Before you start the SD-LAN workflow by using CSO, ensure that:
The tenant (logical entity representing a customer) to which you want to onboard the switch is configured in CSO.
The switch, the CPE or the next-generation firewall are running the correct versions of Junos OS supported by CSO. For information related to Junos OS supported on a switch for a particular CSO release, see the Release Notes for that CSO release at https://www.juniper.net/documentation/product/en_US/contrail-service-orchestration.
The following ports and protocols are permitted through your network firewall:
Table 1 lists the ports and protocols that you must enable in your network firewalls for communication of the devices with CSO.
Table 1: Ports Used for Communication with CSO
Phone-home client for zero-touch provisioning (ZTP)
For provisioning the stage-2 configuration on the switch after committing the stage-1 configuration.
The devices should be in the factory default state and should be powered on.
The devices get DHCP IP address and have Internet connectivity along with DNS resolution when connected to the network.
Figure 1 illustrates the steps to implement Contrail SD-LAN by using CSO.
To implement Contrail SD-LAN solution by using CSO:
Add the following profiles for authentication and access control to CSO.
Onboard an EX Series switch:
As a standalone switch behind an Internet Gateway; see Add a Switch Behind an Internet Gateway
Along with the CPE; see Add a Switch Behind a CPE
Along with a next-generation firewall; see Add a Switch Behind a Next-Generation Firewall
You can onboard a switch and manage it after you have only a CPE, or a next-generation firewall onboarded to and provisioned by CSO. You can also onboard more than one switch behind an internet gateway; see:
Configure the EX Series switch.
You can configure the EX Series switch in one of the following ways:
By using configuration templates; see Configure an EX Series Switch by Using Configuration Templates
By using profiles; see Configure an EX Series Switch by Using Profiles
Manually; see Configure an EX Series Switch Manually
Enable the ports of a switch to allow traffic to flow through the switch; see Enable Ports
Integrate CSO with Mist Portal to monitor access points connected to the switch; see Integrate CSO with Mist Portal .
Discover access points connected to the switch; see Discover Mist Access Points .
Monitor the switch and the connected access points. You can monitor the following components of the switch in CSO:
The EX device (number of ports that are up or down, alarms, system users and so on)
The device chassis (view details of individual ports, view CPU and memory utilized, view fan details, and so on)
The ports on the device (view port details such as port number, admin status, link mode and so on; % of CPU utilized by the port, packet loss, and so on)
You can launch the Mist Portal from CSO by clicking an access point and monitor the access points in the Mist portal; see the Monitor an EX Series Switch and Connected Access Points chapter in this guide.