ON THIS PAGE
Configuring Easy Config Setup
In addition to the Port profile configuration, Network Director enables users to quickly configure interfaces on devices by using the Easy Config Setup task. You can perform configurations by directly selecting the device, instead of creating a new profile and assigning a profile to the device port. You can also deploy the configuration changes without creating additional profiles which results in growing number of profiles in Port profile configurations. Easy Config Setup is supported only for the configurations that are automatically approved; for configurations that require manual approvals, this task is disabled.
Configuring Interface Settings
This section describes the steps to configure the interface settings by using Easy Config Setup.
You can configure the following interface settings in the EX Switching, Campus Switching ELS (MX series devices are supported in L2NG mode only and are not supported in native MX series mode), Data Center Non-ELS, and Data Center ELS devices..
To configure an interface in a device by using the Easy Config Setup:
- Select a switching device from the left navigation pane.
- Click in the Network Director banner.
- Under Select View, select either Logical View, Location View, or Device View.
- In the Tasks pane, click Wired > Tasks > Easy Config Setup.
This task is not visible for a fabric device.
- Enter the settings for the interface described in Table 1.
Table 1: Easy Config Setup Settings
Select an Ethernet switching interface, an IPv4 routing interface, or an IPv6 routing interface. All the ports associated with the device (except Layer 3 interfaces) are available in the list.
Provide a description of the device configuration or port details of the device. You can use up to 256 characters.
Configure a switching interface port to be an access, trunk, or tagged-access port for EX Series switches. Campus Switching ELS, Data Center Switching ELS, and Data Center Switching non-ELS series devices supports access mode and trunk mode. For more information about port modes, see Creating and Managing Port Profiles.
Disables the port. You can still configure and deploy all the settings but these settings become active only when you enable the port by clearing this selection.
Member VLAN Settings
You can enable VLAN settings and display the configuration options by enabling Member VLAN Settings.
You can either select an existing VLAN profile or create a new VLAN profile that you want to assign to the port.
To select an existing profile:
- Select the option Select VLAN Profile.
- Select the option Select.
The Choose VLAN profile window opens.
- Select the VLAN profile name and click OK.
To create a new profile:
- Select Configure VLAN Settings.
- Click Create.
The Create VLAN Profile window opens.
- Enter the VLAN name.
- Under VLAN ID, select Single and enter a VLAN
ID from 1 to 4094 if you want to configure a single VLAN.
Under VLAN ID, select Range and enter a range of VLAN IDs that you want to assign to the VLAN profile.
Tip: Single VLAN IDs can be configured for all products. VLAN lists or VLAN ID ranges are available for some products, depending on the technology used for implementation.
- Click OK.
You can enable PoE and display the configuration options by enabling PoE Settings.
Use the arrows to adjust the maximum PoE power in watts allocated to a PoE port. The powered device cannot draw more power than the wattage specified. If it does, PoE power to the port is shut down.
Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by the port number—ports with a lower port number have a higher power priority.
Default: low priority
Select to disable PoE on the interfaces that use this Port profile.
802.1x Settings (Authentication)
You can configure 802.1x and display the configuration options by enabling 802.1x Settings (Authentication).
802.1x authentication is enabled by default for a switching profile. 802.1x authentication works by using an Authenticator Port Access Entity (the switch) to block all traffic to and from a supplicant (end device) at the port until the supplicant's credentials are presented and matched on the Authentication server (a RADIUS server). When authenticated, the switch stops blocking traffic and opens the port to the supplicant. Network access can be further defined using VLANs.
Select to enable MAC-RADIUS based authentication for this profile. MAC RADIUS authentication enables LAN access to permitted MAC addresses. When a new MAC address appears on an interface, the switch consults the RADIUS server to check whether the MAC address is a permitted address. If the MAC address is configured on the RADIUS server, the device is allowed access to the LAN.
Specify the mode authentication supplicants use, either Single, Multiple, or Single-Secure.
Single—Allows only one host for authentication. This is the default mode.
Single-Secure—Allows only one end device to connect to the port. No other end device is enabled to connect until the first logs out.
Multiple—Allows multiple hosts for authentication. Each host is checked before being admitted to the network.
Click Select and then select the VLAN to which an interface is moved when no 802.1x supplicants are connected on the interface. The VLAN specified must already exist on the switch.
Click Select and then select the VLAN to which an interface is moved when the switch receives an Extensible Authentication Protocol over LAN (EAPoL) Access-Reject message during the authentication process between the switch and the RADIUS authentication server.
Server Fail Type
Specify the server fail fallback action the switch takes when all RADIUS authentication servers are unreachable; one of None, Deny, Permit, Use cache, or VLAN Name.
None—No server failback action is used. This option is selected by default.
Deny—Force fails supplicant authentication. No traffic will flow through the interface.
Permit—Force succeeds the supplicant authentication. Traffic will flow through the interface as if it were successfully authenticated by the RADIUS server.
Use cache—Force succeeds the supplicant authentication only if it was previously authenticated successfully. This action ensures that already authenticated supplicants are not affected.
VLAN Name—Move supplicant on the interface to the VLAN specified by this name. This action is allowed only for the first supplicant connecting to an interface. If an authenticated supplicant is already connected, then the supplicant is not moved to the VLAN and is not authenticated. If you select this option, you must provide a Fail VLAN name.
You can configure authentication parameters and accounting parameters on the network and display the configuration options by enabling Access Settings.
Enter the IP address of the RADIUS server.
The default RADIUS authentication port is 1812. You can change the port number by using the up and down arrows.
Provide a password. If the password contains spaces, enclose it in quotation marks. The secret password used by the switch must match the one used by the server.
Specify the number of times that a device attempts to contact the LDAP authentication server. The default retry count is 3. You can change this value by using the up and down arrows to 1 through 100 times.
Specify the number of seconds the switch waits to receive a response from a RADIUS server. The default timeout is 5 seconds. You can change this value, using the up and down arrows, to 1 through 65535 seconds.
- Click Preview to view the configuration changes
that will be deployed to a device when a job runs. Use the Configuration
window to see changes that were deployed to a device when a completed
job ran. The configuration changes are shown in these formats:
Select the CLI View tab to view the configuration changes in CLI format. This view shows the Junos configuration statements that will be deployed to the device.
Select the XML View tab to view the configuration changes in XML format. This view shows the XML-formatted configuration that will be deployed to the device by using the Device Management Interface (DMI), which is used to remotely manage devices.
- Click Deploy to deploy configuration to a device.
After you deploy the configuration, the device goes out of sync and Network Director triggers auto-resynchronization of the device. If there is any conflicting configuration, the new port profile (created during easy config setup) is prompted during the assignment.
The Deploy EasyPortal Configuration window opens. If you chose to deploy the changes immediately, the Deployment Status column shows the status as INPROGRESS and changes to SUCCESS after the deployment is successfully completed.
Click Cancel if you want to cancel your changes.
- Click Close to close the deployment page.
Clicking either Close or Cancel takes you to the Device Inventory My Network page, which displays the details of the device you selected in the first step.