in other words, is the command:
unset interface ethernet1/1 ip manageable redundant?
I was thinking that for security purposes, it would probably make sense for Netscreens to only enable management on the mgt port, but I can't find any reference to this in the Netscreen manual. Actually, I couldn't even find a reference to the "manageable" command in the Juniper Netscreen Screen OS CLI guide: http://www.juniper.net/techpubs/software/screenos/screenos5x/screenos5xidp1/CLI_5.0.0-IDP1.pdf
The config file I'm looking at will have a command like:
set interface ethernet1/1 manage-ip XXX.XXX.XXX.XXX
and then
unset interface ethernet1/1 ip manageable
I know the first command will set the ip of the management port on that interface, but I'm not sure if the next command is actually necessary, because I see later that the net admin did something like:
set interface ethernet1/1 manage ping
set interface ethernet1/1 manage ssh
set interface ethernet1/1 manage snmp
set interface ethernet1/1 manage ssl
...I'm not sure why they would bother doing that, if management on that interface is enabled by default. But if it isn't enabled by default, why bother with the "unset" command?
If this varies depending on the Netscreen device, please let me know so I can be more specific.
I found this little gem in the ScreenOS 6.3 administration manual on page 37: