How to Set Up In-Band Remote Management on Junos Devices - dummies

How to Set Up In-Band Remote Management on Junos Devices

By Walter J. Goralski, Cathy Gadecki, Michael Bushong

For in-band remote management, you must first decide which interface you want as your management interface. Generally, management traffic is not excessive, or even substantial, so picking any of the slower interfaces on your router is likely to be enough.

On most devices, a Fast Ethernet connection is more than sufficient to handle management traffic. On lower-end devices, you might choose a serial interface or T1/E1 interface, if there is one.

Connecting the interface is identical to connecting any other interface on the router. Here are the details for using fe-0/1/1:

  1. Connect the cable to the port and ensure that the remote connection is in place.

    When the link lights come up, you’re ready to configure the interface.

    Some interfaces, such as serial interfaces, require some minimal configuration before the link is active. For such interfaces, you must configure the interface as you do with any other interface before the link lights come up.

  2. After wiring up the management interface, configure the interface so that it has an IP address.

    Typically, this configuration is enough to enable the interface:

interfaces {
  fe-0/1/1 {
    unit 0 {
      family inet {

When you configure an in-band management interface, if you are configuring a Layer 3 device such as a router, you need to be aware of how the routing protocols and routing policies will be affected.

Generally speaking, you don’t want to enable routing protocols on the management interface because you want to prevent other routers from establishing adjacencies with your management interface. (In many cases, the management network is the shortest path between two routers! But that’s not what it’s for.)

Make sure that none of the protocols configured on the router (especially those enabled using the interface all configuration statement) are active on the management interface. To disable a protocol on the management interface, use the disable statement:

[edit protocols]
user@Router# set ospf interface fe-0/1/0 disable
[edit protocols]
user@Router# show
ospf {
  interface all;
  interface fe-0/1/0.0 {

In this example, the OSPF protocol is enabled on all interfaces on the router. The disable statement ensures that OSPF doesn’t run on the management interface (fe-0/1/0, in this case).

Similarly, you don’t want route policies to advertise management interface addresses to peering networks. You can prevent advertising management interface addresses to peering networks by explicitly filtering management addresses using a route filter or by carefully constructing routing policies to ensure that routes are not leaked.