Routing
Routing

Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

04.19.17   |  
‎04-19-2017 10:20 AM

Hi Anyone can explain the below command? The command is always at end of group of commands. The word "EXPLICIT_DENY" could be any word. Without this command, what would happen? Thank you

 

 

set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject

 

 

5 REPLIES
Routing

Re: Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

04.19.17   |  
‎04-19-2017 06:03 PM

There is a hierarchy to the policy setup.

 

IMPORT_POLICY is the name of the entire policy which is made up of one or more terms

 

EXPLICIT_DENY is the name of the last term in the policy you are looking at.

 

Both the policy name and the term names are free form text that can be whatever the user wants.  And do not perform any action by themselves.  Only the active methods and match conditions of the policy have affect.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
Routing

Re: Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

04.20.17   |  
‎04-20-2017 12:23 AM

Hello there,


eesunj wrote:

Without this command, what would happen? Thank you

 

 

set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject

 

 


It depends on where this policy is applied.

Without this policy/term, the default protocol policy is the last one and it determines the end result.

https://www.juniper.net/documentation/en_US/junos/topics/concept/policy-routing-policies-actions-def...

For instance, if this policy/term is NOT applied to BGP export, then ALL active BGP routes are exported.

HTH

Thx
Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Routing

Re: Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

04.21.17   |  
‎04-21-2017 06:54 AM

Hi aarseniev, You are answering my question. but I have not understood it completely. Can you give a little bit more explanation? thank you

Highlighted
Routing

Re: Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

04.21.17   |  
‎04-21-2017 11:44 AM

Hi, 

 

This is an explicit default statement having no matching conditions but an action, hence traffic not matched by above terms would be processed this term.  In your case 'reject', hence EXPLICIT_DENY.

 

An anology is 'if - elseif - else' conditions. The explicit_deny is similar to 'else' condition.

 

If the explicit default term is not configured, each specific protocols have implicit/default policies with specific action as defined in:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB16502

 

Cheers,

Ashvin

 

Routing

Re: Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

04.28.17   |  
‎04-28-2017 08:31 AM

Thank you for your explanation!