Junos
Showing results for 
Search instead for 
Do you mean 
Reply
Visitor
Posts: 7
Registered: ‎10-20-2015
0 Kudos

MGMT VRF and me/fxp interfaces :(

Hi All,

 

I was wondering, 

 

Is there a way in JUNOS that we can create a management VRF or something similar on FXP or ME interfaces?

 

With Cisco there is a way you can create a MGMT VRF and then have a default route in your VRF for all services such as syslog,radius and just general access to the device.

 

I wanted to achieve something similar in JUNOS but everytime i go to create a vrf on my SRX i get 

 

"

[edit routing-instances MGMT]
'interface fxp0.0'
RT Instance: Interface fxp0.0 not supported under routing-instances.
error: configuration check-out failed

"

 

Basically i have a lot of remote servers, that need individual static routes, it is just easier to manage with one default for all MGMT servers.

 

Any help or best practices on doing this would be great

 

Thanks

 

Distinguished Expert
Posts: 573
Registered: ‎08-23-2015
0 Kudos

Re: MGMT VRF and me/fxp interfaces :(

Hello,

 

On SRX devices, fxp0.0 can not be configured under routing-instance by design.

What you can do is keep fxp0.0 in default routing instance while configuring routing-instances for other production traffic.

 

Regards,

 

Rushi

Distinguished Expert
Posts: 574
Registered: ‎08-15-2012
0 Kudos

Re: MGMT VRF and me/fxp interfaces :(

Hi, 

 

Unfortunately fxp0 interface cannot be added to RIs but you can create a logical-system for MGT and add fxp0 to it.

The possible caveat is things like snmp polling etc which may require some tweaks.

 

Cheers,

Ashvin

Distinguished Expert
Posts: 1,098
Registered: ‎08-29-2013
0 Kudos

Re: MGMT VRF and me/fxp interfaces :(

you can put all other interfaces to a routing instance and make fxp0 the only interface on inet.0. Are you trying to avoid multiple /32 routes via fxp0 or any other goals?

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Super Contributor
Posts: 209
Registered: ‎07-18-2012
0 Kudos

Re: MGMT VRF and me/fxp interfaces :(

Hi Folks,

 

      That is true, there is no options to tag a fxp into a routing-instance other than the default routing-instance. You can restrict the users with different privileges while using the Out-of-Band Management ON NECCESITY.

 

  The router should not be configured to route traffic from network and services interfaces over fxp0.

 

-Python
#Please mark my solution as accepted if it helped, Kudos are appreciated as well.
Highlighted
Distinguished Expert
Posts: 5,025
Registered: ‎03-30-2009
0 Kudos

Re: MGMT VRF and me/fxp interfaces :(

Starting in Junos 17.1 on the MX platform we can move mgmt to a routing instance.

 

http://www.juniper.net/techpubs/en_US/junos/topics/task/configuration/mgmt_junos-routing-instance-co...

 

Hopefully, it will not take too long for the feature to migrate over the the SRX and other platforms.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home