[j-nsp] Translating Cisco to Juniper/policy-statements
Gunjan GANDHI (BR/EPA)
gunjan.gandhi at ericsson.com
Sun Jul 22 21:25:14 EDT 2007
I2J
https://i2j.juniper.net/release/index.jsp
Cheers
//Gunjan
policy-options {
as-path path-20-accept "111+|222+|222+2221+|333+";
community UPSTREAM-OUT-1 members 1234:567;
policy-statement ap-20 {
term accept-term {
from as-path path-20-accept;
then accept;
}
term ios-implicit-deny {
then reject;
}
}
policy-statement pl-AS111-BLOCK {
term term-1 {
from route-filter 1.2.3.4/19 exact;
then accept;
}
term ios-implicit-deny {
then reject;
}
}
policy-statement pl-AS222-BLOCK {
term ios-implicit-deny {
then reject;
}
}
policy-statement pl-AS2221-BLOCK {
term ios-implicit-deny {
then reject;
}
}
policy-statement pl-AS333-BLOCK {
term term-1 {
from route-filter 12.14.15.16/21 exact;
then accept;
}
term ios-implicit-deny {
then reject;
}
}
policy-statement pl-AS3331-BLOCK {
term term-1 {
from route-filter 18.19.20.21/19 exact;
then accept;
}
term ios-implicit-deny {
then reject;
}
}
policy-statement rm-UPSTREAM-OUT {
term term-1 {
from policy [ pl-AS111-BLOCK pl-AS222-BLOCK pl-AS2221-BLOCK
ap-20 ];
then accept;
}
term term-2 {
from policy [ pl-AS333-BLOCK pl-AS3331-BLOCK ap-20 ];
then {
community set UPSTREAM-OUT-1;
accept;
}
}
term ios-implicit-deny {
then reject;
}
}
}
Lines that could not be converted are in red.
Lines with warnings or comments are in blue.
Lines with previously shown errors or warnings are in magenta.
FPC / PIC / Port numbers MUST ALWAYS be changed to match your Juniper
Networks hardware.
1:route-map UPSTREAM-OUT permit 10
2: match ip address prefix-list AS111-BLOCK AS222-BLOCK AS2221-BLOCK
There is no prefix-list named: AS2221-BLOCK. Creating a reject policy
with that name
3: match as-path 20
4:!
5:route-map UPSTREAM-OUT permit 15
6: match ip address prefix-list AS333-BLOCK AS3331-BLOCK
7: match as-path 20
8: set community 1234:567
9:!
10:ip as-path access-list 20 permit ^(_111)+$
11:ip as-path access-list 20 permit ^(_222)+$
12:ip as-path access-list 20 permit ^(_222)+(_2221)+$
13:ip as-path access-list 20 permit ^(_333)+$
14:ip as-path access-list 20 permit ^(_333)+(_3331)+$ !
Cannot convert regular expressions that have a $ at the beginning or
middle
15:ip prefix-list AS111-BLOCK seq 5 permit 1.2.3.4/19
16:ip prefix-list AS222-BLOCK seq 5 permit 5.6.7.8/24 ip prefix-list
AS2221-BLOCK seq 5 permit 9.10.11.12/19
Line not yet supported by I2J
17:ip prefix-list AS333-BLOCK seq 5 permit 12.14.15.16/21
18:ip prefix-list AS3331-BLOCK seq 5 permit 18.19.20.21/19
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Nick Kraal
Sent: Sunday, 22 July 2007 11:16 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Translating Cisco to Juniper/policy-statements
Hi there,
What is the best-current-way to configure the following Cisco-speak to
JUNOS.
Thanks in advance,
-nick/
route-map UPSTREAM-OUT permit 10
match ip address prefix-list AS111-BLOCK AS222-BLOCK AS2221-BLOCK
match as-path 20
!
route-map UPSTREAM-OUT permit 15
match ip address prefix-list AS333-BLOCK AS3331-BLOCK
match as-path 20
set community 1234:567
!
ip as-path access-list 20 permit ^(_111)+$ ip as-path access-list 20
permit ^(_222)+$ ip as-path access-list 20 permit ^(_222)+(_2221)+$ ip
as-path access-list 20 permit ^(_333)+$ ip as-path access-list 20 permit
^(_333)+(_3331)+$ !
ip prefix-list AS111-BLOCK seq 5 permit 1.2.3.4/19 ip prefix-list
AS222-BLOCK seq 5 permit 5.6.7.8/24 ip prefix-list AS2221-BLOCK seq 5
permit 9.10.11.12/19 ip prefix-list AS333-BLOCK seq 5 permit
12.14.15.16/21 ip prefix-list AS3331-BLOCK seq 5 permit 18.19.20.21/19
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list