07-22-2011 07:43 AM
I've recently acquired a couple of EX2200 switches to act as our external L3 for our Metro-E connection to the Internet.
I'd like to set up the OOB management interface but I have a couple of questions:
When I performed basic setup, it asked me which method of management I wanted to configure. I configured OOB management, assigned an IP / Mask / Defautl Gateway. Once I got into configuring my RVIs, the system showed that the default that I put in for the management interface was the default for the entire routing platform.. This doesn't seem to me like the OOB management interface is truly OOB. I haven't tested it, but it seems to me that if the routing for that interface goes into the general routing table for the switch, that the switch would then start routing traffic out of that interface (Being that this is an external switch, this would be highly undesirable for what I want to accomplish.)
Am I missing something obvious here, or is the management interface basically just another port that is part of the switching fabric?
Thanks for any advice!!
07-23-2011 12:37 AM
not missing anything. its not truly OOB as youv'e found out.. I've asked for this for 4yrs now and have gotten nothing from Juniper..
Every other vendor is doing a vrf for the mgmt interface except Juniper.. Please complain to your account managers.
07-24-2011 05:45 PM
The Management interface on all Juniper platforms never allows for transit traffic. In other words, traffic which comes in a normal transient interface can never be sent to the management interface. Besides, why would you put a default to your management interface. If you truly have an out-of-band management network, you should be able to create a more specific route pointing to your management network.
I am sure you can complain to account managers, but this is the way it's been done since Junos was first developed. Understanding that frames entering a transient interface can never be forwarded to the management interface is important to this design.
JNCIE-SEC, JNCIE-SP, JNCIE-ENT, JNCI
Technical Trainer, Juniper Networks
Follow us on Twitter @JuniperEducate
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!