Re: Block traffic between vlans
Hello, Do you want to block inter vlan traffic on a device that is purely L2 or L2/L3 mix with vlan.x & vlan.y interfaces as default gateways? Regards, Rushikesh
View ArticleRe: Block traffic between vlans
we have 450 vlans in MX 80, and vlan x never be able to access to the vlan y that we want . And also we want to disable spoofing in each vlan without writing too many filters. our main aim to drop...
View ArticleRe: Source Based - Routing
Ok so you are running in pure flow mode. You need selective stateless packet-based...
View ArticleRe: Block traffic between vlans
Hello, For blocking the traffic from one vlan to other, you can use firewall filters. I do not think there is a Screen option on MX that Junos Security devices have for blocking IP spoofing or land...
View ArticleClik here to view.
Re: Block traffic between vlans
actually we do not look for screen option , also srx screens still is not good enough for spoofing https://forums.juniper.net/t5/SRX-Services-Gateway/Completely-spoofed-traffic/td-p/300669we just look...
View ArticleRe: Block traffic between vlans
Depending on your network architecture, you might just want to place the VLAN you want isolated for the others into their own virtual router routing instance. Then you don't need manage filters. So...
View ArticleMX not sending SYSLOG to STRM
Please excuse my ignorance but I've never configred an MX before and haven't even had any class on it - if you know a good video/text that would be great. I've inherited an MX104 in our lab and tried...
View ArticleRe: MX not sending SYSLOG to STRM
Hello, AlfonsoDeMusser wrote: I've inherited an MX104 in our lab and tried to setup syslog to get it back to our SIEM. Basic config isMGMT interfaces SIEM: x.x.255.220 SRX: x.x.255.250 SRX:ge-9...
View ArticleRe: IS-IS route tagging
Not sure if this will show up since it was marked solved, But, i had another question related to this. If i have both wide-metrics-only enabled, as well as traffic-engineering disabled, This is...
View ArticleRe: Block traffic between vlans
Actually our network like this R1 ---- LT0.0 ------- LT0.1 ----- R2 R1 bgp connector R2 virtual router for vlans
View ArticleRe: Block traffic between vlans
So based on this it looks like your R2 is already a virtual router routing instance connect via a logical tunnel to another routing instance or the root routing instance. To isolate the desired vlan...
View ArticleRe: Block traffic between vlans
Hello, You can actually look into this which might be useful. Title:- How to mitigate address-spoofing Denial-of-Service (DoS) attacks using Unicast Reverse-Path...
View ArticleMX 240 air intake temperature
Hi What is the ideal air intake temperature for MX240 handling sizeable amount of traffic. Thanks
View ArticleRe: Rib-groups with aggregate routes
I did try this but it only appears to work to or from the default routing instance and one other VRF, not between VRFs.
View ArticleRe: MX not sending SYSLOG to STRM
aarseniev wrote:The basic syslog config from the MX (from memory so if syntax is a bit off sorry):set system syslog host 192.168.2.2 any anyNOTE: there is also file syslog setup but they seem to work...
View Articleaaa authentication login default local
For Cisco we can configure aaa authentication login default localHow can it be done on Juniper SRX? Thanks!
View ArticleRe: IS-IS route tagging
You are still advertising IPv6 reachability information (TLVs #232 or #236). You can disable itset protocols isis no-ipv6-routing Or I think that you could do the opposite which is to allow only IPv6...
View ArticleRe: MX not sending SYSLOG to STRM
Why are you sending syslog messages to SRX instead of the STRM directly? Like aarseniev said, change that IP to the STRM IP.
View ArticleRe: MX not sending SYSLOG to STRM
Hello, AlfonsoDeMusser wrote:I'm quite confident that if the syslog message would get to the SRX, that it would be routed properly. If You are targeting the SRX IP as systlog destination, then no, it...
View Article