On Thu, 9 Nov 2023 at 10:38, Chen Jiang via juniper-nsp <[email protected]> wrote:
> Just want to confirm if Juniper backup routing engine could authenticate > users from in-band interface like ge-0/0/0 to the AAA server? > > If not, do we have a solution? The scenario is MX960 with dual RE and no > OOB network. But need to authenticate users login backup RE from AAA. No solution. Well sort of hacky solution, if you route AAA server statically over FXP/EM. But generally speaking, hard no, only local authentication on backup RE. But luckily they've fixed this awkward mismatch, and no remote authentication on either console on EVO at all. Another thing that might surprise people is that the lo0 filter no longer applies to EM/FXP ports in EVO. Ideally we'd all be asking vendors to implement true lights out ethernet ports, with dedicated control-planes, like Cisco CMP. So we could get rid of problematic RS232 and useless in-band MGMT ports (EM/FXP are actively dangerous). -- ++ytti _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
