We put a router in place to do NAT for the local subnet of the fxp. Alternately, you can just put static routes in for specific management subnets pointing out the fxp port...
________________________________ From: Serge Vautour <sergevaut...@yahoo.ca> To: Chen Jiang <iloveb...@gmail.com>; Jim Devane <jdev...@switchnap.com> Cc: "juniper-nsp@puck.nether.net" <juniper-nsp@puck.nether.net> Sent: Thu, July 8, 2010 10:26:24 AM Subject: Re: [j-nsp] Managing MX480 fxp0 Putting fxp0 in a LS works from a routing perspective but it breaks NSR & GRES - at least it does in 10.0R2. I have a JTAC case pending. Serge ----- Original Message ---- From: Chen Jiang <iloveb...@gmail.com> To: Jim Devane <jdev...@switchnap.com> Cc: "juniper-nsp@puck.nether.net" <juniper-nsp@puck.nether.net> Sent: Thu, July 8, 2010 4:54:15 AM Subject: Re: [j-nsp] Managing MX480 fxp0 You cannot put fxp0 into VRF but could put it into a logical system. And logical system also have a seperate routing table other than inet.0. On Thu, Jul 8, 2010 at 3:16 AM, Jim Devane <jdev...@switchnap.com> wrote: > Hello, > > I need some ideas/help on a scenario I am sure comes up a lot but having > problems with. > > I have an MX480. I want to be able to manage this MX from an internal > (1918) network through the fxp0 port. The internal network is not flat but > routed and there are several subnets which may contact the MX for > management/polling. I was thinking/hoping to set up a VRF for this port and > set routes/default route for the VRF to connect. It turns out I am not able > to put fxp0 into a routing-instance. (errors on config checkout) > So I put everything production in to a logical system leaving the fxp in > the master instance and installing a default route for the master instance. > This works, but now the MS-DPC will not export flows if it is in a logical > system. So the logical system is out b/c the MS-DPC has to be in the master > instance. But I can't but the fxp0 into a logical/routing instance. > > What is the BCP/recommended method for managing this box if fxp0 is not a > "public" routed interface? > > Unfortunately, I don't have another port to place into a VRF besides the > fxp0 (all other ports are 10G) > > Thanks for any help/ideas! > Jim > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- BR! James Chen _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp