Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add Switches to an Existing SD-WAN Site

 

You can add one switch (physical switch) to an existing on-premise spoke site that already has a CPE or a next-generation firewall device provisioned, to provide LAN capability to the site.

Note

To manage more than one switch through a CPE or a next-generation firewall, you must manage the connectivity and configuration between the switches and the CPE or next-generation firewall either by using configuration templates or manually. CSO can manage the connectivity between the switch and the next-generation firewall for only one switch.

To add a switch to an already provisioned CPE or next-generation firewall:

  1. Select Resources > Site Management.

    The Sites page appears.

  2. Do one of the following:

    • To add a switch from the Sites page:

      1. Select the site to which you want to add the switch.
      2. Click Add > Add Switch.

        The Add Switch page appears.

    • To add a switch from the Site-Name page:

      1. Click the Site-Name link of the site (to which you want to add the switch) in the Sites column.

        The Site-Name page appears.

      2. On the Devices tab, click Add Switch.

        The Add Switch page appears.

  3. Complete the configuration according to the guidelines provided in Table 1. Note

    Fields marked with asterisk (*) are mandatory.

  4. Click Next and review the configuration from the Summary tab.
  5. (Optional) Click the Edit links within the summary to go directly to a specific page of the wizard and modify the configured settings.
  6. Click OK to add the switch to the site.

    The site activation process is initiated and the Site Activation: Site-Name page appears displaying the progress of the steps executed for activating the CPE and the switch.

    • If the Zero Touch Provisioning (ZTP) toggle button is enabled (default), CSO pushes the stage-1 and stage-2 configurations and provisions the switch.

      This process occurs immediately after the activation process, for which you entered the activation code or selected auto-activation.

      Note

      Stage-1 configuration is the initial configuration that allows basic connectivity to a device, which is pushed to the device.

      The configuration that is pushed to the device after it has connected to CSO is called stage-2 configuration.

    • If you disabled the Zero Touch Provisioning (ZTP) toggle button, you must manually configure the stage-1 configuration (as provided by CSO) on the switch.

      To manually configure the stage-1 configuration:

      1. On the Site Activation: Site-Name page, the Click to copy stage-1 configuration link appears after the Prestage Device step completes successfully.
      2. Click the Click to copy stage-1 configuration link.

        The stage-1 configuration page appears displaying the stage-1 configuration to be copied to the EX Series device.

      3. Copy the stage-1 configuration and log in to the console of the EX Series switch.
      4. Enter the configuration mode, paste, and commit the configuration.

        After the stage-1 configuration is committed, the switch has the outbound SSH configuration to connect with CSO.

        CSO then provisions the switch.

Table 1: Fields on the Add Switch Page

Field

Description

Device Profile

Device Name

Enter a name for the switch. You can use alphanumeric characters and hyphen (-). The maximum length allowed is 15 characters.

Device Type

Select the type of switch—EX2300, EX3400, EX4300, EX4600, and EX4650.

Device Model

Select the model for the switch you specified in the Device Type field.

The models vary in the number and type of ports the switch contains. For example, If you selected EX3400, select a model such as EX3400-24P, EX3400-48P, EX3400-24T among others.

CPE Settings

This setting is applicable only when you are adding a switch to an SD-WAN, next-generation firewall, or an enterprise hub site.

Trunk Ports

Select at least two trunk ports on the CPE device to connect with the switch, which are used for the following:.

  • LAN traffic between the switch and the CPE or firewall.

  • Management traffic for in-band management of the switch.

Note: The ae0 port of the SRX Series devices is used as the trunk port for communication with the switch.

Switch Management Subnet

Specify the subnet that the DHCP can use to assign IP addresses. The DHCP server runs on the following ports:

  • Trunk ports to provide DHCP information to all devices connected to the switch and to the in-band management port, switch management port, and LAN ports on the CPE or firewall.

  • Out-of-band management port on the CPE or firewall to provide DHCP information to the management port on the switch.

  • LAN ports on the CPE or firewall to provide information to the devices connected to the CPE or firewall LAN ports.

Switch Details

Serial Number

Specify the serial number of the physical switch.

You can either view the serial number on the label that is present on the rear panel of the switch or log in to the CLI of the switch in operational mode and enter show chassis hardware.

The serial number is a case-sensitive, alphanumeric string.

Auto activate

Click the toggle button to enable or disable automatic activation of the switch. When you enable this field, zero-touch provisioning of the switch is automatically triggered when the device communicates with CSO.

Note: You must physically connect the switch to the CPE and power it on for the switch to be automatically activated when you enable this option.

Activation code

When the Auto activate field is disabled, enter the activation code to be used for manually activating the switch.

Zero Touch Provisioning

Click to enable or disable ZTP on the switch.

If you disable ZTP, you must manually copy and paste the Stage-1 configuration on the switch during site activation. See Step-by-Step Procedure for details

Note:

  • Only EX Series switches running 18.4R2.7 and 18.4R3.3 firmware support ZTP.

  • EX4600 and EX4650 switches do not support Phone-Home client. You must disable ZTP and manually configure the stage-1 configuration on the switches.

Boot Image

Select the boot image from the list if you want to upgrade the image for the switch.

The boot image is the latest device image that is uploaded to the image management system. The boot image is used to upgrade the device when the CSO starts the ZTP process.

If the boot image is not provided, then the device skips the automatic upgrade procedure. The boot image is populated based on the device template that you have selected while creating a site.

Port Profile

Access Profiles List

Displays the access profile configured on the device.

If no access profile is configured on the device, you can create an access profile and assign it to the device by clicking the + icon on the top-right corner above the Access Profiles List table.

Interface List

Displays the list of interfaces present on the device. You can assign the ports to VLAN from here.

To assign the ports to a VLAN:

  1. Click Edit Configuration on top-right corner above the Interface List table.

    The Configuration page appears.

  2. From the Port Profile drop-down list, select a port profile to be assigned to the port.
  3. In the VLAN field, select one or more VLANs to be assigned to the port if the port is a trunk port.

    If the port is configured as an access port, you can assign only one VLAN.

  4. From the Native VLAN list, select a VLAN that you want to configure as native. This option appears only if you select Trunk port profile from the Port Profile list.

    Default: VLAN1

WHAT'S NEXT

After you onboard the switch, configure the switch in your network; see the Configure an EX Series Switch chapter in this guide.