How to limit traffic from web server to a user on another network?
Hi all.I need to limit traffic web server to a user on another network. With this a policer below I can deny access from this user?familyinet {filter Block-user {term one {from {source-address...
View ArticleClik here to view.
BNG dhcp-local-server and option 60
Hello again We`ve got an interesting situation with option 60.So i`ve got pc with pxe enabled that is connected to MX as subscriber.And i got Discover with Option 60 and value of...
View ArticleRe: BNG dhcp-local-server and option 60
Hi, I doubt that MX trasmits out NAK due to option 60. I think MX transmits NAK due to Option 50 in Request pkt from client in which the Client/CPE is requesting or hinting for a specfic IP...
View ArticleClik here to view.
Re: BNG dhcp-local-server and option 60
We have 91.247.248.199 in offer and 91.247.248.199 in clients request.Same IP address goes for this client because of Framed-Ip-Address that is sending RADIUS for his username But still we got NAK...
View ArticleClik here to view.
Re: BNG dhcp-local-server and option 60
I over look that IPAddr as offered. My bad! Anyways, I tested in with vendor class "MSFT 5.0" & works fine (attach pcap snap from my test). Hope you're also returning "framed-ip-netmask" along...
View ArticleRe: How to limit traffic from web server to a user on another network?
Question says "can deny access from this user" but the source-address on firewall is of Webserver, can you confirm the direction of traffic? Is it from User to Webserver or Webserver to User and on...
View ArticleQoS VoIP Issue still
Hi, Many apologies for disturbing you experts with this issue again, but I am having real problems even getting the basic working: So, I have the following as a test: BGP Router --> Core1 -->...
View ArticleRe: QoS VoIP Issue still
Is it possible that the following is occuring: Juniper sees the Voice traffic as "46" DSCP - 101110 because it only reads the leading 6 bits...... However, when an extended ping is completed from a...
View ArticleRe: BNG dhcp-local-server and option 60
Hello again.Apr 3 14:00:49.302627 [MSTR][INFO] [default:default][SVR][INET][demux0.3221905481] jdhcpd_io_process_ip_packet: LOCAL: recv pkt; sa 0.0.0.0; da 255.255.255.255; src_port 68; dst_port 67;...
View ArticleRe: BNG dhcp-local-server and option 60
Problem is that Vendor id changes during pc boot process.
View ArticleRe: Interface rlt for logical system on JunOS 17.x
Hi, Cloud. I recently came across a similiar issue after upgrading from 15.x code to 17.2R2.8. I confirmed the ARP table had no entry for the RLT interfaces and the output of show interface...
View ArticleRe: Multiple Upstream and 2 private peering FBF not working properly
Hi Steve, I have three different uplink provider having connected with BGP and have two private peering also have BGP. This all setup have been configured with failover.All my LAN prefixes advertised...
View ArticleRe: EVPN route reject due to the lack of a valid target community
I guess the vrf-target is root cause. I suggest you give all the VNI the same RT(Just have a try). Configurations are as below:protocols {evpn {encapsulation vxlan;extended-vni-list all;multicast-mode...
View ArticleRe: QoS VoIP Issue still
Okay, so I made a couple of changes as I realised that the firewall filter for the Classifier appears to be for unmarked traffic that can be marked upon Egress.... so, I just left in the DSCP command...
View ArticleBGP Routing to available address
Hi, Just some nigly results from testing. I have the following setup: DNS (192.168.1.1/29) --> (192.168.1.2/29) SRX (192.168.100.1/30) --> (192.168.100.2/30) Core1 (172.16.16.1/30) -->...
View ArticleRe: BGP Routing to available address
Just a thought. Do you see the reverse route for the source IP on DNS?
View ArticleRe: QoS VoIP Issue still
Ignore the Classifier part. I have now got that working. I still have the issue where the traffic is being sent to the BE-Data queue (Best Effort) and not the voice queue.... I am looking at a...
View ArticleRe: QoS VoIP Issue still
Okay, I now have it working. The data is going to the correct queue. Just for peoples information... Cisco do indeed add the 2 bits to the CoS type of service... so, normally SIP VoIP would look like...
View ArticleRe: BGP Routing to available address
Hi Kingsman,From the SRX address (Facing the DNS) and routing-instance ninegroup-dns, I can ping the BGP router interface.... I cannot test from the DNS server itself as the systems guy is currently...
View ArticleRe: BGP Routing to available address
I have seen such issue where missing route on the server caused this type of issue.You can ask your server guy to try ping/traceroute from DNS to BGP router and check. They may need to add a route in...
View Article