Switching

Hi,

I am a complete n00b so please bare with me.

We just got an EX3200 and I set up the IP for the management console. I am only able to get to the management console if I plug my computer directly to it. If I connect my PC to the switch and go to the IP I get nothing. If I connected a cable from the management port to any port on the switch then I plugged my PC in to another port then I was able to get to it.

Is this the correct "fix" to get to it remotely or should I be doing something else ?

Thanks.

Dovid

Have you configured inbound or outbound management? If outbound, you have to use the management port on the rear side of the switch. Post your switch configure to have a look.

Regards,

Dominik

Hi,

I am a super super n00b. Can you please explain "Have you configured inbound or outbound management?".

Basicly under: Configure -> System Properties -> Management Access: I set the management access port to: 192.168.1.3.

If my computer is connected to the management port in the back then I can get to the web interface. If my computer is plugged in to any of the ports on the switch then it will not work. The only way to have my computer work when plugged in to one of the "regular" ports on the switch is to have a netwroking cable go from the management port in the back to a port in the front of the switch.

Attachment(s)

config_file.txt   4 KB 1 version

Hi,

no problem and welcome to the Juniper world. As I suspected, you configured out of band management. Here is a short explanation: The switch can be configured inbound or outbound. The difference is that the inbound management allows you to connect to the switch by using the normal switch ports. But the Juniper switch has also a management port on the rear side. You can use it to connect to the switch without using the normal ports what provides extra security (this is of course a very simplified explanation). You have configured this port so you can't reach this IP address through the normal ports


me0 {
    unit 0 {
            family inet {
                address 192.168.1.3/24;
            }
        }
    }

To change the config to what you expect, issue the following commands:

delete interfaces me0
set interfaces vlan.0 family inet address 192.168.1.3/24
set vlans default l3-interface vlan.0

and commit that.

Regards,
Dominik

Dominic,

Thank you for the fast reply.

1) Why in the initial set up would the device be set up this way (granted I could set up with vlan0 but I do not have much expirience with that and I wanted to stay away from that).

2) Can you explain what me0 is and the config there as well as the lines that you posted ? Once I am hear figuring things out I may as well learn for next time.

3) How do I commit the changes ? I assume there is a comand called commit ?

Thanks.

Dovid

UPDATE:

I tried the commands via SSH and I got an error on everyone.

root@sw1% delete interfaces me0
delete: Command not found.
root@sw1% set interfaces vlan.0 family inet address 192.168.1.3/24
set: Syntax Error.
root@sw1% set vlans default l3-interface vlan.0
set: Syntax Error.
root@sw1%

Hi,

first you have to issue "cli" + ENTER and then "configure" + ENTER. The first is only necessary as root and the latter activates the configuration mode. And yes, "commit" + ENTER applies your changes.

The initial setup wizard (EZSetup) asks you on some point if you like inbound or outbound management. If you ask inbound, it configures vlan.0, if you say outbound, it configured the me0 interface.

me0 is the name of the management interface. I don't know it for sure, but I would suspect it just means Management Ethernet (port).

I think it would be the best if you review the excellent learning resources for the switching platform. This should give you a fast introduction on how the Juniper switches work and how you should configure it.

Just sign up (for free) at the Juniper fast track website (https://learningportal.juniper.net/juniper/user_fasttrack_home.aspx). There you can review a short video training (see the link to Take the Juncos as a Switching Language eLearning course) and download a training PDF under the Review Study Resources link.

If you have questions, just ask.

Regards,

Dominik

Dominik,

Thanks for the help. Now I remember why I did it the previous way. The issue was that I was not able to set up https management to the switch if it was set this way. From what it seems I can only configure https if I use the management port (me0). Am I wrong on this ?

Thanks for all the time.

Dovid

https should work on every interface it is configured on. Issue a

set system services web-management HTTPS interface vlan.0

command and it should work. The common things that make https not work as expected is that switches outside the USA and Canada are delivered with the export version of JUNOS that lacks the encryption necessary for https. Therefore it doesn't work and you have to download and install the domestic version from the Juniper website. Also the JUNOS for the EX series switches doesn't allow you to generate a self signed certificate (contrary to the JUNOS for the SRX series firewalls). You have to install a certificate on your own.

Regards,

Dominik

Dominic,

The switch did not like the command that you posted:

[edit]
root@sw1# set system services web-management HTTPSinterfacevlan.0

The switch was bought in Israel, Asia. When logging in to the switch if I set management port to the IP that I want in there I have all the options that I need. If it is set up the way you suggested (and the way that I did it) the IP shows up in the vlan which i guess is fine but then I have no control of the management.

it seems that the only place that I have great control over management is if I set it up on the Management port.

Dovid

UPDATE:

It seems that I need to learn a bit more before I run with my assumptions. I tried now with https and it worked. I put in a wildcard ssl that we have and it worked. I thought I would need to have a management IP there to use the https.

I signed up for Juniper Learning. Thanks for the URL. It will come in to good use as we are also getting two no SSG520M routers tomorrow.

Hi,

possibly the spell checker has malformed the command. It should read as:

set system services web-management https interface vlan.0

You can ommit the s in https to enable http access which should be fine as long as you are only locally connected.

Regard,s

Dominik

Dominik,

Why would it only work locally ?

Dovid

My post was a little bit misleading. It will of course work either if your are locally connected or connect from remote. But in http the password is transmitted in clear text which is not a problem if you are locally connected (no one can intercept your packets) but is is if you connect remotely.

That's what I wanted to express. Sorry for this confusion.

Regards,

Dominik