【Juniper技术分享】ITAA JNCIE-SP Bootcamp 课堂练习—— RE保护

ITAA实验室 · 发表于 2012-7-28 12:01:52

lab@R5# show | no-more
family inet {
filter protect-re {
      term RSVP-allow {
         from {
            protocol rsvp;
         }
         then accept;
      }
      term LDP-allow {
         from {
            protocol [ tcp udp ];
            port ldp;
         }
         then accept;
      }
      term BGP-allow {
         from {
            source-prefix-list {
                  configureed-bgp-neighbors;
            }
            protocol tcp;
            port bgp;
         }
         then accept;
      }
      term OSPF-allow {
         from {
            protocol ospf;
         }
         then accept;
      }
      term VRRP-allow {
         from {
            protocol vrrp;
         }
         then accept;
      }
      term SSH-allow {
         from {
            source-address {
                  172.27.0.0/16;
                  192.168.0.0/16;
            }
            protocol tcp;
            port ssh;
         }
         then {
            log;
            accept;
         }
      }
      term SSH-block {
         from {
            source-address {
                  0.0.0.0/0;
            }
            protocol tcp;
            port ssh;
         }
         then {
            log;
            discard;
         }
      }
      term telnet-accept {
         from {
            source-address {
                  192.168.0.0/16;
            }
            protocol tcp;
            port telnet;
         }
         then {
            log;
            accept;
         }
      }
      term TRACEROUTE-allow {
         from {
            protocol udp;
            ttl 1;
         }
         then accept;
      }
      term PING-allow {
         from {
            protocol icmp;
         }
         then accept;
      }
      term DNS-allow {
         from {
            protocol [ tcp udp ];
            port 53;
         }
         then accept;
      }
      term RADIUS-allow {
         from {
            protocol udp;
            port radius;
         }
         then accept;
      }
      term FTP-limit {
         from {
            protocol tcp;
            port [ ftp ftp-data ];
         }
         then policer restrict-ftp;
      }
      term discard-all {
         then {
            discard;
         }
      }
}
}
policer restrict-ftp {
if-exceeding {
      bandwidth-limit 100m;
      burst-size-limit 1500;
}
then discard;
}

[edit firewall]
lab@R5# top show policy-options
prefix-list configureed-bgp-neighbors {
apply-path "protocols bgp group <*> neighbor <*>";
}

接口下应用

[edit]
lab@R5# top show interfaces lo0
unit 0 {
family inet {
      filter {
         input protect-re;
      }
      address 172.27.255.5/32;
}
}

weicisco · 发表于 2012-7-28 14:48:51

wang741 · 发表于 2012-7-28 15:50:08

！！！！！

phoenixzjq1985 · 发表于 2012-7-28 15:52:52

芯随网动 · 发表于 2012-10-3 17:52:40

电脑爱好者X · 发表于 2012-10-17 21:19:25

电脑爱好者X · 发表于 2012-10-17 21:19:34

aolingpanlx · 发表于 2013-12-9 15:27:08

JNCIE-SP bootcamp手册及JNCIE-SP L2VPN Hand-on workbook实验手册如何可以获得呀！

ITAA实验室 · 发表于 2013-12-13 14:15:03

aolingpanlx 发表于 2013-12-9 15:27

登录/注册后可看大图

JNCIE-SP bootcamp手册及JNCIE-SP L2VPN Hand-on workbook实验手册如何可以获得呀！

你好，实验手册仅限我们内部JNCIE会员使用，如果有JNCIE的学习需求，可以联系我们课程顾问，参加JNCIE相关技术培训。咨询QQ：1165772209

纤陌红尘 · 发表于 2014-4-1 08:14:29

huawei1 · 发表于 2014-6-3 19:30:53

lincc · 发表于 2014-11-5 08:37:52

連個說明都沒有啊.

账号		自动登录	找回密码
密码			论坛注册

【Juniper技术分享】ITAA JNCIE-SP Bootcamp 课堂练习—— RE保护

相关帖子

点评

客服中心

投诉建议