[j-nsp] Input firewall on lo0 of EX --> ARP issue
Dennis Krul | Tilaa
dennis at tilaa.nl
Thu Jun 14 05:28:03 EDT 2012
On 14 jun. 2012, at 10:07, Ralph Smit wrote:
> Hi Dennis,
>
> We've run into the same issue. I've been told that the architecture of the EX switches requires a packet for an 'unknown' destination to be sent to the Routing-engine for further processing (creating an arp request?), however this packet is filtered by the firewall placed in front of it. So your firewall filter for the routing engine should be so that to also accepts the packets for hosts attached to the switch.
>
> Regards,
>
> Ralph Smit
Hello Ralph,
Thanks for responding :)
Can you think of a way to match traffic for unknown destinations without explicitly specifying all the RE ip's in the input filter?
Regards,
--
Dennis Krul
Tilaa
e: dennis at tilaa.nl
w: http://www.tilaa.nl
More information about the juniper-nsp
mailing list