You can add one switch to an existing on-premise spoke site that already has a CPE or firewall device provisioned or an enterprise hub site, to provide LAN capability to the site. See Switch Behind a CPE or Next Generation Firewall Overview for details.
To configure more than one switch with an SD-WAN CPE or Next-Generation firewall, add a separate SD-LAN site and add multiple switches to the site.
You can manage the connectivity and configuration between the switches and the CPE or Next-Generation firewall by creating uplink ports to the CPE device or Next-Generation Firewall, either manually or by using configuration templates. See Add Switches to an Existing SD-LAN Site to add an SD-LAN site with multiple switches.
To add a switch to an existing site:
The Sites page appears.
The Add Switch page appears.
The Site-Name page appears.
The Add Switch page appears.
Note Fields marked with asterisk (*) are mandatory.
The site activation process is initiated and the Site Activation: Site-Name page appears displaying the progress of the steps executed for activating the CPE and the switch.
If the Zero Touch Provisioning (ZTP) toggle button is enabled (default), CSO pushes the stage-1 and stage-2 configurations and provisions the switch.
This process occurs immediately after the activation process, for which you entered the activation code or selected auto-activation.
Note Stage-1 configuration is the initial configuration that allows basic connectivity to a device, which is pushed to the device.
The configuration that is pushed to the device after it has connected to CSO is called stage-2 configuration.
If you disabled the Zero Touch Provisioning (ZTP) toggle button, you must manually configure the stage-1 configuration (as provided by CSO) on the switch.
To manually configure the stage-1 configuration:
The stage-1 configuration page appears displaying the stage-1 configuration to be copied to the EX Series device.
After the stage-1 configuration is committed, the switch has the outbound SSH configuration to connect with CSO.
CSO then provisions the switch.
Table 71 provides guidelines on using the fields on the Add Switch page.
Table 71: Fields on the Add Switch Page
Field | Description |
|---|---|
Device Profile | |
Device Name | Enter a name for the switch. You can use alphanumeric characters and hyphen (-). The maximum length allowed is 15 characters. |
Device Type | Select the type of switch—EX2300, EX3400, EX4300, EX4600, and EX4650. |
Device Model | Select the model for the switch you specified in the Device Type field. The models vary in the number and type of ports the switch contains. For example, If you selected EX3400, select a model such as EX3400-24P, EX3400-48P, EX3400-24T among others. |
CPE Settings | |
Trunk Ports | Select at least two trunk ports on the CPE device to connect with the switch, which are used for the following:
Note: The ae0 port of the SRX Series devices is used as the trunk port for communication with the switch. |
Switch Management Subnet | Specify the subnet that the DHCP can use to assign IP addresses. The DHCP server runs on the following ports:
|
Switch Details | |
Serial Number | Specify the serial number of the physical switch. You can either view the serial number on the label that is present on the rear panel of the switch or log in to the CLI of the switch in operational mode and enter show chassis hardware. The serial number is a case-sensitive, alphanumeric string. |
Zero Touch Provisioning | Click to enable or disable ZTP on the switch. If you disable ZTP, you must manually copy and paste the Stage-1 configuration on the switch during site activation. See Step-by-Step Procedure for details Note:
|
Boot Image | Select the boot image from the list if you want to upgrade the image for the switch. The boot image is the latest device image that is uploaded to the image management system. The boot image is used to upgrade the device when the CSO starts the ZTP process. If the boot image is not provided, then the device skips the automatic upgrade procedure. The boot image is populated based on the device template that you have selected while creating a site. |
Auto activate | Click the toggle button to enable or disable automatic activation of the switch. When you enable this field, zero-touch provisioning of the switch is automatically triggered when the device communicates with CSO. Note: You must physically connect the switch to the CPE and power it on for the switch to be automatically activated when you enable this option. |
Activation code | When the Auto activate field is disabled, enter the activation code to be used for manually activating the switch. For information, see Manually Activating a Switch. |
Table 72 describes the fields on the Create LAN Segment page.
The values that you configure here are populated on the LAN Segments section of the Add Switch page.
Table 72: Fields on the Create LAN Segment Page when Adding a Switch to an Existing Site
Field | Description |
|---|---|
Add LAN Segment | |
Name | Enter a name for the LAN segment. The name for a LAN segment should be a unique string of alphanumeric characters and some special characters (. -). No spaces are allowed and the maximum length allowed is 15 characters. |
Type | Select the type of LAN segment: Note: This field is available only for SD-WAN sites.
|
VLAN ID | Enter the VLAN ID for the LAN segment. Range: 2 through 4093. |
Department | Select a department to which the LAN segment is to be assigned. Note: This field is available only for SD-WAN sites. Alternatively, click the Create Department link to add a new department and assign the LAN segment to it. See Adding a Department for details. You group LAN segments as departments for ease of management and for applying policies at the department-level. . Note: This field is not displayed when you add the switch to a site with next-generation firewall capability. |
Gateway Address/Mask | Specify a valid gateway IP address and mask for the LAN segment; for example, 192.0.2.8/24. |
DHCP | For directly connected LAN segments, click the toggle button to enable or disable DHCP on the LAN segment. DHCP is disabled by default. You enable DHCP if you want to assign IP addresses by using a DHCP server. You disable DHCP if you want to assign a static IP address to the LAN segment. Note: If you enable DHCP, fields related to DHCP-related parameters appear and must be configured. |
[DHCP-Related Fields] | |
Address Range Low | Enter the starting IP address in the range of IP addresses that can be allocated by the DHCP server to the LAN segment. |
Address Range High | Enter the ending IP address in the range of IP addresses that can be allocated by the DHCP server to the LAN segment. |
Maximum Lease Time | Specify the maximum duration (in seconds) for which a client can request for and hold a lease on a DHCP server. Range: 0 through 4,294,967,295 seconds. |
Name Server | Specify or select one or more IPv4 addresses of the DNS server. To enter more than one DNS server address, type the address, press Enter, and then type the next address, and so on. DNS servers are used to resolve hostnames into IP addresses. |
CPE Ports | Select ports on the switch to be part of the LAN segment. Select the ports from the Available column and click the right-arrow to move the ports to the Selected column. If you create a LAN segment on a switch when the switch is connected to the CPE device, CSO automatically assigns LAN ports on the CPE device and creates the same LAN segment on the CPE device. |
Adding and Provisioning Switches to Provide LAN Capability to a Site Overview
Adding an On-Premise Spoke Site with SD-WAN and LAN Capabilities
Adding an On-Premise Spoke Site with Next Generation Firewall and LAN Capabilities
Adding Enterprise Hubs with SD-WAN Capability or SD-WAN and LAN Capabilities