Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Why Use a Dedicated Management Interface

    By default in Junos OS, the management Ethernet interface (usually named fxp0 or em0) provides the out-of-band management network for the device. There is no clear separation between either out-of-band management traffic and in-band protocol control traffic, or user traffic at the routing-instance or routing table level. Instead, all traffic is handled through the default routing instance, giving rise to concerns over security, performance, and how to troubleshoot.

    Starting with Junos OS Release 17.3R1, you can confine the management interface in a dedicated management instance. This action ensures that management traffic no longer has to share a routing table (that is, the default.inet.0 table) with other control or protocol traffic in the system. Instead, there is a dedicated management instance, known as the mgmt_junos routing instance, for management traffic.

    By default, Junos OS routes authentication, authorization, and accounting packets for TACACS+ using the default routing instance. Starting in Junos OS Release 17.4R1, existing TACACS+ behavior is enhanced to support a management interface in a non-default virtual routing and forwarding (VRF) instance. When the management-instance statement is configured, TACACS+ packets are routed through the management instance mgmt_junos.

    Release History Table

    Release
    Description
    Starting in Junos OS Release 17.4R1, existing TACACS+ behavior is enhanced to support a management interface in a non-default virtual routing and forwarding (VRF) instance.
    Starting with Junos OS Release 17.3R1, you can confine the management interface in a dedicated management instance.

    Modified: 2017-11-10