[j-nsp] Translating Cisco to Juniper/policy-statements
adnan
ahabib at asacogroup.com
Mon Jul 23 18:37:11 EDT 2007
well i used that tool but mostly it depend on JNOS & IOS Feature what they
support inside ,,, in any case good work by juniper .. we have similer in
Cisco also ..
Best regards
----- Original Message -----
From: <nachocheeze at gmail.com>
To: "Gunjan GANDHI (BR/EPA)" <gunjan.gandhi at ericsson.com>
Cc: <juniper-nsp at puck.nether.net>
Sent: Monday, July 23, 2007 5:02 PM
Subject: Re: [j-nsp] Translating Cisco to Juniper/policy-statements
> Just a friendly reminder, if you're going to use the "IOS to JunOS"
> tool, go with the caveats Juniper gives on the page, and make sure you
> understand everything.
>
> Also, like most translators, it won't be as precise or compact as if
> you'd written it yourself by hand. Make sure you understand why
> everything is there (and test it) before implementing into a
> production network.
>
> -------------------------------------------------
>
> The IOS to JUNOS Translator (I2J) converts FULL IOS Configuration
> files for both 75xx and 12xxx platforms into Juniper Networks JUNOS
> format.
>
> Not all IOS commands are translated and some may be translated
> incorrectly. Hand reviewing the output is ABSOLUTELY NECESSARY.
>
> Although most IOS commands can be input singularly, this is NOT
> recommended or supported.
>
> -----------------------------------------------------------------------------
>
>
> On 7/22/07, Gunjan GANDHI (BR/EPA) <gunjan.gandhi at ericsson.com> wrote:
>> I2J
>> https://i2j.juniper.net/release/index.jsp
>>
>> Cheers
>> //Gunjan
>>
>> policy-options {
>> as-path path-20-accept "111+|222+|222+2221+|333+";
>> community UPSTREAM-OUT-1 members 1234:567;
>> policy-statement ap-20 {
>> term accept-term {
>> from as-path path-20-accept;
>> then accept;
>> }
>> term ios-implicit-deny {
>> then reject;
>> }
>> }
>> policy-statement pl-AS111-BLOCK {
>> term term-1 {
>> from route-filter 1.2.3.4/19 exact;
>> then accept;
>> }
>> term ios-implicit-deny {
>> then reject;
>> }
>> }
>> policy-statement pl-AS222-BLOCK {
>> term ios-implicit-deny {
>> then reject;
>> }
>> }
>> policy-statement pl-AS2221-BLOCK {
>> term ios-implicit-deny {
>> then reject;
>> }
>> }
>> policy-statement pl-AS333-BLOCK {
>> term term-1 {
>> from route-filter 12.14.15.16/21 exact;
>> then accept;
>> }
>> term ios-implicit-deny {
>> then reject;
>> }
>> }
>> policy-statement pl-AS3331-BLOCK {
>> term term-1 {
>> from route-filter 18.19.20.21/19 exact;
>> then accept;
>> }
>> term ios-implicit-deny {
>> then reject;
>> }
>> }
>> policy-statement rm-UPSTREAM-OUT {
>> term term-1 {
>> from policy [ pl-AS111-BLOCK pl-AS222-BLOCK pl-AS2221-BLOCK
>> ap-20 ];
>> then accept;
>> }
>> term term-2 {
>> from policy [ pl-AS333-BLOCK pl-AS3331-BLOCK ap-20 ];
>> then {
>> community set UPSTREAM-OUT-1;
>> accept;
>> }
>> }
>> term ios-implicit-deny {
>> then reject;
>> }
>> }
>> }
>>
>>
>> Lines that could not be converted are in red.
>> Lines with warnings or comments are in blue.
>> Lines with previously shown errors or warnings are in magenta.
>> FPC / PIC / Port numbers MUST ALWAYS be changed to match your Juniper
>> Networks hardware.
>>
>> 1:route-map UPSTREAM-OUT permit 10
>> 2: match ip address prefix-list AS111-BLOCK AS222-BLOCK AS2221-BLOCK
>> There is no prefix-list named: AS2221-BLOCK. Creating a reject policy
>> with that name
>> 3: match as-path 20
>> 4:!
>> 5:route-map UPSTREAM-OUT permit 15
>> 6: match ip address prefix-list AS333-BLOCK AS3331-BLOCK
>> 7: match as-path 20
>> 8: set community 1234:567
>> 9:!
>> 10:ip as-path access-list 20 permit ^(_111)+$
>> 11:ip as-path access-list 20 permit ^(_222)+$
>> 12:ip as-path access-list 20 permit ^(_222)+(_2221)+$
>> 13:ip as-path access-list 20 permit ^(_333)+$
>> 14:ip as-path access-list 20 permit ^(_333)+(_3331)+$ !
>> Cannot convert regular expressions that have a $ at the beginning or
>> middle
>> 15:ip prefix-list AS111-BLOCK seq 5 permit 1.2.3.4/19
>> 16:ip prefix-list AS222-BLOCK seq 5 permit 5.6.7.8/24 ip prefix-list
>> AS2221-BLOCK seq 5 permit 9.10.11.12/19
>> Line not yet supported by I2J
>> 17:ip prefix-list AS333-BLOCK seq 5 permit 12.14.15.16/21
>> 18:ip prefix-list AS3331-BLOCK seq 5 permit 18.19.20.21/19
>>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net
>> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Nick Kraal
>> Sent: Sunday, 22 July 2007 11:16 PM
>> To: juniper-nsp at puck.nether.net
>> Subject: [j-nsp] Translating Cisco to Juniper/policy-statements
>>
>> Hi there,
>>
>> What is the best-current-way to configure the following Cisco-speak to
>> JUNOS.
>>
>> Thanks in advance,
>>
>> -nick/
>>
>> route-map UPSTREAM-OUT permit 10
>> match ip address prefix-list AS111-BLOCK AS222-BLOCK AS2221-BLOCK
>> match as-path 20
>> !
>> route-map UPSTREAM-OUT permit 15
>> match ip address prefix-list AS333-BLOCK AS3331-BLOCK
>> match as-path 20
>> set community 1234:567
>> !
>> ip as-path access-list 20 permit ^(_111)+$ ip as-path access-list 20
>> permit ^(_222)+$ ip as-path access-list 20 permit ^(_222)+(_2221)+$ ip
>> as-path access-list 20 permit ^(_333)+$ ip as-path access-list 20 permit
>> ^(_333)+(_3331)+$ !
>> ip prefix-list AS111-BLOCK seq 5 permit 1.2.3.4/19 ip prefix-list
>> AS222-BLOCK seq 5 permit 5.6.7.8/24 ip prefix-list AS2221-BLOCK seq 5
>> permit 9.10.11.12/19 ip prefix-list AS333-BLOCK seq 5 permit
>> 12.14.15.16/21 ip prefix-list AS3331-BLOCK seq 5 permit 18.19.20.21/19
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
More information about the juniper-nsp
mailing list