Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    protocols (Security Zones Host Inbound Traffic)

    Syntax

    protocols {(protocol-name | all <protocol-name except>);}

    Hierarchy Level

    [edit security zones security-zone zone-name host-inbound-traffic]

    Release Information

    Statement introduced in Junos OS Release 8.5.

    Description

    Specify the types of protocol traffic that can reach the device for all interfaces in a zone. You can do this in one of several ways:

    • You can enable traffic from each protocol individually.
    • You can enable traffic from all protocols.
    • You can enable traffic from all but some protocols.

    Options

    protocol-name

    Protocol for which traffic is allowed. The following protocols are supported:

    • all—Enable traffic from all possible protocols available. Use the except option to disallow specific protocols.
    • bfd—Enable incoming Bidirectional Forwarding Detection (BFD) protocol traffic.
    • bgp—Enable incoming BGP traffic.
    • dvmrp—Enable incoming Distance Vector Multicast Routing Protocol (DVMRP) traffic.
    • igmp—Enable incoming Internet Group Management Protocol (IGMP) traffic.
    • ldp—Enable incoming Label Distribution Protocol (LDP) traffic (UDP and TCP port 646).
    • msdp—Enable incoming Multicast Source Discovery Protocol (MSDP) traffic.
    • nhrp—Enable incoming Next Hop Resolution Protocol (NHRP) traffic.
    • ospf—Enable incoming OSPF traffic.
    • ospf3—Enable incoming OSPF version 3 traffic.
    • pgm—Enable incoming Pragmatic General Multicast (PGM) protocol traffic (IP protocol number 113).
    • pim—Enable incoming Protocol Independent Multicast (PIM) traffic.
    • rip—Enable incoming RIP traffic.
    • ripng—Enable incoming RIP next generation traffic.
    • router-discovery—Enable incoming router discovery traffic.
    • rsvp—Enable incoming Resource Reservation Protocol (RSVP) traffic (IP protocol number 46).
    • sap— Enable incoming Session Announcement Protocol (SAP) traffic. SAP always listens on 224.2.127.254:9875. New addresses and ports can be added dynamically. This information must be propagated to the Packet Forwarding Engine (PFE).
    • vrrp—Enable incoming Virtual Router Redundancy Protocol (VRRP) traffic.
    except

    (Optional) Disable specific incoming protocol traffic, but only when the all option has been defined . For example, to enable all but BGP and VRRP protocol traffic:

    set security zones security-zone trust host-inbound-traffic protocols all set security zones security-zone trust host-inbound-traffic protocols bgp exceptset security zones security-zone trust host-inbound-traffic protocols vrrp except

    Required Privilege Level

    security—To view this statement in the configuration.

    security-control—To add this statement to the configuration.

     

    Related Documentation

     

    Modified: 2015-10-06

    Previous Page Next Page