Understanding Management Interfaces

 

You use management interfaces to access devices remotely. Typically, a management interface is not connected to the in-band network, but is connected to a device in the internal network. Through a management interface, you can access the device over the network using utilities such as ssh and telnet and configure it from anywhere, regardless of its physical location. As a security feature, users cannot log in as root through a management interface. To access the device as root, you must use the console port. You can also use root to log in using SSH.

Note

Before you can use management interfaces, you must configure the logical interfaces with valid IP addresses. Juniper Networks does not support configuring two management interfaces in the same subnet.

Management interface port ranges vary based on device type (and platform support depends on the Junos OS release in your installation):

  • QFX3500 devices:

    The valid port range for a management interface (me) on a QFX3500 device is between 0 and 6, with a total of seven available ports. On a QFX3500 standalone switch, however, you can only configure me0 and me1 as management interfaces. The management interfaces are labeled C0 and C1, and they correspond to me0 and me1. On a QFX3500 Node device, the RJ-45 management interfaces and SFP management interfaces correspond to me5 and me6

  • QFX3600 devices:

    There are two RJ-45 management interfaces (labeled C0 and C1) and two SFP management interfaces (labeled C0S and C1S). On a QFX3600 standalone switch, the RJ-45 management interfaces and SFP management interfaces correspond to me0 and me1. On a QFX3600 Node device, the RJ-45 management interfaces and SFP management interfaces correspond to me5 and me6. Each pair of management interfaces correspond to one Ethernet interface—for example, both RJ-45 management interfaces (labeled C0 and C0s) can correspond to me0, and both SFP management interfaces (labeled C1 and C1S) can correspond to me1. By default, both RJ-45 management interfaces are active. If you insert an SFP interface into the SFP management port (C0S, for example), the SFP interface would become the active management interface, and the corresponding RJ-45 management interface (C0) is disabled.

    Note

    On a QFX3600 device, you can use either the RJ-45 or the SFP management interfaces, but not both at the same time.

  • On QFX5100, QFX5200, and EX4600 switches, there is one RJ-45 management interface (labeled C0 and one SFP management interface (labeled C1), and they correspond to em0 and em1. You can use both management interfaces simultaneously.

  • On QFX10002 and QFX10008 switches, there is one RJ-45 management interface (labeled MGMT and one SFP management interface (labeled MGMT), and they correspond to em0 and em1. Although the CLI permits you to configure two management Ethernet interfaces within the same subnet, only one interface is usable and supported.

  • On OCX Series switches:

    There is one RJ-45 management interface (labeled MGMT), which corresponds to em0. The em0 interface always has the status up in show command outputs, even if the physical port is empty. The me0 interface is a virtual interface between Junos and the host operating system, therefore its status is independent from the status of the physical port.

  • QFabric system:

    On a QFabric system, there are management interfaces on the Node devices, Interconnect devices, and Director devices. However, you cannot access the management interfaces on the Node devices or Interconnect devices directly. You can only manage and configure these devices using the Director device. You can connect to the management interface over the network using utilities such as SSH.

    For information on how to use management interfaces on a QFabric system, see Performing the QFabric System Initial Setup on a QFX3100 Director Group and Gaining Access to the QFabric System Through the Default Partition.