzel: "Re: [j-nsp] ATM signaling support in CCC..."
• Previous message: dave o'leary: "Re: [j-nsp] ATM signaling support in CCC..."
• In reply to: Jonathan Tse: "Secure the Routing Engine"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Wed, 16 May 2001, Jonathan Tse wrote:
> Hi all,
>
> Cisco has specific acl to deal with the terminal (telnet, ssh) access.
> Understand from Juniper's documentation that similar action can be done by
> putting filter at lo0.
>
> Q1. Does lo0 be the only interface I need to secure? e.g. can I telnet to
> other interface IPs to by pass lo0 filter?

Yes. Any traffic bound for the routing engine will be filtered by that.

> Q2. If I choose lo1 be the router ID and be the one handling routing
> protocols. Should I update the filter as well?

There is no lo1. There are only multiple addresses on lo0 unit 0 (lo0.0).

• Next message: Andrea Reitzel: "Re: [j-nsp] ATM signaling support in CCC..."
• Previous message: dave o'leary: "Re: [j-nsp] ATM signaling support in CCC..."
• In reply to: Jonathan Tse: "Secure the Routing Engine"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:42 EDT