Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

LAN Sites

 

You can add an on-premise spoke site to provision, manage, and monitor EX Series switches by using CSO. You can either add an on-premise spoke site to manage a standalone EX Series switch or add an EX Series switch along with a CPE, a next-generation firewall device, or an enterprise hub. The EX Series switch can be added when you create an on-premise spoke site or enterprise hub. Alternatively, you can add the switch to an existing SD-WAN site, a next-generation firewall site, or an enterprise hub.

You can create one or more of the following sites to manage EX series switches:

Alternatively, you can also add an EX Series switch to one of the existing sites as explained in the Add LAN Capabilities to an Existing Site by Using a Switch topic.

If the EX Series switch has Mist access points associated with that, you could integrate the Mist access points with CSO. For more information about integrating Mist access points with CSO, see Enabling Integration with Mist Access Points.

Add an On-Premise Spoke Site for LAN

Adding an on-premise spoke site for LAN enables you to provision, manage, and monitor EX Series switches by using CSO. The following image illustrates a simple topology of LAN for branch networks.

Connect the devices as shown in the topology diagram and power on the devices.

Note

This task assumes that the device will get DHCP IP address and will have Internet connectivity along with DNS resolution when connected according to the network design.

Note

Ensure that the devices are running the recommended version of Junos OS. For information about the supported Junos OS versions, see the Release Notes for Contrail Service Orchestration Release 5.0.0.

For information about connecting the device and connecting a console to the device, see the hardware documentation for your LAN device:

To add an on-premise spoke site for LAN:

  1. From the Sites page (Resources > Site Management) of the CSO portal, click Add and select On-Premise Spoke Site.

    The Add Site wizard appears.

  2. Complete the configuration as explained in Table 1.
  3. Click OK to add the site.

    The site activation job is initiated and the Site Activation: Site-Name page appears displaying the progress of the steps executed for activating the switch.

  4. To activate the switch, you must manually configure the stage-1 configuration on the switch.

    1. On the Site Activation page, after the Prestage Device step completes successfully for the switch, the View Stage-1 Configuration link appears next to the Prestage Device step.
    2. Click the View Stage-1 Configuration link.

      The Stage-1 Configuration page appears displaying the stage-1 configuration.

    3. Copy the stage-1 configuration and log in to the CLI of the EX Series switch.
    4. Enter the configuration mode, paste, and commit the configuration.

      After the stage-1 configuration is committed, the switch has the outbound SSH configuration to connect with CSO. CSO then executes the bootstrap and provisioning processes on the switch and completes provisioning the switch.

When the site is successfully created, the Site Status in the Sites page changes to Provisioned.

Table 1: Settings for an On-Premise Spoke Site with LAN Capabilities

Field

Description

General

Site Name

Enter a unique name for the site. You can use alphanumeric characters and hyphen (-); the maximum length is 10 characters.

Site Capabilities

Select LAN.

LAN

Device Name

Enter a unique name for the device.

Device Type

Select the type of the device.

Serial Number

Specify the serial number of the switch.

Auto Activate

Auto Activate is enabled by default. When Auto Activate is enabled, the device activation is automatically triggered when the site is added. The Activation Code field appears if you disable the Auto Activate option. In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device.

After you add the site, you can complete the following tasks as required:

Note

The device must be activated before you install licenses or signatures, or deploy policies.

  • Monitor alerts, alarms, and jobs. For example, Monitor > Jobs.

For more information about these tasks, see the Contrail Service Orchestration documentation at https://www.juniper.net/ documentation/product/en_US/contrail-service-orchestration.

Add an Enterprise Hub Site with SD-WAN and LAN Capabilities

An enterprise hub is an SD-WAN site that is used to carry site-to-site traffic between on-premise spoke sites and to break out backhaul (central breakout) traffic from on-premise spoke sites. You can add an EX Series switch for branch network as part of the enterprise hub site. The following illustration shows a simple topology that contains an enterprise hub and an EX Series switch.

To add an enterprise hub:

  1. On the Sites page (Resources > Site Management) of the CSO portal, click Add, and select Enterprise Hub.

    The Add enterprise hub for Tenant-Name page appears.

  2. Complete the configuration settings according to the guidelines provided in Table 2.
  3. Click OK.

    The site activation job is initiated and the Site Activation: Site-Name page appears displaying the progress of the steps executed for activating the devices in the site.

  4. To activate the switch, you must manually configure the stage-1 configuration on the switch.

    1. On the Site Activation page, after the Prestage Device step completes successfully for the switch, the View Stage-1 Configuration link appears next to the Prestage Device step.
    2. Click the View Stage-1 Configuration link.

      The Stage-1 Configuration page appears displaying the stage-1 configuration.

    3. Copy the stage-1 configuration and log in to the CLI of the EX Series switch.
    4. Enter the configuration mode, paste, and commit the configuration.

      After the stage-1 configuration is committed, the switch has the outbound SSH configuration to connect with CSO. CSO then executes the bootstrap and provisioning processes on the switch and completes provisioning the switch.

When the site is successfully created, the Site Status on the Sites page changes to Provisioned.

Table 2: Enterprise Hub Site Settings

Field

Description

General

Site Name

Enter a unique name for the site. You can use alphanumeric characters and hyphen (-); the maximum length is 10 characters.

Site Capabilities

SD-WAN capability is selected by default. You cannot clear the selection. If you want to include LAN capabilities in the enterprise hub site, select LAN.

WAN

Device Series

Select the device series to which the CPE device belongs—SRX, NFX150, or NFX250.

Device Template

Select a device template for the selected device series.

The device template contains information for configuring a device.

Serial Number

Enter the serial number of the CPE device.

Auto Activate

If the selected device template supports auto authorization, Auto Activate is enabled. When Auto Activate is enabled, zero-touch provisioning of the device is automatically triggered when the site is added.

The Activation Code field appears if the selected device template does not support auto authorization or if you disable the Auto Activate option.

In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device.

Note:

IP Prefix

Enter the IPv4 prefix to be used for the management network. This IP address must be unique across the entire management network.

  • For NFX150 and NFX250 devices, if the USE_SINGLE_SSH_TO_NFX parameter is disabled in the device template, then enter the IP address prefix as /29 or lower based on the number of VNFs.

  • For all other devices, enter the IP address prefix as /32.

WAN Links

WAN_0

This field is enabled by default.

You can configure up to 4 WAN links as required.

Link Type

Select whether the link would be an MPLS link or Internet link.

Egress Bandwidth

Enter the maximum bandwidth, in Mbps, allowed on the WAN link.

Range: 1 through 10,000.

Address Assignment

Select the method of assigning an IP address to the WAN link—DHCP or STATIC.

If you select STATIC, you must provide the IP address prefix and the gateway address for the WAN link.

Static IP Prefix

If you configured the address assignment method as STATIC, enter the IP address prefix of the WAN link.

Gateway IP Address

If you configured the address assignment method as STATIC, enter the IP address of the gateway of the WAN service provider.

Advanced Settings

Use For Fullmesh

Click the toggle button to specify whether the WAN link can be a part of a full mesh topology.

A site can have a maximum of three links enabled for meshing.

LAN

Note: This tab is enabled only if you select LAN from the Site Capabilities options in General Settings.

Device Profile

Device Name

Enter a name for the switch. You can use alphanumeric characters and hyphen (-). The maximum length allowed is 15 characters.

Device Type

Select the type of switch—EX2300, EX3400, or EX4300

When you change the default device type, a carousel for device template appears.

Device Model

Select the model for the switch you specified in the Device Type.

The models vary in the number and type of ports the switch contains. For example, If you selected EX3400, select a model such as EX3400-24P, EX3400-48P, EX3400-24T among others.

CPE Settings

Trunk Ports

Select at least two trunk ports on the CPE device to connect with the switch.

The trunk ports are used for carrying the following:

  • LAN traffic between the switch and the CPE

  • Management traffic for in-band management of the switch.

Switch Management Subnet

Specify the subnet that the DHCP can use to assign IP addresses to the switch and the access devices connected to the switch.

Switch Details

Serial Number

Specify the serial number of the switch.

Auto Activate

Auto Activate is enabled by default. When Auto Activate is enabled, the device activation is automatically triggered when the site is added. The Activation Code field appears if you disable the Auto Activate option. In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device.

Note: You must physically connect the switch to the CPE and power it on for the switch to be automatically activated when the auto activate option is enabled.

Add LAN Capabilities to an Existing Site by Using a Switch

You can add a switch to an existing SD-WAN site, next-generation firewall site, or an enterprise hub site.

Before you add a switch to an existing site, ensure that you connect the switch to the network as shown in the topology diagrams provided in the following topics. After you connect the switch to the network as required, power on the device.

To add a switch to an existing site, follow these steps:

  1. From the Sites page (Resources > Site Management) of the CSO portal, select the site to which you want to add the switch, click Add, and select Add Switch.

    The Add Switch page appears.

  2. Complete the following configuration:
    • Device Name - specify a unique name for the device.

    • Device Type - select the type of device from the Device Type drop-down list.

    • Device Model - select a device model for the switch.

    • Trunk Ports - specify the CPE trunk ports.

    • Switch Management Subnet - specify the subnet that the DHCP can use to assign IP addresses to the switch and the access devices connected to the switch.

    • Serial Number - specify the serial number of the switch.

    Note

    Based on the device template you selected, the Auto Activate Switch toggle button is enabled or disabled by default. You can click to enable or disable this option. When Auto Activate Switch is enabled, zero-touch provisioning of the switch is automatically triggered when the site is created.

    If you choose to disable the Auto Activate Switch option, you must specify the activation code of the device to manually activate a device.

  3. Click Save.

    The site activation job is initiated and the Site Activation: Site-Name page appears displaying the progress of the steps executed for activating the devices in the site.

  4. To activate the switch, you must manually configure the stage-1 configuration on the switch.

    1. On the Site Activation page, after the Prestage Device step completes successfully for the switch, the View Stage-1 Configuration link appears next to the Prestage Device step.
    2. Click the View Stage-1 Configuration link.

      The Stage-1 Configuration page appears displaying the stage-1 configuration.

    3. Copy the stage-1 configuration and log in to the CLI of the EX Series switch.
    4. Enter the configuration mode, paste, and commit the configuration.

      After the stage-1 configuration is committed, the switch has the outbound SSH configuration to connect with CSO. CSO then executes the bootstrap and provisioning processes on the switch and completes provisioning the switch.