Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Configuring a Management Interface on a Dedicated Management Port

Management interfaces are the primary interfaces for accessing the device remotely. Typically, a management interface is not connected to the in-band network, but is connected instead to the device's internal network. Through a management interface you can access the device over the network using utilities such as ssh and telnet and configure the device from anywhere, regardless of its physical location. SNMP can use the management interface to gather statistics from the device.

Many types of Junos OS platforms include a dedicated management port on the front panel. For others, you can configure one of the Ethernet ports to act as the management interface. Platforms that use a network Ethernet interface for management include some SRX Series devices and the J Series Services Routers. A network interface can be configured as being dedicated to out-of-band management or as being shared by both management and network traffic.

Even if your device has a dedicated management port, you might prefer to configure a network interface to carry management traffic. For example, your organization might use this approach when cost does not justify a separate management infrastructure.

A dedicated management port supports out-of-band management access with complete physical separation from network traffic within your device. This approach limits access to your device, and thereby the potential for issues. Further, because it only carries management traffic, the management port is fully available to you for analyzing and reacting to issues if your device happens to be under attack.

Configuration of the dedicated management port requires assignment of the IP address that you want to use as the management interface. The interface name that you use depends on the type of device that you are setting up. Some devices use me0, some use fxp0, and some use em0.

To configure a dedicated management port:

  1. Run the show interfaces terse command to determine the name of the dedicated management port on your device.

    In this example, the device uses fxp0 as its dedicated management port.

    user@host> show interfaces terse | match me0

    user@host> show interfaces terse | match em0

    user@host> show interfaces terse | match fxp0
    fxp0                    up    up
  2. Configure the IP address for this device’s dedicated
management port.
    [edit interfaces fxp0 unit 0 family inet]user@host# set address 192.168.187.1/25
    Optionally, instead of configuring the dedicated management
port at the [edit interfaces] hierarchy level, you can
use configuration groups. This is a recommended best practice, especially
if the device has dual Routing Engines.
    [edit groups re0 interfaces fxp0 unit 0 family inet]user@host# set address 192.168.187.1/25

    [edit groups re1 interfaces fxp0 unit 0 family inet]user@host# set address 192.168.187.2/25

    [edit]user@host# set apply-groups re0user@host# set apply-groups re1
  3. Commit the configuration.
    user@host# commit
  4. Confirm the configuration by making sure that the IP address
is configured.
    user@host> show interfaces terse | match fxp0
    fxp0                    up    up
fxp0.0                  up    up   inet     192.168.187.1/25

    If telnet or ssh access is enabled, log
in to the device remotely, using the newly configured IP address.
 
Related Documentation
 
Published: 2013-10-28

						















    

        
        
    












    

        Previous Page
        Next Page