Configuring Management Access for the EX Series Switch (J-Web Procedure)
You can manage an EX Series switch remotely through the J-Web interface. To communicate with the switch, the J-Web interface uses HTTP. HTTP enables easy Web access, but uses no encryption. The data that is transmitted between the Web browser and the switch by means of HTTP is vulnerable to interception and attack. To enable secure Web access the switch supports HTTPS. You can enable HTTP or HTTPS access on specific interfaces and ports as needed.
Navigate to the Secure Access Configuration page by selecting Configure > System Properties > Management Access. On this page, you can enable HTTP and HTTPS access on interfaces for managing the EX Series switch through the J-Web interface. You can also install SSL certificates and enable Junos XML management protocol over SSL with the Secure Access page.
- Click Edit to modify the configuration. Enter information into the Management Access Configuration page as described in Table 1.
- To verify that Web access is enabled correctly, connect
to the switch using the appropriate method:
For HTTP access—In your Web browser, type http://URL or http://IP address.
For HTTPS access—In your Web browser, type https://URL or https://IP address.
For SSL Junos XML management protocol access—To use this option, you must have a Junos XML management protocol client such as Junos Scope. For information about how to log in to Junos Scope, see the Junos Scope Software User Guide.
After you make changes to the configuration on this page, you must commit the changes for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes for details about all commit options.
Table 1: Secure Management Access Configuration Summary
|Management Access tab|
Management Port IP/Management Port IPv6
Specifies the management port IP address. The software supports both IPv4 ( displayed as IP) and IPv6 address.
Note: IPv6 is not supported on EX2200 and EX 4500 switches.
To specify an IPv4 address:
To specify an IPv6 address:
Defines a default gateway through which to direct packets addressed to networks that are not explicitly listed in the bridge table constructed by the switch.
For IPv4 address type a 32-bit IP address, in dotted decimal notation. Type a 128-bit IP address for IPv6 address type.
Specifies the IP address of the loopback interface.
Type an IP address.
Specifies the subnet mask for the loopback interface.
Enter the subnet mask or address prefix.
Specifies services to be enabled: telnet and SSH.
Select to enable the required services.
Enable Junos XML management protocol over Clear Text
Enables clear text access to the Junos XML management protocol XML scripting API.
To enable clear text access, select the Enable Junos XML management protocol over Clear Text check box.
Enable Junos XML protocol over SSL
Enables secure SSL access to the Junos XML management protocol XML scripting API.
To enable SSL access, select the Enable Junos XML management protocol over SSL check box.
Junos XML management protocol Certificate
Specifies SSL certificates to be used for encryption.
This field is available only after you create at least one SSL certificate.
To enable an SSL certificate, select a certificate from the Junos XML management protocol SSL Certificate list—for example, new.
Enables HTTP access on interfaces.
To enable HTTP access, select the Enable HTTP access check box.
Select and clear interfaces by clicking the direction arrows:
Enables HTTPS access on interfaces.
To enable HTTPS access, select the Enable HTTPS access check box.
Select and deselect interfaces by clicking the direction arrows:
Displays digital certificates required for SSL access to the switch.
Allows you to add and delete SSL certificates.
To add a certificate:
To edit a certificate, select it and click Edit.
To delete a certificate, select it and click Delete.