Using the Management Interface

Problem

You want to enable out-of-band management access to the router.

Solution

Configure the router's management interface:

	[edit interfaces]
	aviva@router1# set fxp0 unit 0 family inet address 192.168.70.246/24

Use the following command to configure the J-series management interface:

	[edit interfaces]
	aviva@RouterA> set fe-0/0/0 unit 0 family inet address 10.0.15.1/24

 

Discussion

JUNOS routers provide a separate out-of-band management interface for monitoring the router independently of the network links. This interface is named fxp0 and is an internal Ethernet interface that is permanently installed in the router. The router does not route traffic from network and services interfaces over fxp0, and traffic arriving on this interface is never directed to network interfaces, so you cannot use it to route traffic.

You can connect to the management interface over the network using SSH and Telnet, and SNMP NMS systems can connect to the router using this interface to query for router status and statistics.

This recipe shows how to configure an address for the fxp0 interface. Because it is an Ethernet interface, you can configure a subnet address. You cannot configure a host (/32) address.

Use the show interfaces command to get status about the management interface:

	aviva@router1> show interfaces fxp0
	Physical interface: fxp0, Enabled, Physical link is Up
	 Interface index: 1, SNMP ifIndex: 1
	 Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Speed: 100mbps
	 Device flags : Present Running
	 Interface flags: SNMP-Traps
	 Link type : Half-Duplex
	 Link flags : 4
	 Current address: 00:a0:a5:12:2f:04, Hardware address: 00:a0:a5:12:2f:04
	 Last flapped : Never
	 Input packets : 217004
	 Output packets: 2808

	 Logical interface fxp0.0 (Index 2) (SNMP ifIndex 13)
	 Flags: SNMP-Traps Encapsulation: ENET2
	 Protocol inet, MTU: 1500
	 Flags: Is-Primary
	 Addresses, Flags: Is-Default Is-Preferred Is-Primary
	 Destination: 192.168.64/21, Local: 192.168.71.246,
	 Broadcast: 192.168.71.255

The output shows that this is a 100-Mbps Ethernet interface running in half-duplex mode.

The hardware architecture of the J-series routers differs from the M-series and T-series routers, so instead of fxp0 being the management interface, it is one of the nonremovable Fast Ethernet interfaces, fe-0/0/0. The interface status shows the same basic information as on the M- and T-series routers:

	aviva@RouterA> show interfaces fe-0/0/0
	Physical interface: fe-0/0/0, Enabled, Physical link is Up
	 Interface index: 137, SNMP ifIndex: 29
	 Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled,
	 Source filtering: Disabled, Flow control: Enabled
	 Device flags : Present Running
	 Interface flags: SNMP-Traps 16384
	 Link flags : 4
	 CoS queues : 8 supported
	 Current address: 00:05:85:ca:ca:70, Hardware address: 00:05:85:ca:ca:70
	 Last flapped : 2005-05-04 23:37:59 PDT (1w0d 18:17 ago)
	 Input rate : 0 bps (0 pps)
	 Output rate : 304 bps (0 pps)
	 Active alarms : None
	 Active defects : None

	 Logical interface fe-0/0/0.0 (Index 66) (SNMP ifIndex 39)
	 Flags: SNMP-Traps Encapsulation: ENET2
	 Protocol inet, MTU: 1500
	 Flags: Is-Primary
	 Addresses, Flags: Is-Preferred Is-Primary
	 Destination: 10.0.16/24, Local: 10.0.15.1, Broadcast: 10.0.15.255

While you can actually configure the fxp0 interface on a J-series router, the values are applied to the fe-0/0/0 interface and show up under fe-0/0/0 in the show interfaces output. The recommended procedure is to place all management interface configuration at the [edit interfaces fe-0/0/0] hierarchy level.

The process for configuring many of the JUNOS protocols is to associate one or more interfaces with the protocol to make the interfaces aware that they will be receiving packets for that protocol, and vice versa. You can do this by calling out specific interfaces in the configuration, such as here:

	[edit protocols]
	aviva@RouterA# set pim interface fe-0/0/1

It's often faster and easier just to configure all the interfaces at once:

	[edit protocols]
	aviva@RouterA# set pim interface all

When you do this, you end up configuring the protocol on the out-of-band interface also. It's not considered good practice to do this, so in these cases, you should turn off the protocol on that interface with a disable command.

On an M-series or a T-series router, the command looks like this:

	[edit protocols]
	aviva@router1# set pim interface fxp0 disable

On a J-series router, use a command like this:

	[edit protocols]
	aviva@RouterA# set pim interface fe-0/0/0 disable

The primary reason you want to turn off the protocol is because this is the management interface, and you most likely are not using any routing protocols on it. Disabling the protocol leaves you with a "clean" configuration, because you are configuring only the functionality that you actually want the router to use. If you choose not to disable the protocol on the management interface, routing protocols may establish adjacencies to the fxp0 or fe-0/0/0 interface, but there is no negative impact on the performance of the Routing Engine.


Router Configuration and File Management

Basic Router Security and Access Control

IPSec

SNMP

Logging

NTP

Router Interfaces

IP Routing

Routing Policy and Firewall Filters

RIP

IS-IS

OSPF

BGP

MPLS

VPNs

IP Multicast



JUNOS Cookbook
Junos Cookbook (Cookbooks (OReilly))
ISBN: 0596100140
EAN: 2147483647
Year: 2007
Pages: 290
Authors: Aviva Garrett

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net