Configure EX Series Switch Ports Overview
Starting from Release 5.1.0, you can use CSO to configure and monitor the ports of the following EX Series switches: EX2300, EX3400, EX4300, EX4600, and EX4650
You can configure and monitor ports on both a physical device and members of a virtual chassis. You cannot configure and monitor EX4600 and EX4650 Series switches, if the switches are configured as a virtual chassis.
You can add the following profiles to CSO and deploy them on the switch to configure the switch and the switch ports:
Port profiles to define the behavior of a port. Port profiles allow you to provision multiple ports on a switch with the same set of attributes at the same time. A port profile includes the following:
Authentication profile (optional)
Firewall filters (Optiional)
Storm control settings
Power over Ethernet (PoE) settings
Port security settings
Authentication profiles to implement network access control (NAC).
An authentication profile defines the authentication method, fallback options, and other settings such as number of retries, maximum number of authentication requests that can be allowed for a supplicant, authentication server timeout, and so on related to the communication between the switch and the supplicant (a user or device such as printer).
An authentication profile may or may not be referenced in a port profile. However, you can assign the authentication profile to a port when you configure the port manually.
Firewall filters to deny or permit network access to supplicants based on the filter terms.
Firewall filters may or may not be referenced in a port profile. However, you can assign the firewall filters to a port when you configure the port manually.
Access profiles to define the list of RADIUS servers to be used for authentication.
An access profile is deployed on a switch and is referenced by an authentication profile when dot1x authentication is configured on the switch port.
RADIUS server profiles to define the RADIUS server for authentication and accounting. You define the RADIUS server IP address, password, authorization ports, accounting ports, retry counts, and server timeout in this profile.
A RADIUS server profile is referenced by an access profile and deployed on the switch through the access profile.
Configure Switch Ports
You can configure the ports either by using a port profile or manually.
By using a port profile, you can configure multiple ports of the switch at the same time.
To configure the ports by using a port profile:
- (Optional) Create an authentication profile. See Add Authentication Profiles for details.
- (Optional) Create a firewall filter. See Add Firewall Filters for details.
- Create a port profile. See Add Port Profiles for details.
- Assign and deploy the port profile on one or more switch ports. See Edit Configuration of a Port for details.
- Deploy the port profile on the switch ports. See Deploy or Redeploy a Port Profile for details.
To configure a port manually:
If you want to configure 802.1x authentication or apply firewall filters on a port while configuring the port manually, ensure that the authentication profile and the firewall filters are already configured.
- In the customer portal, select Resources > Devices.
The Devices page appears.
- Click the switch for which you want to configure ports.
The switch page appears.
- On the Ports tab, select the ports that you want to configure
and click More > Edit Configuration.
The Edit Port Configuration page appears.
- Edit the port parameters and deploy the configuration on the port. Refer to the instructions in the Edit Configuration of Ports topic for completing and deploying the port configuration.
When you deploy a port profile, the deployment status of the ports is set to Pending Deployment indicating that the profile is assigned to the ports. When the profile is in the process of being committed on the ports, the deployment status changes to In Progress. If the deployment job completes successfully, the deployment status of the ports is set to Success and if the job fails, the deployment status is set to Failed.
After you configure a switch port, you can allow traffic through the switch ports and start monitoring the port.
Life Cycle of a Port Profile
The life cycle of a port profile is as follows:
Add a port profile to CSO.
Assign the port profile to a port.
When you assign the port profile, the deployment status of the port is set to Pending Deployment indicating that the profile is assigned to the port.
Deploy the port profile on a port.
During the deployment, that is when the configuration is committed on the port, the deployment status is changed to In Progress. If the deployment job completes successfully, the deployment status of the port is set to Success; otherwise, the deployment status is set to Failed.
Edit the port profile.
When you edit the port profile or any profile associated with the port profile, the deployment status of the port profile is set to Pending Deployment.
Redeploy the port profile for the changes to reflected in the port configuration.
During the redeployment, the deployment status of the port is changed to In Progress. If the deployment job completes successfully, the deployment status of the port is set to Success; otherwise, the deployment status is set to Failed.
Dissociate the port profile.
Delete the port profile.