SRX

Gents,

 

I try to access the fxp0.0 interface from a reth interface and this seams to be not possible. Is there anyone who configured this? I have tried it on a SRX650 cluster with 10.2r3 and on a SRX210 cluster with 10.4r3 software. Both without success.

 

Any ideas?

 

 

#fxp0

Hi,

 

It's my undestanding these interfaces are for out-of-band management and should be accessed via the management VLAN.  I've come across some odd behavior with these interfaces and typically permit SSH to the Reth.  In the event your concerned about security, you can always use a loopback and Firewall Filters to create a manager-ip approach (like in ScreenOS).

 

John

The fxp0 is for out-of-band management. It is basically a direct connection to the RE. You cannot route from a revenue port to the fxp0 port as a result since all other interfaces goes through dataplane to get to RE.

 

-Richard

Hello,

 

I asked this question, because I thought I made a misconfiguration. I asked my Juniper SE and he told me,

that this should work.

 

Regards,

Stephan

fxp0 is only reachable from the outside, as it's literally an interface on the routing engine.

Yes this works...

 

You can configure RETH on to L3 vlan and terminate fxp0 in the same vlan interface.

 

You shoule be able to access fxp0.

Ok, you say: it is possible to access fxp0 and reth interface from the same vlan and the same subnet ... via the same router.

 

But what if I need to access fxp0 and reth via the same srx box?

I will repeat. Fxp0 is for out-of-band management. You cannot access it via a revenue port. It is only reachable via fxp0 interface itself. You cannot route from reth to get to fxp0. Data plane interfaces cannot route to fxp0 interface.

-Richard