[j-nsp] Disable telnet/ssh access from virtual routers

Hugo Slabbert hugo at slabnet.com
Wed Jul 15 15:23:31 EDT 2015


On Wed 2015-Jul-15 10:51:58 -0600, Stacy W. Smith <stacy at acm.org> wrote:

>
>> On Jul 15, 2015, at 10:46 AM, Victor Sudakov <vas at mpeks.tomsk.su> wrote:
>>
>> Stacy W. Smith wrote:
>>> https://kb.juniper.net/InfoCenter/index?page=content&id=KB23547
>>>
>>> The article states it applies to VRFs, but it also applies to routing instances of type "virtual-router".
>>>
>>
>> This lo0.x interface does not have to have an IP address, does it?
>
>I haven't tested it myself, but I don't believe it has to have an IP address configured. It does have to have family inet/inet6 configured because that's where you apply the filter, but I don't think it has to have an address configured.

I can confirm that; no IP is needed on the lo0.x units in the VRs/VRFs.

>
>--Stacy
>

--
Hugo


More information about the juniper-nsp mailing list