03-14-2017 05:28 AM
I was wondering,
Is there a way in JUNOS that we can create a management VRF or something similar on FXP or ME interfaces?
With Cisco there is a way you can create a MGMT VRF and then have a default route in your VRF for all services such as syslog,radius and just general access to the device.
I wanted to achieve something similar in JUNOS but everytime i go to create a vrf on my SRX i get
[edit routing-instances MGMT]
RT Instance: Interface fxp0.0 not supported under routing-instances.
error: configuration check-out failed
Basically i have a lot of remote servers, that need individual static routes, it is just easier to manage with one default for all MGMT servers.
Any help or best practices on doing this would be great
03-14-2017 06:00 AM
On SRX devices, fxp0.0 can not be configured under routing-instance by design.
What you can do is keep fxp0.0 in default routing instance while configuring routing-instances for other production traffic.
03-14-2017 06:11 AM
Unfortunately fxp0 interface cannot be added to RIs but you can create a logical-system for MGT and add fxp0 to it.
The possible caveat is things like snmp polling etc which may require some tweaks.
03-14-2017 07:43 AM
you can put all other interfaces to a routing instance and make fxp0 the only interface on inet.0. Are you trying to avoid multiple /32 routes via fxp0 or any other goals?
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
03-16-2017 10:21 PM
That is true, there is no options to tag a fxp into a routing-instance other than the default routing-instance. You can restrict the users with different privileges while using the Out-of-Band Management ON NECCESITY.
The router should not be configured to route traffic from network and services interfaces over fxp0.
#Please mark my solution as accepted if it helped, Kudos are appreciated as well.
03-18-2017 09:49 AM
Starting in Junos 17.1 on the MX platform we can move mgmt to a routing instance.
Hopefully, it will not take too long for the feature to migrate over the the SRX and other platforms.
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6 ACE PanOS 7