Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

SD-LAN with EX Switch

 

LAN Deployment Overview

The SD-LAN deployment focuses on spoke site LAN connectivity using specific EX Series switches and Virtual Chassis (VC). Once deployed, you can manage the connected spoke site LANs through the EX switch or VC. You can also manage many aspects of the EX switch or VC itself. Figure 1 shows a high-level view of an SD-LAN spoke site. It is important to note the Internet Gateway Device depicted in the diagram. The LAN switch at a spoke site must be deployed behind a router or CPE that is capable of routing traffic to CSO.

Figure 1: SD-LAN Spoke Site
SD-LAN Spoke Site

In addition to the SD-LAN deployment shown above, you can deploy EX Series access switches behind existing CPE devices that act as the routers to allow the switch to communicate with CSO. You can deploy EX Series LAN switches and VCs behind SRX Series and NFX250 Series CPE devices. You cannot deploy an EX Series LAN switch or VC behind an NFX150 Series CPE device.

An SD-LAN deployment is performed in the Customer Portal of CSO as an on-premise site deployment. The tenant under which the site is deployed must have the LAN service available. This service is included in the tenant configuration by the tenant administrator during tenant onboarding. The remainder of this document provides the steps that you need to perform in order to complete an SD-LAN deployment in CSO.

SD-LAN Deployment

The procedure you follow to complete this task varies slightly depending on whether you are in the role of a CSO tenant administrator or OpCo administrator. A note is used where needed to account for these variances.

This procedure makes the following assumptions:

  • You have already established your login credentials for CSO

  • The tenant for which you are creating the LAN site is called ExampleCo, and has already been created

  • The ExampleCo tenant was added with LAN service capabilities

  • If you are deploying a Virtual Chassis (VC) as the LAN switching device, the VC must be up and running prior to beginning this procedure. You must have the serial number of the primary switch in the VC.

If any of these things are not true, see Accessing Administration Portal, Accessing Customer Portal, or Creating a Single Tenant as appropriate.

The steps to deploy an SD-LAN site are as follows:

  1. Login to CSO using your login credentials.Note

    If you are an OpCo administrator, navigate to Tenants in the left-nav bar and select ExampleCo from the list of tenants on the tenants page. If you are the tenant administrator, you will be placed in the Customer Portal for ExampleCo

  2. In the Customer Portal for ExampleCo, Navigate to Resources > Site Management

    The Sites page appears.

  3. Click the Add button and select Add On-Premise Spoke (Manual) from the list of options

    The Add On-Premise Spoke Site for ExampleCo page appears.

  4. In the Site Information section, give the site a name such as LAN-Site1
  5. In the Site Capabilities section, click the LAN icon

    Depending on the configuration of the ExampleCo tenant, there may be other icons available. Only select LAN for this example.

  6. Click the > icon next to Address and Contact Information to expand this section

    None of the fields are required, but adding address information for the site allows CSO to place an icon for the site on maps on the monitoring page and show how it is linked to CSO.

  7. Click the > icon next to Advanced Configuration

    The two required fields, Name Server IP List and NTP Server are both pre-populated for you. Make changes as needed for your network to any of the fields.

  8. Click Next

    The wizard skips past the WAN page to the LAN page.

  9. In the Device Profile section, fill in the Device Name.
  10. Select the appropriate Device Type from the pull-down menu
  11. (Optional) Select the appropriate Device Model from the pull-down menu
  12. In the Switch Details section, enter the Serial Number of the switch in the field.

  13. The Auto Activate button is turned on by default. Turn it off if you want to disable auto-activation and use an activation code instead.

    If you left Auto Activate turned on, Skip to step 16.

  14. (Optional) If you turned off Auto Activate, enter an activation code in the field that appears.

    The code can be any combination of letters and numbers.

    Remember this code.

  15. The Zero Touch Provisioning (ZTP) button is turned off by default. Turn it on if the switch is upgraded to a Junos OS image version with support for Phone-Home-Client. If ZTP is disabled, you must manually copy and paste the Stage-1 configuration (by using CLI) on to the switch.

    ZTP, if left on, begins immediately after the activation procedure.

  16. (Optional) Enter LAN information for the branch/spoke site

    This optional step allows you to define where the remote site LANs are connected to the EX switch. You can define as many LANs as needed by following the next 5 steps.

    1. Click the +

      The Add LAN Segment window appears.

    2. Enter a name for the LAN segment, such as LAN1, in the field provided
    3. (Optional) Enter a VLAN ID for the LAN segment.

      If no VLAN ID is needed, you can safely remove the pre-populated value from the field.

    4. Select the switch ports to which the LAN segment is connected by clicking the Check-box next to the port name and then clicking the right-arrow (->) between the Available and Selected lists.

      Alternatively, you can select the Check-box for the desired port and then click the right-arrow (->) directly to the right of the port name.

    5. Click Save when finished

      You can add as many LAN segments as you need by repeating this procedure.

  17. Click Next

    The wizard advances to the Summary page.

  18. Review the configuration on the Summary page
  19. Click OK when satisfied, or click Back as needed to make any changes

    If you need to edit anything, you can click the Edit links within the summary to go directly to that page of the wizard.

    If you left auto-activate turned on, the activation procedure begins at this point. The Site Activation page appears. Skip to step 20.

    If you turned off auto-activate, then your site appears in the list with a status of Configured. Go to next step.

    (Optional) If you turned off auto-activate, and are now ready to activate the site:

    1. Click the site name link

      This takes you to the site page for this site with the Overview tab highlighted.

    2. Click the Devices tab
    3. Click the Check-box next to the device name

      The Stage1 Config button becomes active.

    4. Click the Stage1 Config button

      A new window appears containing the stage 1 configuration for this device.

    5. Click the Copy to Clipboard button
    6. Click OK

      The window closes.

    7. Using a console or SSH connection, install the copied configuration on the EX switch and commit it

      Assuming that the required network connectivity is in place from the EX switch, the switch connects back to CSO using an outbound SSH connection. When this connection is completed, the device will be activated in CSO; its status changes from Expected to Provisioned.

  20. The Site Activation window proceeds through Prestage Device to Detect Device to Bootstrap Device and, finally to Provision Device

Each stage will report success as it completes its operation. The window can be closed at any point. While the activation process is running, the Site Status column in the site list reports Activating and provides a link to View the activation wizard’s progress. After that, the Site Status changes to Provisioned once all the steps are successfully completed.

Note

In the event of an error or delay, you can open a read-only SSH session to the device from CSO. This will allow you to troubleshoot connection or other issues.

Once deployed, you can monitor and manage the switch or VC through the Customer Portal’s Switch Port Operational View.