Help Center User GuideGetting StartedFAQ
 
X
User Guide
Getting Started
FAQ
Contents  

Add Port Profiles

Use the Add Port Profiles page in Customer Portal to add port profiles. You add a port profile by assigning an authentication profile, a firewall filter for the ingress traffic, a firewall filter for the egress traffic, and configuring port parameters.

Procedure

To add a port profile:

  1. Select Configuration > SD-LAN > Port Profiles in Customer Portal.

    The Port Profiles page appears.

  2. Click the add icon (+) to add a new port profile.

    The Add Port Profile wizard appears. The wizard provides step-by-step procedures to add the port profile.

  3. Complete the configuration according to the guidelines provided in Table 226.

    Note Fields marked with * are mandatory.

  4. Click OK.

    The port profile is added to CSO. You are returned to the Port Profiles page where a confirmation message is displayed.

Table 226: Port Profile Settings

Setting

Guideline

General

Profile Name

Enter a unique name for the port profile which can contain only alphanumeric characters and hyphen (-); 32-characters maximum.

Profile Description

Enter a description for the port profile.

Basic Settings

Port Mode

Select whether the port should be configured as a trunk port or an access port:

  • Trunk—The port can be used to connect with other switches or routers.

  • Access—The port can be used to connect to access points and end-user devices such as laptops or printers.

Port Authentication Settings

Authentication Profile

Select an authentication profile to be used in the port profile.

Note: An authentication profile defines the authentication method and other parameters related to communication between the switch and the supplicant. You must configure the authentication profile before referencing it in the port profile.

To add an authentication profile, see Add Authentication Profiles.

If you select None (default), no authentication profile is associated with the port profile. You can use this option when you do not want 802.1x authentication to be configured on a port.

Firewall Filter

Firewall Filter Profile (Ingress)

Select a firewall filter profile to be used for the ingress traffic.

You must configure the firewall filter before referencing it in the port profile.

Firewall Filter Profile (Egress)

Select a firewall filter profile to be used for the egress traffic.

You must configure the firewall filter before referencing it in the port profile.

Advanced Settings

Link Settings

Click the toggle button to enable or disable (default) link settings on a port.

If you disable this setting, the port uses the default configurations for auto negotiation, flow control, MTU, speed, and link mode.

Enable this option to modify the default configuration for auto negotiation, flow control, MTU, and so on.

Auto Negotiation

Click the toggle button to enable (default) or disable autonegotiation on the port.

Auto negotiation enables a port to determine the data transmission speed and the duplex mode based on the speed and duplex mode of the peer port.

If you have enabled autonegotiation and also configured link mode and speed, the ports use the configured values for link mode and speed. If you disable autonegotiation, you must configure values for link mode and speed.

Flow Control

Click the toggle button to enable (default) or disable flow control on a port.

Flow control enables a port to regulate network traffic so that there is no data loss during congestion. If you disable flow control, you lose data during congestion.

MTU

Enter the size (in bytes) of the maximum transmission unit (MTU) that can be transmitted through a port.

Range: 256 to 9,216 bytes

Default: 1,514 bytes

Speed

Select the maximum transmission speed of a port (in GB or MB).

If you enable auto-negotiation and select a transmission speed, the port uses the value configured here for transmission speed.

Default: 1G

Link Mode

Select the mode of the links configured on a port:

  • Automatic (default) —The port automatically selects the duplex mode based on the duplex mode of the peer port.

  • Full Duplex—The port allows data to be sent and received at the same time over a link.

  • Half Duplex—The port allows data to be either only received or sent at a given time over a link.

If you enable autonegotiation and also select a value for link mode, the port considers the value configured here for the operating mode of the links established on the port.

Storm Control Settings

Click the toggle button to enable or disable (default) storm control settings on a port.

If you disable this setting, the port uses the defalt value for storm control.

Enable this option to modify the default storm control value.

Storm Control

Enter the bandwidth (in kbps) or the percentage of the bandwidth, beyond which a port can drop packets.

Also, select whether the value you enter indicates the percentage or the bandwidth, from the drop-down list. The default unit is percentage.

Range: For bandwidth, 100 through 100,000,000 kbps. For percentage, 1 through 100.

Default: 80 percent.

Power over Ethernet (PoE) Settings

Click the toggle button to enable or disable (default) PoE on a port.

If you disable this setting, the default PoE setting is configured on a port when you deploy the profile on the port.

Enable this option to modify the default PoE settings.

Maximum Power

Enter the maximum power (in Watts) that a port can provide.

Range: 1 through 90 Watts.

Default: 30 Watts.

Priority

Select a priority (Low or High) for a port to be used as a source for powering a device connected to the port.

If power is insufficient for all PoE ports, the PoE power to low-priority ports is shut down before power to high-priority ports is shut down. Among ports that have the same assigned priority, the power priority is determined by port number, with lower-numbered ports having higher priority.

Default: Low

Port Security Settings

Click the toggle button to enable or disable (default) security on a port.

If you disable this setting, the default port security is configured on a port when you deploy the profile on the port.

Enable this option to modify the default settings.

Trust DHCP

Click the toggle button to enable (default) or disable trusting traffic from a DHCP server.

If you disable this option, the port drops packets sent to and received from a DHCP server.

MAC Limit

Click the toggle button to enable or disable (default) setting the maximum number of MAC addresses that can be stored in the MAC table for a port.

If you enable MAC Limit, you must configure a value for MAC limit and MAC limit action.

If you disable this option, you cannot limit the MAC addresses that are learnt within a VLAN and, therefore, enforce security against the flooding of the Ethernet switching table.

MAC Limit

Enter the maximum number of MAC addresses that a switch can store in the MAC table for a port.

Range: 1 through 10,000.

Default: 1.

MAC Limit Action

Select the action that a port must take when the number of entries in the port MAC table exceeds the MAC limit value:

  • Drop (Default)—Drop the packet, but do not generate an alarm

  • Shutdown—Disable the port and generate an alarm, an SNMP trap, or a system log entry.

  • Drop and Log—Drop the packet and generate an alarm, an SNMP trap, or system log entry.

WHAT'S NEXT

After you create a port profile deploy the profile to the ports of a switch. See Configure Switch Ports by Using a Port Profile

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit