Re: Secure the Routing Engine

From: Aaron Dewell (acd@woods.net)
Date: Wed May 16 2001 - 18:30:07 EDT


On Wed, 16 May 2001, Jonathan Tse wrote:
> Hi all,
>
> Cisco has specific acl to deal with the terminal (telnet, ssh) access.
> Understand from Juniper's documentation that similar action can be done by
> putting filter at lo0.
>
> Q1. Does lo0 be the only interface I need to secure? e.g. can I telnet to
> other interface IPs to by pass lo0 filter?

Yes. Any traffic bound for the routing engine will be filtered by that.

> Q2. If I choose lo1 be the router ID and be the one handling routing
> protocols. Should I update the filter as well?

There is no lo1. There are only multiple addresses on lo0 unit 0 (lo0.0).



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:42 EDT