Re: [j-nsp] Routing packets through the management interface?

From: Gary Tate (gtate@juniper.net)
Date: Wed Mar 06 2002 - 03:45:19 EST


On Wed, 2002-03-06 at 04:22, William Charnock wrote:
> Greetings All,
>
> We're trying to run some tests on some M160's, but have discovered that
> packet forwarding is disabled on the management ports of the routers. I have
> determined that packets with the LSRR option are able to be forwarded...
> Anyone know of a workaround to allow packet forwarding on the fxp0 port to
> function normally?

This is as designed. This is for a number of reasons of which security
and protection of the Routing Engine being the most critical.

Allowing routing to the management port would mean that data from the
network interfaces would have to be directed over the same connection as
used by the RE to send and receive control traffic.

Allowing external access to your management network which is normally
connected to or part of your corporate network is always a risk not
worth taking.

Gary

>
> Thanks,
>
> --
> William R. Charnock
> Director Core Technology
> Allegiance Telecom, Inc.
> 469.259.2260 (V)
> 469.259.9079 (F)
>

-- 

Gary Tate | Juniper Networks EPOC Systems Engineer | Juniper House DDI : +44 (0)1372 385654 | Guildford Road Voicemail: +44 (0)1372 385654 | Leatherhead Mobile : +44 (0)7789 407869 | Surrey KT22 9JH FAX : +44 (0)1372 385503 | URL: http://www.juniper.net E-mail : gtate@juniper.net | URL: http://www-in.juniper.net/~gtate/



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:39 EDT