You could put all other interfaces into a vrf, but that is an idiotic way to do it in my opinion.. If I were to have an 8216 fully poppulated with modules, it would mean i have to put hundreds of interfaces into it. Let alone that JUNOS has a hack implementation of interface-ranges with 10.x, it's just cumbersome..

I asked my SE to put in a feature request to allow VME/FXP interfaces into a VRF.

BuckWeet

Hi BuckWeet

That's a nice request.

I'm not sure you will see it going out quickly !

Still doesn't understand why you're locked with this static "default" route.

Or your OOB network is completely unstructured !

I was just trying to help but it seems that can't be done

Kind regards

The Idiot guy who wanted to help you!

I to have had many times when a dedicated OOB-RI with it's own Default would have saved me plenty of pain.

On some sites it is a legislated requirement to seperate the managment plane traffic from the rest.

I had this issue with 9.4 and as of my testing on 10.1 there still seems to be a lack of urgency from Juniper about this need.

I would imagine this would not be to hard to add in.

On Extreme XOS devices they have VR-Default and VR-MGMT.  You can cretate your own as you require but the OOBMI are all in the MGMT VLAN which is in the VR-MGMT.

It takes about 3 minutes to set this aspect of the product up.

Juniper should start to take this request on board as a OOBM Network should be standard practice for all networks with more than a half dozen switches.

For me the work around was to go inband and to ensure all managment interfaces are access-limited and encrypted.

Regards

Marc

+1

I need my management routing separate to my main routing table.  On a managed customer fw, there's no way the customer equipment should ever see my management network regardless of any fw rules blocking them from management.

I was just about to add exactly that point about Extreme. 

With extreme the MGMT port is predefined with a separate VR instance. 

Separate routing table for both in fact its not possible to route between the 2 which is exactly what you want. 

I still find it hard to belive JUNOS does not support this, the whole point of the MGMT port is it is a separate interface to the management much like the serial port, only IP.

This is an example config to configure the MGMT on an extreme, job done. 

configure vlan Mgmt ipaddress 172.27.233.43 255.255.255.0
configure iproute add 10.0.0.0 255.255.255.0 172.27.233.254 vr VR-Mgmt

Simon

Please don't say this is still a restriction ?? I've just spent the last half an hour trying to do this (yeah, yeah. I'm a cisco head, that's why it took so long )

How would I go about looking to see if it's been scheduled as an enhancement request ?

Stephen - the Juniper party line is that you need to talk to your Juniper Sales Team and get them to submit an enhancement request for you. I don't think you will get any feedback as to where it is in the priority list, or if it is even on the list (unless you have a lot of clout) but the more requests the more Juniper will listen and do the obvious fix.