[j-nsp] commands converted from Cisco IOS
TechSupport
techsupport at isaacmorris.com
Mon Mar 7 11:49:01 EST 2005
Dear Craig,
You said 'from-bgp' is saying if the route is from protocol BGP, then
it is evaluated through the next policy in the chain. But there is not
policy after 'from-bgp' except for the deny by default. Does that mean
all BGP packets will be denied under my current config?
version 7.1R1.3;
system {
host-name traffic;
domain-name isaacmorris.com;
time-zone America/New_York;
root-authentication {
encrypted-password "$1$tRMtSdRC$MSTI0s4n7jwz22wCVMm3f/";
}
name-server {
198.6.1.122;
198.6.1.142;
}
services {
ssh;
web-management {
http;
}
}
syslog {
file messages {
any any;
}
}
}
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
address 192.168.1.244/24;
}
}
}
t1-0/0/2 {
encapsulation frame-relay;
lmi {
lmi-type ansi;
}
t1-options {
line-encoding b8zs;
framing esf;
}
unit 0 {
description "MCI T1 [bandwidth.com]";
point-to-point;
dlci 500;
family inet {
address 208.192.182.138/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
}
routing-options {
router-id 65.198.234.1;
autonomous-system 31916;
}
protocols {
bgp {
log-updown;
group jweb-bgp {
type external;
local-address 208.192.182.138;
neighbor 208.192.182.137 {
description "MCI T1 [bandwidth.com]";
export bgp-redistributes;
remove-private;
peer-as 701;
}
}
}
}
policy-options {
policy-statement bgp-redistributes {
term sourced-bgp-network {
from {
route-filter 65.198.234.0/24 exact;
}
then accept;
}
term from-bgp {
from protocol bgp;
then next policy;
}
term ios-implicit-deny {
then reject;
}
}
}
Thanks,
Albert
-----Original Message-----
From: Craig Pierantozzi [mailto:tozz at arpa.bind.com]
Sent: Sunday, March 06, 2005 11:24 PM
To: TechSupport
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] commands converted from Cisco IOS
JunOS has the concept of a policy chain which is multiple
policies that can be evaluated. Example:
export [ policy1 policy2 ]
In general, a route is evaluated against the terms in a
policy and if it matches, an action is taken. No other
term or policy is evaluated after the match. Below, the term
'from-bgp' is saying if the route is from protocol BGP, then
it is evaluated through the next policy in the chain.
The last term is a catch all for routes that are not matched
in any term above and they are denied.
Check out the topics listed at:
http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-policy
/html/policy-overview-framework13.html
regards
-craig
* Thus spake TechSupport (techsupport at isaacmorris.com):
> Dear All,
>
>
>
> Thank you in advance for your help.
>
> I am new to Junos.
>
> I took my startup-config from my 2650 and translated it to Junos. I
> understand the whole thing expect for the last 2 statements under
> Policy-Options:
>
>
>
> term from-bgp {
> from protocol bgp;
> then next policy;
> }
> term ios-implicit-deny {
> then reject;
> }
>
>
>
> Could someone explain the function of these lines?
>
>
>
> Thanks,
>
> Albert
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list