Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding a Switch to an Existing Site

 

You can add a switch to an existing on-premise spoke site or an enterprise hub site to provide LAN capability to the site. See Switch Behind a CPE or Next Generation Firewall Overview for details.

You can use the Customer Portal in CSO to add a switch to a spoke site that already has a CPE or firewall device provisioned.

To add a switch to an existing site:

  1. Select Resources > Site Management.

    The Sites page appears.

  2. Select the site to which you want to add the switch.
  3. Click Add > Add Switch.

    The Add Switch page appears.

  4. Complete the configuration according to the guidelines provided in Table 1. Note

    Fields marked with asterisk (*) are mandatory.

  5. Click OK to add the switch to the site.

    The site activation process is initiated and the Site Activation: Site-Name page appears displaying the progress of the steps executed for activating the CPE and the switch.

  6. To activate the switch, you must manually configure the stage-1 configuration on the switch.

    1. On the Site Activation page, after the Prestage Device step completes successfully for the switch, the View Stage-1 Configuration link appears next to the Prestage Device step.
    2. Click the View Stage-1 Configuration link.

      The Stage-1 Configuration page appears displaying the stage-1 configuration.

    3. Copy the stage-1 configuration and log in to the CLI of the EX Series switch.
    4. Enter the configuration mode, paste, and commit the configuration.

      After the stage-1 configuration is committed, the switch has the outbound SSH configuration to connect with CSO. CSO then executes the bootstrap and provisioning processes on the switch and completes provisioning the switch.

Table 1: Fields on the Add Switch Page

Field

Description

Device Profile

Device Name

Enter a name for the switch. You can use alphanumeric characters and hyphen (-). The maximum length allowed is 15 characters.

Device Type

Select the type of switch—EX2300, EX3400, and EX4300.

Device Model

Select the model for the switch you specified in the Device Type field.

The models vary in the number and type of ports the switch contains. For example, If you selected EX3400, select a model such as EX3400-24P, EX3400-48P, EX3400-24T among others.

CPE Settings

Trunk Ports

Select at least two trunk ports on the CPE device to connect with the switch, which are used for the following:.

  • LAN traffic between the switch and the CPE or firewall.

  • Management traffic for in-band management of the switch.

Note: The ae0 port of the SRX Series devices is used as the trunk port for communication with the switch.

Switch Management Subnet

Specify the subnet that the DHCP can use to assign IP addresses. The DHCP server runs on the following ports:

  • Trunk ports to provide DHCP information to all devices connected to the switch and to the in-band management port, switch management port, and LAN ports on the CPE or firewall.

  • Out-of-band management port on the CPE or firewall to provide DHCP information to the management port on the switch.

  • LAN ports on the CPE or firewall to provide information to the devices connected to the CPE or firewall LAN ports.

Switch Details

Serial Number

Specify the serial number of the switch.

Auto activate

Click the toggle button to enable or disable automatic activation of the switch. When you enable this field, zero-touch provisioning of the switch is automatically triggered when the device communicates with CSO.

Note: You must physically connect the switch to the CPE and power it on for the switch to be automatically activated when you enable this option.

Activation code

When the Auto activate field is disabled, enter the activation code to be used for manually activating the switch.

For information, see Manually Activating a Switch.

Zero Trouch Provisioning

ZTP must be disabled for all EX Series switches for the CSO 5.0.0 release.

The Stage-1 configuration must be copied and pasted onto the CLI of the switch during site activation. See Step-by-Step Procedure for details.

LAN Segment

Displays the LAN segment configured on the switch.

To add a LAN segment, click the + icon on the top, right corner of the LAN table. The Add LAN Segment page appears. Specify values for the LAN segment based on guidelines provided in Table 2. Fields marked * are mandatory.

Note: The same LAN segment is created on the CPE if the switch is connected to the CPE managed by CSO.

Table 2: Fields on the Add LAN Segment Page when Adding a Switch to an Existing Site

Field

Description

Add LAN Segment

Name

Enter a name for the LAN segment.

The name for a LAN segment should be a unique string of alphanumeric characters and some special characters (. -). No spaces are allowed and the maximum length is 15 characters.

VLAN ID

Enter the VLAN ID for the LAN segment.

Range: 2 through 4093.

Department

Select a department to which the LAN segment is to be assigned.

Alternatively, click the Create Department link to add a new department and assign the LAN segment to it. See Adding a Department for details.

You group LAN segments as departments for ease of management and for applying policies at the department-level. .

Note: This field is not displayed when you add the switch to a site with next-generation firewall capability.

Gateway Address/Mask

Specify a valid gateway IP address and mask for the LAN segment; for example, 192.0.2.8/24.

DHCP

For directly connected LAN segments, click the toggle button to enable or disable DHCP on the LAN segment. DHCP is disabled by default.

You enable DHCP if you want to assign IP addresses by using a DHCP sever. You disable DHCP if you want to assign a static IP address to the LAN segment.

Note: If you enable DHCP, fields related to DHCP-related parameters appear and must be configured.

[DHCP-Related Fields]

Address Range Low

Enter the starting IP address in the range of IP addresses that can be allocated by the DHCP server to the LAN segment.

Address Range High

Enter the ending IP address in the range of IP addresses that can be allocated by the DHCP server to the LAN segment.

Maximum Lease Time

Specify the maximum duration (in seconds) for which a client can request for and hold a lease on a DHCP server.

Range: 0 through 4,294,967,295 seconds.

Name Server

Specify or select one or more IPv4 addresses of the DNS server. To enter more than one DNS server address, type the address, press Enter, and then type the next address, and so on. DNS servers are used to resolve hostnames into IP addresses.

Switch Ports

Select ports on the switch to be part of the LAN segment.

Select the ports from the Available column and click the right-arrow to move the ports to the Selected column.

If you create a LAN segment on a switch when the switch is connected to the CPE device, CSO automatically assigns LAN ports on the CPE device and creates the same LAN segment on the CPE device.