Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring Multi Tenancy Tenants


The Tenants profile page displays the resource profile, users, assigned interfaces, zones, and routing instance of the configured tenant systems.

Tenant systems are used when you need to separate departments, organization, or customers and each of them can be limited to one virtual router. The main difference between a logical system and a tenant system is that a logical system supports advanced routing functionality using multiple routing instances. In comparison, a tenant system supports only one routing instance, but supports the deployment of significantly more tenants per system. A master administrator creates a tenant system and assigns an administrator for managing the tenant system. A tenant system can have multiple administrators.

Root users can switch to tenant context by navigating to Configure>Multi tenancy>Tenants page and selecting any one listed instance and clicking Enter TENANT respectively.

Roles supported for Tenant

J-Web supports the following roles with respect to tenant.

  • Root user in normal mode

  • Root user entering as tenant

  • Tenant administrator

  • Tenant read-only user


Tenant administrator and read-only users are created from Tenant wizard by selecting appropriate roles.

If you have opened J-Web in multiple tabs in the browser, and if in one of the tab you switch mode to logical system or tenant, then the other instances of J-Web in the other tabs will automatically switch to logical system or tenant.

J-Web maintains different session for different protocols, such as http or https.

When you refresh the screen, you will not be logged out; instead the screen is refreshed, and you will continue in the same session.

  1. Select Configure>Multi Tenancy>Tenants.

    The Tenants page appears. Table 1 explains the contents of this page.

  2. Click one:
    • Enter Tenant —Select a tenant from the list and enter its system.

    • More—Select this option to view the details of a selected tenant.

    • Add icon (+)—Create a new tenant. Enter information as specified in Table 2.

    • Edit icon (/)—Edit the selected tenant. Enter information as specified in Table 2.

    • Delete icon (X)—Deletes the selected tenant system.

    • Search icon— Enables you to search for a tenant system in the grid.

    • Filter icon —Enables you to filter and display the list of tenants based on a column in the grid.

    • Show Hide Column icon —Enables you to show or hide a column in the grid.

  3. Click Commit icon at the top of the J-Web page. The following commit options are displayed.

    • Commit—Commits the configuration and returns to the main configuration page.

    • Compare—Enables you to compare the current configuration with the previous configuration.

    • Confirm Commit—Commits the configuration; and after 10 minutes, the changes will be rollbacked, and the previous configuration is restored.

    • Discard—Discards the configuration changes you performed in the J-Web.

    • Preferences—There are two tab:

      Commit preferences—You can choose to just validate or validate and commit the changes.

      Confirm commit timeout (in min) —You can select the commit timeout interval.


During report generation if you switch context, then a confirmation message is displayed. Click Yes to stop the report generation and to switch the context. Click No to continue to generate the report and not to switch context.

Table 1: Tenants Profile Page




Displays the name of the tenant system.

Resource Profile

Displays the name of the resource profile.


Displays the tenant system admin and users, and its associated permissions.

Assigned Interfaces

Displays the assigned logical interfaces.


Displays the zones for the tenant.

Routing Instance

Displays the routing instance that is explicitly assigned to the tenant system.

Table 2: Create-Edit Tenant System

Field FunctionAction
Tenant - General Details


Enter a name for the tenant.

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.

Routing Instance

By default the tenant name is taken as the routing instance name.

Tenant Resource Profile

Profile Name

Displays the name of the resource profile.

Enter a unique string with an alphanumeric character and can include underscores; no spaces allowed; 31-character maximum.

Configured Resources

Displays the resources and its reserved or maximum quantity assigned for this resource profile.

Logical Systems/Tenants

Displays other logical systems and/or tenants using this resource profile.


Click one:

  • Add icon (+)—Adds resource profiles.

  • Edit icon (/)—Edits the selected resource profiles.

  • Search icon—Enables you to search a resource profile in the grid.

  • Filter icon—Enables you to filter the selected option in the grid.

  • Show Hide Column Filter icon—Enables you to show or hide a column in the grid.

Create-Edit Tenant Resource Profile

See Configuring Multi Tenancy Resource Profiles for details on creating and editing resource profile.

User Details

You can define tenant administrators and users.

Click one:

  • Add icon (+)—Create users.

  • Edit icon (/)—Edit the selected users.

  • Delete icon—Delete the selected users.

Create-Edit users

User Name

Enter/displays user name.

Maximum length is 64 characters.


Specify the role of the user from the following options:

  • Tenant Administrator

  • Read only Access User

    Note: Logical system or tenant Read Only user can only view the options but cannot modify them.

Select any one option from the drop down list.


Specify the password for the user.

Select a password which is more than 6 characters but less than 128 characters.

Confirm Password

Confirm the password.

Confirm the set password.

Assign Interfaces

Only one logical interface can be part of one tenant, whereas, a tenant can have multiple logical interfaces.

Click One:

  • Enable/Disable —Enable or disable the physical interface.

  • Add icon (+)—Add logical interfaces.

  • Edit icon (/)—Edit the selected users.

  • Delete icon—Delete the selected users.

Create-Edit logical interfaces

Physical Interface Name

Displays the name of the physical interface.

Select a physical interface name from the grid.

Logical Interface Unit

Displays the logical interface unit.

Enter the logical interface unit.


Displays the description.

Enter the description.


Displays the VLAN ID.

Enter the VLAN ID. VLAN ID is mandatory.

IPV4 Address

Displays the IPv4 address.

Enter a valid IP address.

Subnet Mask

Displays the subnet mask.

Enter a valid subnet mask.

IPV6 Address

Displays the IPv6 address.

Enter a valid IP address.

Zone Configuration

Click One:

  • Enable/Disable — Enable or disable the physical interface.

  • Add icon (+) — Create security zones.

  • Edit icon (/) —Edit the selected security zones.

  • Delete icon (X)—Delete the selected security zone.

Create-Edit Security Zones


Displays the name of the zones.

Enter a valid name of the zone.


Displays the description of the zones.

Enter a description of the zone.

Application Tracking

Displays the application tracking support to the zone.

Enables the application tracking support.

Selected interface

Displays the selected interface.

Select an interface.

System service options

Select system services from the following options:

  • all - Specify all system services.

  • any-service - Specify services on entire port range..

  • appqoe- Specify the APPQOE active probe service.

  • bootp - Specify the Bootp and dhcp relay agent service.

  • dhcp - Specify the Dynamic Host Configuration Protocol.

  • dhcpv6- Enable Dynamic Host Configuration Protocol for IPV6.

  • dns- Specify the DNS service.

  • finger- Specify the finger service.

  • ftp- Specify the FTP protocol.

  • http – Specify the web management using HTTP.

  • https- Specify the web management using HTTP secured by SSL.

  • ident-reset- Specify the send back TCP RST IDENT request for port 113.

  • ike- Specify the Internet key exchange.

  • lsping-Specify the Label Switched Path ping service.

  • netconf- Specify the NETCONF Service.

  • ntp - Specify the network time protocol service.

  • ping – Specify the internet control message protocol.

  • r2cp-Enable Radio-Router Control Protocol service.

  • reverse-ssh-Specify the reverse SSH Service.

  • reverse-telnet-Specify the reverse telnet Service.

  • rlogin-Specify the Rlogin service

  • rpm-Specify the Real-time performance monitoring.

  • rsh-Specify the Rsh service.

  • snmp- Specify the Simple Network Management Protocol Service.

  • snmp-trap- Specify the Simple Network Management Protocol trap.

  • ssh-Specify the SSH service.

  • tcp-encap-Specify the TCP encapsulation service.

  • telnet-Specify the Telnet service.

  • tftp-Specify the TFTP

  • traceroute-Specify the traceroute service.

  • webapi-clear-text-Specify the Webapi service using http.

  • webapi-ssl-Specify the Webapi service using HTTP secured by SSL.

  • xnm-clear-text-Specify the JUNOScript API for unencrypted traffic over TCP.

  • xnm-ssl- Specify the JUNOScript API Service over SSL.

Protocols Options

Select a protocol from the following options:

  • bfd - Bidirectional Forwarding Detection.

  • bgp - Broder Gateway protocol.

  • dvmrp - Distance Vector Multicast Routing Protocol.

  • igmp - Internet group management protocol.

  • ldp - label Distribution Protocol.

  • msdp- Multicast source discovery protocol.

  • nhrp- Next Hop Resolution Protocol.

  • ospf- Open shortest path first.

  • ospf3- Open shortest path first version 3.

  • pgm – Pragmatic General Multicast.

  • pim- Protocol independent multicast.

  • rip- Routing information protocol.

  • ripng- Routing information protocol next generation.

  • router-discovery- Router Discovery.

  • rsvp- Resource reservation protocol.

  • sap - Session Announcement Protocol.

  • vrrp – Virtual Router redundancy protocol.

Traffic Control Options

Specify the TCP Reset.

Send RST for NON-SYN packet not matching TCP session.

Release History Table
Root user entering as tenant
Tenant administrator
Tenant read-only user
Root user in normal mode