Mailing List Archive

On Thu, 9 Nov 2023 at 10:38, Chen Jiang via juniper-nsp
<juniper-nsp@puck.nether.net> wrote:

> Just want to confirm if Juniper backup routing engine could authenticate
> users from in-band interface like ge-0/0/0 to the AAA server?
>
> If not, do we have a solution? The scenario is MX960 with dual RE and no
> OOB network. But need to authenticate users login backup RE from AAA.

No solution. Well sort of hacky solution, if you route AAA server
statically over FXP/EM. But generally speaking, hard no, only local
authentication on backup RE.

But luckily they've fixed this awkward mismatch, and no remote
authentication on either console on EVO at all. Another thing that
might surprise people is that the lo0 filter no longer applies to
EM/FXP ports in EVO.

Ideally we'd all be asking vendors to implement true lights out
ethernet ports, with dedicated control-planes, like Cisco CMP. So we
could get rid of problematic RS232 and useless in-band MGMT ports
(EM/FXP are actively dangerous).
--
++ytti
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Saku Ytti via juniper-nsp <juniper-nsp@puck.nether.net> writes:

> Ideally we'd all be asking vendors to implement true lights out
> ethernet ports, with dedicated control-planes, like Cisco CMP. So we
> could get rid of problematic RS232 and useless in-band MGMT ports
> (EM/FXP are actively dangerous).

So much this. Lights out management has been standard on servers for a
long long time, including being able to power on remotely and mount
ISOs. Network equipment vendors, please deliver true lights out.

/Benny

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp