Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Configuring Management Access
You can manage the QFX Series remotely, using the J-Web interface, which uses Hypertext Transfer Protocol (HTTP) to communicate with the switch. HTTP allows easy Web access but no encryption. The data that is transmitted between the Web browser and the switch by means of HTTP is vulnerable to interception and attack. To enable secure Web access the switch supports HTTP over Secure Sockets Layer (HTTPS). You can enable HTTP or HTTPS access on specific interfaces and ports as needed.
Navigate to the Secure Access Configuration page by selecting Configure > System Properties > Management Access. On this page, you can enable HTTP and HTTPS access on interfaces to manage the QFX Series through the J-Web interface. You can also install SSL certificates and enable Junos XML management protocol over SSL with the Secure Access page.
- Click Edit to modify the configuration. Enter information into the Management Access Configuration page as described in Table 21.
- To verify that Web access is enabled correctly, connect
to the switch using the appropriate method:
- For HTTP access—In your Web browser, type http://URL or http://IP address.
- For HTTPS access—In your Web browser, type https://URL or https://IP address.
- For SSL Junos XML management protocol access—To
use this option, you must have a Junos XML management protocol client
such as Junos Scope. For information about how to log on to Junos
Scope, see the Junos Scope Software User Guide.
Note: After you make changes to the configuration on this page, you must commit the changes for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes for details about all commit options.
Table 21: Secure Management Access Configuration Summary
Field | Function | Your Action |
|---|---|---|
| Management Access tab | ||
Management Port IP (for me0 and me1 | Specifies the management port IP address. | To specify an IPv4 address:
|
Loopback address | Specifies the IP address of the loopback interface. | Type an IP address. |
Subnet Mask | Specifies the subnet mask for the loopback interface. | Enter the subnet mask or address prefix. |
Default Gateway | Defines a default gateway through which the switch directs packets addressed to networks that are not explicitly listed in the bridge table constructed by the switch. | For an IPv4 address, type a 32-bit IP address, in dotted decimal notation. |
| Services tab | ||
Services | Specifies services to be enabled: telnet and SSH. | Select this tab to provision the required services. |
Enable JUNOScript over Clear Text | Enables clear text access to the Junos XML management protocol XML scripting API. | To enable clear text access, select the Enable Junos XML management protocol over Clear Text check box. |
Enable JUNOScript over SSL | Enables secure SSL access to the Junos XML management protocol XML scripting API. | To enable SSL access, select the Enable Junos XML management protocol over SSL check box. |
JUNOScript Certificate | Specifies SSL certificates to be used for encryption. This field is available only after you create at least one SSL certificate. | To enable an SSL certificate, select a certificate from the Junos XML management protocol SSL Certificate list—for example, new. |
Enable HTTP | Enables HTTP access on interfaces. | To enable HTTP access, select the Enable HTTP access check box. Select and clear interfaces by clicking the direction arrows:
|
Enable HTTPS | Enables HTTPS access on interfaces. | To enable HTTPS access, select the Enable HTTPS access check box. Select and deselect interfaces by clicking the direction arrows:
|
| Certificates tab | ||
Certificates | Displays digital certificates required for SSL access to the switch. Allows you to add and delete SSL certificates. | To add a certificate:
To edit a certificate, select it and click Edit. To delete a certificate, select it and click Delete. |
