Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Understanding 0.0.0.0/0 in ScreenOS Access Lists

0

0

Article ID: KB13542 KB Last Updated: 11 Mar 2009Version: 1.0
Summary:

When configuring an access-list for a route update filter, specifying 0.0.0.0/0 can be misunderstood as the default route, but it means 'all routes'.

Symptoms:

In ScreenOS, when configuring an access-list for a route update filter (route map), such as in the RIP or OSPF protocol, there are 2 options:

1. Default-route
2. IP <ip address/netmask>       (and one could specify  0.0.0.0/0, thinking it is the default route)
For example, the following to options are available when configuring an access-list:
ssg5-serial-wlan-> set vr trust access-list 1 permit ?
default-route      Default route
ip                 ip/netmask based access list
NOTE:  IP 0.0.0.0/0 can be misunderstood to default route but it means 'all routes' in ScreenOS.

In some vendor's router configuration, when editing an access-list, 0.0.0.0 0.0.0.0 stands for a default route. However, specifying 0.0.0.0/0 in a ScreenOS access list it marks down all routes and the specified routes are as being scoped.
Solution:

It is by design in ScreenOS.  0.0.0.0/0 stands for 'all routes' in an access-list.  If required to filter only permit/deny a default-route, use the keyword 'default-route' in the access-list.


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search