<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Junos on </title>
    <link>https://wassimaouadi.com/tags/junos/</link>
    <description>Recent content in Junos on </description>
    <generator>Hugo</generator>
    <language>en</language>
    <lastBuildDate>Sun, 07 Jun 2026 21:31:13 +0200</lastBuildDate>
    <atom:link href="https://wassimaouadi.com/tags/junos/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Static Routing</title>
      <link>https://wassimaouadi.com/technotes/junosstaticrouting/</link>
      <pubDate>Sun, 07 Jun 2026 21:31:13 +0200</pubDate>
      <guid>https://wassimaouadi.com/technotes/junosstaticrouting/</guid>
      <description>&lt;h1 id=&#34;next-hop-values&#34;&gt;Next Hop Values&lt;/h1&gt;&#xA;&lt;p&gt;On R2, verify that there is a BGP route to 1.1.1.1.&lt;/p&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;user1@R2&amp;gt;&#xA;user1@R2&amp;gt; show route 1.1.1.1&#xA;&#xA;inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)&#xA;+ = Active Route, - = Last Active, * = Both&#xA;&#xA;1.1.1.1/32         *[BGP/170] 5d 13:58:29, localpref 100&#xA;                      AS path: 17 17 17 17 I, validation-state: unverified&#xA;                    &amp;gt;  to 10.10.10.1 via ge-0/0/1.0&#xA;&lt;/code&gt;&lt;/pre&gt;&lt;p&gt;On R1, configure static route to 10.22.1.32/27 with next-hop 10.10.10.2, preference 6. The ping from R1&amp;rsquo;s loopback to R2&amp;rsquo;s 10.22.1.34 interface must succeed.&#xA;How RIB looks like, when a static route is configured with a next hop set to the IP address of the directly-attached host:&lt;/p&gt;</description>
    </item>
    <item>
      <title>Restricting SSH Remote Access to Selected Management Stations</title>
      <link>https://wassimaouadi.com/technotes/junosrestrictremoteaccess/</link>
      <pubDate>Sat, 04 Apr 2026 21:31:13 +0200</pubDate>
      <guid>https://wassimaouadi.com/technotes/junosrestrictremoteaccess/</guid>
      <description>&lt;h1 id=&#34;lab-data&#34;&gt;Lab Data&lt;/h1&gt;&#xA;&lt;h5 id=&#34;topology&#34;&gt;Topology&lt;/h5&gt;&#xA;&lt;p&gt;Rocky-Linux &amp;lt;&amp;mdash;&amp;gt; Oob-Router &amp;lt;&amp;ndash;&amp;gt; R1&lt;/p&gt;&#xA;&lt;h5 id=&#34;subnets&#34;&gt;Subnets&lt;/h5&gt;&#xA;&lt;p&gt;Rocky-Linux: .21 &amp;lt;- 192.168.201.0/24 -&amp;gt; Oob-Router:.1 &amp;lt;- 172.17.81.0/24 -&amp;gt; R1:.42&lt;/p&gt;&#xA;&lt;h1 id=&#34;purpose&#34;&gt;Purpose&lt;/h1&gt;&#xA;&lt;p&gt;Connecting to R1 from a remote machine using SSH must be restricted to a list of management stations whith authorized IP addresses.&lt;/p&gt;&#xA;&lt;h1 id=&#34;sample-configuration&#34;&gt;Sample Configuration&lt;/h1&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;root@R1&amp;gt; show configuration policy-options prefix-list WassimRocky &#xA;192.168.201.0/24;&#xA;root@R1&amp;gt; &#xA;root@R1&amp;gt; show configuration firewall family inet filter Filter1 &#xA;term AllowRocky {&#xA;    from {&#xA;        source-prefix-list {&#xA;            WassimRocky;&#xA;        }&#xA;        destination-port ssh;&#xA;    }&#xA;    then accept;&#xA;}&#xA;term PreventOthersSSH {&#xA;    from {&#xA;        destination-port ssh;&#xA;    }&#xA;    then {&#xA;        count CountSSHdiscards;         &#xA;        discard;&#xA;    }&#xA;}&#xA;term AllowOthers {&#xA;    then accept;&#xA;}&#xA;root@R1&amp;gt; show configuration interfaces lo0 unit 0 &#xA;family inet {&#xA;    filter {&#xA;        input Filter1;&#xA;    }&#xA;    address 1.1.1.1/32;&#xA;}&#xA;&lt;/code&gt;&lt;/pre&gt;</description>
    </item>
    <item>
      <title>Activating And Reading Logs at the Protocol Level: Traceoptions</title>
      <link>https://wassimaouadi.com/technotes/junoslogging/</link>
      <pubDate>Thu, 12 Mar 2026 21:31:13 +0200</pubDate>
      <guid>https://wassimaouadi.com/technotes/junoslogging/</guid>
      <description>&lt;p&gt;Provisional reality: Each BGP speaker is dropping the ingress BGP messages from the other BGP speaker.&lt;/p&gt;&#xA;&lt;p&gt;Configuration:&lt;/p&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;&#xA;user1@R2&amp;gt; show configuration protocols bgp group internPeers&#xA;type internal;&#xA;traceoptions {&#xA;    file bgpDebugWassim;&#xA;}&#xA;peer-as 22;&#xA;neighbor 4.4.4.4;&#xA;&#xA;user1@R2&amp;gt;&#xA;&lt;/code&gt;&lt;/pre&gt;&lt;p&gt;Observed reality:&lt;/p&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;user1@R2&amp;gt; show log bgpDebugWassim&#xA;Jul  2 07:54:16 trace_on: Tracing to &amp;#34;/var/log//bgpDebugWassim&amp;#34; started&#xA;Jul  2 07:54:28.866558 advertising graceful restart receiving-speaker-only capability to neighbor 4.4.4.4 (Internal AS 22)&#xA;Jul  2 07:54:28.866776 advertising LLGR receiving-speaker-only capability to neighbor 4.4.4.4 (Internal AS 22)&#xA;Jul  2 07:54:28.871406 bgp_handle_notify:5119: NOTIFICATION received from 4.4.4.4 (Internal AS 22): code 6 (Cease) subcode 5 (Connection Rejected)&#xA;Jul  2 07:56:56.882622 advertising graceful restart receiving-speaker-only capability to neighbor 4.4.4.4 (Internal AS 22)&#xA;Jul  2 07:56:56.882686 advertising LLGR receiving-speaker-only capability to neighbor 4.4.4.4 (Internal AS 22)&#xA;Jul  2 07:56:56.889349 bgp_handle_notify:5119: NOTIFICATION received from 4.4.4.4 (Internal AS 22): code 6 (Cease) subcode 5 (Connection Rejected)&#xA;&#xA;user1@R2&amp;gt;&#xA;&lt;/code&gt;&lt;/pre&gt;&lt;p&gt;Adjusted provisional reality: the BGP speakers do not recognize the source address of the received BGP messages.&#xA;Action: set source addresses of BGP messages on both routers.&lt;/p&gt;</description>
    </item>
  </channel>
</rss>
