Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Management Access for the EX Series Switch (J-Web Procedure)

 

You can manage an EX Series switch remotely through the J-Web interface. To communicate with the switch, the J-Web interface uses HTTP. HTTP enables easy Web access, but uses no encryption. The data that is transmitted between the Web browser and the switch by means of HTTP is vulnerable to interception and attack. To enable secure Web access the switch supports HTTPS. You can enable HTTP or HTTPS access on specific interfaces and ports as needed.

Navigate to the Secure Access Configuration page by selecting Configure > System Properties > Management Access. On this page, you can enable HTTP and HTTPS access on interfaces for managing the EX Series switch through the J-Web interface. You can also install SSL certificates and enable Junos XML management protocol over SSL with the Secure Access page.

  1. Click Edit to modify the configuration. Enter information into the Management Access Configuration page as described in Table 1.
  2. To verify that Web access is enabled correctly, connect to the switch using the appropriate method:
    • For HTTP access—In your Web browser, type http://URL or http://IP address.

    • For HTTPS access—In your Web browser, type https://URL or https://IP address.

    • For SSL Junos XML management protocol access—To use this option, you must have a Junos XML management protocol client such as Junos Scope. For information about how to log in to Junos Scope, see the Junos Scope Software User Guide.

      Note

      After you make changes to the configuration on this page, you must commit the changes for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes for details about all commit options.

Table 1: Secure Management Access Configuration Summary

Field

Function

Your Action

Management Access tab

Management Port IP/Management Port IPv6

Specifies the management port IP address. The software supports both IPv4 ( displayed as IP) and IPv6 address.

Note: IPv6 is not supported on EX2200 and EX 4500 switches.

To specify an IPv4 address:

  1. Select the check box IPv4 address.
  2. Type an IP address—for example: 10.10.10.10.

    Note: In J-Web Application package Release 14.1X53-A2, EX4600 switches display two management ports, em0 and em1. In Type the IP address and subnet mask for any of the two management ports.

  3. Enter the subnet mask or address prefix. For example, 24 bits represents 255.255.255.0.
  4. Click OK.

To specify an IPv6 address:

  1. Select the check box IPv6 address.
  2. Type an IP address—for example:2001:ab8:85a3::8a2e:370:7334.
  3. Enter the subnet mask or address prefix.
  4. Click OK.

Default Gateway

Defines a default gateway through which to direct packets addressed to networks that are not explicitly listed in the bridge table constructed by the switch.

For IPv4 address type a 32-bit IP address, in dotted decimal notation. Type a 128-bit IP address for IPv6 address type.

Loopback address

Specifies the IP address of the loopback interface.

Type an IP address.

Subnet Mask

Specifies the subnet mask for the loopback interface.

Enter the subnet mask or address prefix.

Services tab  

Services

Specifies services to be enabled: telnet and SSH.

Select to enable the required services.

Enable Junos XML management protocol over Clear Text

Enables clear text access to the Junos XML management protocol XML scripting API.

To enable clear text access, select the Enable Junos XML management protocol over Clear Text check box.

Enable Junos XML protocol over SSL

Enables secure SSL access to the Junos XML management protocol XML scripting API.

To enable SSL access, select the Enable Junos XML management protocol over SSL check box.

Junos XML management protocol Certificate

Specifies SSL certificates to be used for encryption.

This field is available only after you create at least one SSL certificate.

To enable an SSL certificate, select a certificate from the Junos XML management protocol SSL Certificate list—for example, new.

Enable HTTP

Enables HTTP access on interfaces.

To enable HTTP access, select the Enable HTTP access check box.

Select and clear interfaces by clicking the direction arrows:

  • To enable HTTP access on an interface, add the interface to the HTTP Interfaces list. You can either select either all interfaces or specific interfaces.

Enable HTTPS

Enables HTTPS access on interfaces.

To enable HTTPS access, select the Enable HTTPS access check box.

Select and deselect interfaces by clicking the direction arrows:

  • To enable HTTPS access on an interface, add the interface to the HTTPS Interfaces list. You can either select either all interfaces or specific interfaces.

    Note: Specify the certificate to be used for HTTPS access.

Certificates tab

Certificates

Displays digital certificates required for SSL access to the switch.

Allows you to add and delete SSL certificates.

To add a certificate:

  1. Have a general SSL certificate available. See Generating SSL Certificates for more information.
  2. Click Add. The Add a Local Certificate page opens.
  3. Type a name in the Certificate Name box—for example, new.
  4. Open the certificate file and copy its contents.
  5. Paste the generated certificate and RSA private key in the Certificate box.

To edit a certificate, select it and click Edit.

To delete a certificate, select it and click Delete.

Release History Table
Release
Description
In J-Web Application package Release 14.1X53-A2, EX4600 switches display two management ports, em0 and em1.