Switching

last person joined: 21 hours ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  Difference between CON and MGMT port on back of EX-4200?

    Posted 01-27-2010 14:03

    I was doing some updates on my EX-4200 and wanted to know what the difference between the CON and MGMT ports on the back of the switch are. When would one use one over the other?


    Thanks in advance!



  • 2.  RE: Difference between CON and MGMT port on back of EX-4200?

    Posted 01-27-2010 14:21

    CON is for the serial connection while MGMT is for out of band ethernet connectivity. 



  • 3.  RE: Difference between CON and MGMT port on back of EX-4200?

    Posted 01-27-2010 14:24

    When you mean out of band management would an example be if one want to webmanage the switch if all the front ports were used one could use the MGMT port. Is it equivalent to the "AUX" port on Cisco devices? I noticed the J series router have AUX instead of MGMT.

     

     



  • 4.  RE: Difference between CON and MGMT port on back of EX-4200?

    Posted 01-27-2010 15:23

    The MGMT port corresponds to the internal me0 I/F (or vme if chassis) - unlike front port I/F it is a non-transit I/F so no traffic can come and go. It is used for management services only. You have the option when configuring the switch to enable (and restrict) management to OOB (out of band) through the MGMT I/F, or allow for management from either the default or a specific VLAN (in band management). It has nothing to do with the number of front ports available.  

     

    AUX on the Cisco is used for modem access if I recall correctly.

    AUX on the J-series is not used for management nor modem access. Last time I read about it - it was for future use.



  • 5.  RE: Difference between CON and MGMT port on back of EX-4200?

    Posted 01-29-2010 12:29

    Because of convience, many people when they wish to connect to their switch for administrating something, they simply telnet/ssh to the IP address that is assigned on the native vlan of the switch.  (Or, if it's a L3 switch you can connect via ANY vlan that has an IP address configured on it)

     

    However - one danger of this method occurs when/if that VLAN is having a broadcast storm.  If you're accustomed to connecting to your switch via the VLAN.2 IP address and VLAN.2 is having a storm, then you're screwed because the storm congests the VLAN so much that you can't reach it, making it impossible to connect to your switch to fix.

     

    The Managment interface allows for an administrator to configure an IP address on it that is on an entirely different network.  This way, if VLAN2 with an IP of 192.168.1.10/24 is down for whatever reason (storm) - you can ssh/telnet to 192.168.2.10/24 that's assigned to the management interface of the switch and still administrate "i.e. Manage" it.

     

    I know I just gave a single reason with a simple scenario, but I think it suffices.



  • 6.  RE: Difference between CON and MGMT port on back of EX-4200?

    Posted 06-27-2016 23:44

    I want to create a DCN network and want to know if any storm occur from server/Lan side  in below case  then can i login into the switches during the issue via Managment port.

    note-: currently i am doing SSH into the switch  via PE router.DCN question.png



  • 7.  RE: Difference between CON and MGMT port on back of EX-4200?

     
    Posted 06-28-2016 07:38
    It's hard to give a complete answer without more detail. If the switch is experiencing a broadcast storm it's likely that routing processes and other control plane functions will fail because of high cpu making the mgmt port moot. It's worth noting that juniper's mgmt port has forever been mgmt in name only. Return traffic uses the switch's routing table, meaning unless you are accessing the mgmt port from the same subnet your session will be affected by whatever issues or security policies you have in place for revenue traffic.


  • 8.  RE: Difference between CON and MGMT port on back of EX-4200?

    Posted 06-29-2016 04:13

    Thanks for your reply.

     

     if storm occur from any port then switch CPU will be very high and in that situtation will i able to login from DCN router using management  subnet or not.

     



  • 9.  RE: Difference between CON and MGMT port on back of EX-4200?

     
    Posted 06-29-2016 08:32

    This is one of the most basic principles of all Junos products - seperation of Control Plane and Data Plane, so that one does NOT lose mgmt visability under such circumstance.  Both CON and Mgmt are connections to the CPU.  The CPU has built-in protection mechanisms to either block or rate-limit such traffic, so that Mgmt stays up, either via Console or Mgmt IF Mgmt is on a completely separate OOB (you use term DCN - distributed control network?) that is not affect by such a storm or something else.

     

    You can pump the data plane with as a big a storm as you like, and Concole and Mgmt access will stay up.

     

    There are also recommendations for additional CPU/RE protection (see MX docs for sure) setting which obe would apply to lo0 interface, but a broadcast storm is already cared for.  These additional protections can be apply to any RE/lo0 interface for any Junos product.  The actual amount of additional support functions will depend on the exact product.