Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

New and Changed Features

This section describes the new features and enhancements to existing features in Junos OS Release 14.1X53 for the EX Series.

New Features in Release 14.1X53-D40

Authentication and Access Control

  • Voice VLAN fallback (EX Series)—Starting in Junos OS Release 14.1X53-D40, you can configure authentication fallback options to specify how VoIP clients sending voice traffic are supported if the RADIUS authentication server becomes unavailable. When you configure the server fail fallback feature you must specify an action that the switch applies to end devices when the authentication servers are unavailable. The switch can accept or deny access to supplicants or maintain the access already granted to supplicants before the RADIUS timeout occurred. You can also configure the switch to move the supplicants to a specific VLAN.

    [See Configuring RADIUS Server Fail Fallback (CLI Procedure).]

Interfaces and Chassis

  • Half-duplex link support (EX4300 switches)—Starting with Junos OS 14.1X53-D40, half-duplex communication is supported on all built-in network copper ports on EX4300 switches. Half-duplex is bidirectional communication, but signals can flow in only one direction at a time. Full-duplex communication means that both ends of the communication can send and receive signals at the same time. Half-duplex is configured by default on EX4300 switches. If the link partner is set to autonegotiate the link, then the link is autonegotiated to full duplex or half duplex. If the link is not set to autonegotiation, then the EX4300 link defaults to half-duplex unless the interface is explicitly configured for full duplex.

    To explicitly configure full duplex:


    [edit]
    user@switch# set interfaces interface-name speed 10m-or-100m
    [edit]
    user@switch# set interfaces interface-name ether-options no-auto-negotiate

    To verify a half-duplex setting:

    user@switch> show interfaces interface-name extensive

    [See Configuring Gigabit Ethernet Interfaces (CLI Procedure).]

Multicast Protocols

  • Support for static multicast route leaking for VRF and virtual-router instances (QFX5100 and EX4300 switches)—Starting with Junos OS Release 14.1X53-D40, you can configure your switch to share IPv4 multicast routes among different virtual routing and forwarding (VRF) instances or different virtual-router instances. Only multicast static routes with a destination-prefix length of /32 are supported for multicast route leaking. Only Internet Group Management Protocol version 3 is supported. To configure multicast route leaking for VRF or virtual-router instances , include the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32] hierarchy level. For routing–instance-name, include the name of a VRF or virtual-router instance.

    On the EX4300 switch, multicast route leaking is supported only when the switch functions as a line card in a Virtual Chassis.

    [See Understanding Multicast Route Leaking for VRF and Virtual-Router Instances.]

New Features in Release 14.1X53-D35

Hardware

  • Revert EX2200 and EX2200-C switches to the factory-default configuration using the Factory reset/Mode button on the switch—Starting with Junos OS Release 14.1 X53-D35, you can transition EX2200 and EX2200-C switches to the factory-default configuration by pressing the Factory reset/Mode button located below the LED labeled POE on the far right side of the front panel of the switches for 10 seconds. You can transition the switches to the initial setup mode by pressing the button for 10 seconds more.

Interfaces

  • GRE tunneling (EX4300 switches)—Starting with Junos OS Release 14.1 X53-D35, generic routing encapsulation (GRE) tunneling is supported on EX4300 switches. Tunneling provides a private, secure path for transporting packets through an otherwise public network by encapsulating packets inside a transport protocol known as an IP encapsulation protocol. GRE is an IP encapsulation protocol that is used to transport packets over a network. Information is sent from one network to the other through a GRE tunnel. GRE tunneling is accomplished through routable tunnel endpoints that operate on top of existing physical and other logical endpoints. GRE tunnels connect one endpoint to another and provide a clear data path between the endpoints.

    Configure tunnels to use GRE:

    [edit interfaces]
    user@switch# set gr-0/0/0 unit number family inet address
    user@switch# set gr-0/0/0 unit number tunnel source source-address
    user@switch# set gr-0/0/0 unit number tunnel destination destination-address

    Note: The switch supports IPv4 as the tunneling (delivery) protocol. It supports IPv4 and IPv6 as the payload protocol.

J-Web Interface

  • J-Web (EX4600 switches)—Starting with Junos OS Release 14.1X53-D35, you can configure and monitor software features on EX4600 switches by using the J-Web interface.

    The following limitations apply to using J-Web on EX4600 switches:

    • 802.1X authentication configuration is not supported.
    • Power over Ethernet (PoE) configuration and monitoring is not supported.
    • Class-of-service (CoS) configuration is not supported.

    Note: On EX4600 switches, the maximum number of LAG devices that you can configure is 1000.

    For more information, see J-Web for EX Series Ethernet Switches.

Platform and Infrastructure

  • Workaround for sudden shutdowns while crossing negative temperature thresholds (EX2200 switches)—Starting with Junos OS Release 14.1X53-D35, you can configure a time interval in seconds for the switch to remain powered on after crossing the temperature-shutdown limit.

    Configure the time interval:

    [edit]
    user@switch# set chassis shutdown-delay-period seconds

    You can configure an operating-temperature range and a time interval in seconds for raising an alarm once the temperature crosses either end of the operating range. The alarm will be raised periodically at each time interval that passes while the switch remains out of operating-temperature range.

    Configure the operating-temperature range and time interval:

    [edit]
    user@switch# set chassis operating-temperate temperature-range low-value high-value alarm-interval seconds

Port Security

  • DHCP snooping table update for changed MAC address (EX4300 and EX4600 switches)—Starting with Junos OS Release 14.1X53-D35, the DHCP snooping table is updated in the event of a change to a client's MAC address. If a client requests for an IP address that matches an IP address in the DHCP snooping table, but has a MAC address that does not match the one bound to that IP address in the DHCP snooping table, then a placeholder binding is created using the client IP address and the new MAC address. When the switch receives a DHCPACK message from the DHCP server, this binding is added to the DHCP snooping table, replacing the original binding. This new feature requires no configuration changes to be made by the user.

Routing Policy and Firewall Filters

  • Firewall filter with policer action as forwarding-class and loss priority (PLP) (EX4300 switches)—Starting with Junos OS Release 14.1X53-D35, on EX4300 switches you can configure the firewall with policer action as forwarding-class and loss priority (PLP). When the traffic hits the policer, PLP changes as per the action rule. The supported PLP designations are low, high, and medium-high. You configure policer actions at the [edit firewall] hierarchy level.

New Features in Release 14.1X53-D30

There are no new features for EX Series switches in Junos OS Release 14.1X53-D30.

New Features in Release 14.1X53-D27

There are no new features for EX Series switches in Junos OS Release 14.1X53-D27.

New Features in Release 14.1X53-D26

Hardware

  • New optical transceivers support on EX4300 switches—Starting with Junos OS Release 14.1X53-D26, EX4300 switches support the following optical transceivers:
    • EX-SFP-GE10KT13R14 (1000BASE-BX-U, 10 km)
    • EX-SFP-GE10KT14R13 (1000BASE-BX-D, 10 km)
    • EX-SFP-GE10KT13R15 (1000BASE-BX-U, 10 km)
    • EX-SFP-GE10KT15R13 (1000BASE-BX-D, 10 km)

New Features in Release 14.1X53-D25

Authentication and Access Control

  • Access control (mixed EX4300 and EX4600 Virtual Chassis)—Starting with Junos OS Release 14.1X53-D25, EX4600 switches operating in a mixed Virtual Chassis with EX4300 switches support controlling access to your network by using several different authentication methods: 802.1X authentication, MAC RADIUS authentication, or captive portal. You enable the authentication-whitelist statement at the [edit switching-options] hierarchy level instead of at the [edit ethernet-switching-options] hierarchy level.

    Access control features in a mixed EX4300 and EX4600 Virtual Chassis are supported only on EX4300 switch interfaces.

    [See Access Control on a Mixed EX4300-EX4600 Virtual Chassis.]

MPLS

  • MPLS stitching for virtual machine connections (EX4600)—By using MPLS, the stitching feature of Junos OS provides connectivity between virtual machines on opposite sides of data center routers. An external controller, programmed in the data-plane, assigns MPLS labels to both virtual machines and servers. Then, the signaled MPLS labels are used between the data center routers, generating static link switched paths (LSPs), resolved over RSVP or LDP, to provide the routes dictated by the labels. The new CLI command stitch, located under the LSP transit command, provides this capability.

    [See MPLS Stitching For Virtual Machine Connection.]

New Features in Release 14.1X53-D15

Interfaces and Chassis

  • Default logging for Ethernet ring protection switching (ERPS) (EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX8200 standalone switches; EX2200, EX3300, EX4200, EX4500, EX4550, EX8200 Virtual Chassis)—Starting with Junos OS Release 14.1X53-D15, the listed EX Series switches automatically log basic state transitions for the ERPS protocol. No configuration is required to initiate this logging. Basic state transitions include ERPS interface transitions from up to down, and down to up; and ERPS state transitions from idle to protection, and protection to idle.

    The basic state transitions are logged in a single file named erp-default, which resides in the /var/log directory of the switch. The maximum size of this file is 15 MB.

    Default logging for ERPS can capture initial ERPS interface and state transitions, which can help you troubleshoot issues that occur early in the ERPS protocol startup process. However, if more robust logging is needed, you can enable traceoptions for ERPS by entering the traceoptions statement in the [edit protocols protection-group] hierarchy level.

    Be aware that for ERPS, only default logging or traceoptions can be active at a time on the switch. That is, default logging for ERPS is automatically enabled and if you enable traceoptions for ERPS, the switch automatically disables default logging. Conversely, if you disable traceoptions for ERPS, the switch automatically enables default logging.

  • Power over Ethernet (EX4600 switches)—Starting with Junos OS Release 14.1X53-D15, EX4600 switches support Power over Ethernet (PoE) when operating in a mixed-mode Virtual Chassis with an EX4300 switch. You can enable PoE configuration statements and run PoE operational commands on an EX4600 switch only when the switch is operating in a mixed-mode Virtual Chassis.

    You can configure PoE at the [edit poe] hierarchy level.

    [See Understanding PoE on EX Series Switches.]

MPLS

  • MPLS enhancements (EX4600 switches)—Starting with Junos OS Release 14.1X53-D15, a set of procedures is provided for augmenting network layer packets with label stacks, thereby turning them into labeled packets. MPLS has emerged as an elegant solution to meet the bandwidth-management and service requirements for next-generation IP-based backbone networks.

    The following MPLS features have been added to EX4600:

    • BGP L3 VPN Carrier-over-Carrier and Interprovider

      BGP is an exterior gateway protocol (EGP) that is used to exchange routing information among routing devices in different autonomous systems (ASs). Instead of using the label distribution protocols LDP or RSVP, MPLS can piggyback on routing protocols such as BGP and OSPF.

    • Ethernet over MPLS pseudowire based on LDP (draft Martini / L2 Circuit)

      Ethernet-over-MPLS supports sending Layer 2 Ethernet frames transparently over MPLS using a tunneling mechanism for Ethernet traffic through an MPLS-enabled Layer 3 core. Pseudowire is a software mechanism for emulating various networking or telecommunications services across packet-switched networks that use Ethernet, IP, or MPLS. An Ethernet pseudowire is used to carry Ethernet or 802.3 PDUs over an MPLS network enabling service providers to offer emulated Ethernet services over existing MPLS networks. There are several label distribution protocols used such as Label Distribution Protocol (LDP) or RSVP; another technique is piggybacking on routing protocols such as BGP and OSPF.

    • Static and dynamic Ethernet pseudowire over LDP and RSVP tunnels

      Pseudowire is a software mechanism for emulating various networking or telecommunications services across packet-switched networks that use Ethernet, IP, or MPLS. Label Distribution Protocol (LDP) and RSVP are label distribution protocols used by MPLS.

    • Pseudowire over aggregated Ethernet on core-facing interfaces

      Pseudowire is a software mechanism for emulating various networking or telecommunications services across packet-switched networks that use Ethernet, IP, or MPLS.

    • RSVP fast-reroute including link-protection and node-link-protection

      One label distribution protocol used for MLPS data transmission is RSVP.

    [See MPLS Feature Support on the QFX Series and the EX4600 Switch.]

Security

  • Media Access Control Security (MACsec) support (EX4600 switches)—Starting with Junos OS Release 14.1X53-D15, MACsec is supported on all built-in SFP+ interfaces on an EX4600 switch. MACsec is also supported on all eight SFP+ interfaces on the EX4600-EM-8F expansion module when it is installed in an EX4600 switch. MACsec is an industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. MACsec is capable of identifying and preventing most security threats, and can be used in combination with other security protocols to provide end-to-end network security. MACsec is standardized in IEEE 802.1AE. See also Documentation Updates.

    [See Understanding Media Access Control Security (MACsec).]

New Features in Release 14.1X53-D10

Authentication and Access Control

  • IPv6 for RADIUS AAA (EX3300, EX4200, EX4300, EX4500, and EX8200 switches and EX4300 Virtual Chassis)—Starting with Junos OS Release 14.1X53-D10, EX3300, EX4200, EX4300, EX4500, and EX8200 switches and EX4300 Virtual Chassis support IPv6, along with the existing IPv4 support, for user authentication, authorization, and accounting (AAA) using RADIUS servers.

    RADIUS authentication is a method of authenticating users who attempt to access the router or switch. To use RADIUS authentication on the switch, configure information about one or more RADIUS servers on the network by including one radius-server statement at the [edit system] hierarchy level for each RADIUS server.

    When you configure a source address for each configured RADIUS server, each RADIUS request sent to a RADIUS server uses the specified source address.

    • Authentication—Specify which source address Junos OS uses when accessing your network to contact an external RADIUS server for authentication. You configure the IPv6 source address for RADIUS authentication at the [edit system radius-server server-address source-address] hierarchy level.
    • Accounting—Specify which source address Junos OS uses when contacting a RADIUS server for sending accounting information. You configure the IPv6 source address for RADIUS authentication at the [edit system accounting destination radius server server-address source-address] hierarchy level.

    [See source-address.]

Bridging and Learning

  • RVI support for private VLANs (EX8200 switches and EX8200 Virtual Chassis)—Starting with Junos OS Release 14.1X53-D10, you can configure a routed VLAN interface (RVI) on an EX8200 switch or EX8200 Virtual Chassis to handle the Layer 3 traffic of intersecondary VLANs (community VLANs and isolated VLANs) in a private VLAN (PVLAN). By using an RVI to handle the routing within the PVLAN, you eliminate the need for an external router with a promiscuous port connection to perform this function.

    One RVI serves the entire PVLAN domain regardless of whether the domain consists of one or more switches. After you configure the RVI, Layer 3 packets received by the secondary VLAN interfaces are mapped to and routed by the RVI.

    [See Configuring a Routed VLAN Interface in a Private VLAN (CLI Procedure).]

  • Support for private VLANs (EX4300)—Starting with Junos OS Release 14.1X53-D10, EX4300 switches support private VLANs (PVLANs). PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the known communication between known hosts. PVLANs can be used to help ensure the security of service providers sharing a server farm, or to provide security to subscribers of various service providers sharing a common metropolitan area network.

    Note: An interface can belong to only one PVLAN domain.

    [See Understanding Private VLANs on EX Series Switches.]

  • Support for Layer 2 protocol tunneling (EX4300)—Starting with Junos OS Release 14.1X53-D10, EX4300 switches support Layer 2 protocol tunneling (L2PT). L2PT enables service providers to send Layer 2 protocol data units (PDUs) across the provider’s cloud and deliver them to Juniper Networks EX Series Ethernet Switches that are not part of the local broadcast domain. This feature is useful when you want to run Layer 2 protocols on a network that includes switches located at remote sites that are connected across a service provider network. For example, it can help you provide transparent LAN services over a metropolitan Ethernet infrastructure. L2PT operates under the Q-in-Q tunneling configuration; therefore, you must enable Q-in-Q tunneling before you can configure L2PT.

    The Layer 2 protocol to be tunneled can be one of the following: 802.3AH, CDP, LACP, LLDP, MVRP, STP, VTP, GVRP, or VSTP.

    Note: L2PT does not support the following on EX4300 switches:

    • drop-threshold or shutdown-threshold statements
    • The all option for setting the Layer 2 protocol
    • 802.1X authentication

    [See Understanding Layer 2 Protocol Tunneling on EX Series Switches.]

  • MAC notification (EX4300 and EX4600)—Starting with Junos OS Release 14.1X53-D10, MAC notification is supported on EX4300 and EX4600 switches. The switches track clients on a network by storing MAC addresses in the Ethernet switching table on the switch. When switches learn or unlearn a MAC address, SNMP notifications can be sent to the network management system at regular intervals to record the addition or removal of the MAC address. This process is known as MAC notification.

    The MAC Notification MIB controls MAC notification for the network management system.

    The MAC notification interval defines how often these SNMP notifications are sent to the network management system. The MAC notification interval works by tracking all MAC address additions or removals on the switch over a period of time and then sending all tracked MAC address additions or removals to the network management server at the end of the interval.

    Enabling MAC notification allows you to monitor the addition and removal of MAC addresses from the Ethernet switching table remotely using a network management system. The advantage of setting a high MAC notification interval is that the amount of network traffic is reduced because updates are sent less frequently. The advantage of setting a low MAC notification interval is that the network management system is better synchronized with the switch.

    Two new MIBs related to MAC notification are provided at Junos OS Release 14.1X53-D10. See Documentation Updates.

    [See Configuring MAC Notification (CLI Procedure).]

  • Default VLAN and multiple VLAN range support (EX4300)—Starting with Junos OS Release 14.1X53-D10, the default VLAN and multiple VLAN range are supported on EX4300 switches. They provide the ability for the switch to operate as a plug and play device and connect to various Ethernet-enabled devices in a small, scaled enterprise network. When the switch boots, a VLAN named default is created. The default VLAN is automatically created for the default routing instance named default-switch. All interfaces on the switch are automatically configured as access interfaces and are part of the default VLAN.

    The default VLAN accepts and forwards untagged packets only and is preconfigured with a VLAN ID (vlan-id) of 1. The default VLAN does not support a VLAN ID list (vlan-id-list), vlan-id set to all, or vlan-id set to none. You can configure the VLAN ID to be another value, but the value must be between 1 and 4093.

    Access interfaces that are enabled for VoIP or 802.1X are internally converted to trunk interfaces, so that the interfaces can belong to multiple VLANs. If the interfaces do not belong to a valid VLAN, the interfaces automatically become part of the default VLAN.

    You can configure more than one VLAN range, and each range can contain unique VLAN properties.

    Note: Virtual Chassis interfaces cannot be preconfigured to belong to the default VLAN or any other VLAN.

    Note: For interfaces to be part of the default VLAN, you must configure the interfaces to be part of the Ethernet switching family. You can configure Ethernet switching at the [edit interfaces interface-name unit family] hierarchy level.

Class of Service

  • Explicit congestion notification (ECN) support (EX4300)—Starting with Junos OS Release 14.1X53-D10, ECN marking is supported on EX4300 switches—you enable it for packets in scheduler queues. Explicit congestion notification (ECN) enables end-to-end congestion notification between two endpoints on TCP/IP based networks. The two endpoints are an ECN-enabled sender and an ECN-enabled receiver. ECN must be enabled on both endpoints and on all intermediate devices between the endpoints for ECN to work properly. Any device in the transmission path that does not support ECN breaks the end-to-end ECN functionality.

    ECN notifies networks about congestion with the goal of reducing packet loss and delay by making the sending device decrease the transmission rate until the congestion clears, without dropping packets.

    To enable ECN, issue the set class-of-service schedulers name explicit-congestion-notification command.

Infrastructure

  • Licensing enhancements (EX Series)—Starting with Junos OS Release 14.1X53-D10, licensing enhancements on EX Series switches enable you to configure and delete license keys in a Junos OS CLI configuration file. The license keys are validated and installed after a successful commit of the configuration file. If a license key is invalid, the commit fails and issues an error message. You can configure individual license keys or multiple license keys by issuing Junos OS CLI commands or by loading the license key configuration contained in a file. All installed license keys are stored in the /config/license/ directory.

    To install an individual license key in the Junos OS CLI, issue the set system license keys key name command, and then issue the commit command.

    For example:

    [edit]
    root@switch# set system license keys key "JUNOS_TEST_LIC_FEAT testabc123"
    root@switch# commit
    commit complete

    To verify that the license key was installed, issue the show system license command.

    For example:

    root@switch> show system license
    License usage: 
                                     Licenses     Licenses    Licenses    Expiry
      Feature name                       used    installed      needed 
      sdk-test-feat1                        0            1           0    permanent
    
    Licenses installed: 
      License identifier: JUNOS_TEST_LIC_FEAT
      License version: 2
      Features:
        sdk-test-feat1   - JUNOS SDK Test Feature 1
          permanent
    

    To install multiple license keys in the Junos OS CLI, issue the set system license keys key name command, and then issue the commit command.

    For example:

    [edit]
    root@switch# set system license keys key "key_1"
    set system license keys key "key_2"
    set system license keys key "key_2"
    set system license keys key "key_4"
    root@switch# commit
    commit complete

    To verify that the license key was installed, issue the show system license command.

    To install an individual license key configuration in a file, issue the cat command:

    For example:

    [edit]
    root@switch%cat license.conf
    system {
        license {
            keys {
               key "JUNOS_TEST_LIC_FEAT testabc123";
            }
        }
    }
    

    Load and merge the license configuration file.

    For example:

    [edit]
    root@switch# load merge license.conf
    load complete 

    Issue the show | compare command to see the configuration, and then issue the commit command.

    For example:

    [edit]
    root@switch# show | compare
    [edit system]
    +   license {
    +       keys {
    +           key "JUNOS_TEST_LIC_FEAT testabc123";
    +       }
    +   }
    
    [edit]
    root@switch# commit

    To verify that the license key was installed, issue the show system license command.

    For example:

    root@switch> show system license
    License usage: 
                                     Licenses     Licenses    Licenses    Expiry
      Feature name                       used    installed      needed 
      sdk-test-feat1                        0            1           0    permanent
    
    Licenses installed: 
      License identifier: JUNOS_TEST_LIC_FEAT
      License version: 2
      Features:
        sdk-test-feat1   - JUNOS SDK Test Feature 1
          permanent
    

    To install multiple license keys in a file, issue the cat command:

    For example:

    [edit]
    root@switch%cat license.conf
    system
    {
    license
    {
      keys
      {
       key "key_1"
       key "key_2"
       key "key_3"
       ...
       key "key_n"
      }
    }
    

    Load and merge the license configuration file, and then issue the commit command.

    For example:

    [edit]
    root@switch# load merge license.conf
    load complete 
    [edit]
    root@switch# commit

    To verify that the license key was installed, issue the show system license command.

    You can also delete or deactivate individual and multiple license keys in the Junos OS CLI by issuing the delete system license keys or deactivate system license keys commands. Do not use the request system license delete command to delete the license keys.

    For example, to issue the delete system license keys command:

    [edit]
    root@switch# delete system license keys
    root@switch# commit

Interfaces and Chassis

  • Support for aggregated Ethernet link protection enhancements (EX4500)—Starting with Junos OS Release 14.1X53-D10, aggregated Ethernet link protection is enhanced on EX4500 switches to support a collection of Ethernet links within a LAG bundle. Link protection could earlier be used to protect a single link within a LAG bundle only. The ability to provide link protection for a collection of links in a LAG bundle is provided using link protection subgroups, which are introduced as part of this feature.

    [See Configuring LACP Link Protection of Aggregated Ethernet Interfaces (CLI Procedure).]

J-Web

  • J-Web interface available in two packages (EX2200, EX3200, EX3300, EX4200, EX4300, EX4500, EX4550, EX6200)—Prior to this release, the J-Web interface was available as a single package as part of Junos OS. Starting with Junos OS Release 14.1X53-D10, the J-Web interface is available in two packages:
    • The Platform package is installed as part of Junos OS, which provides basic functionalities of J-Web. You can use the Platform package to create a basic configuration and maintain your EX Series switch.
    • The Application package is an optionally installable package, which provides complete functionalities of J-Web that enable you to configure, monitor, maintain, and troubleshoot your switch. You must download the Application package and install it over the Platform package on your switch.

    For detailed information about the J-Web packages, see Release Notes: J-Web Application Package Release 14.1X53-A1 for Juniper Networks EX Series Ethernet Switches.

  • Browser support enhancements for the J-Web interface (EX2200, EX3200, EX3300, EX4200, EX4300, EX4500, EX4550, EX6200)—Starting with Junos OS Release 14.1X53-D10, the J-Web interface supports the following browsers:
    • Microsoft Internet Explorer versions 9 and 10
    • Mozilla Firefox versions 24 through 30
    • Google Chrome versions 27 through 36

    Tip: For best viewing of the J-Web application, set the screen resolution to 1440 X 900.

Layer 3 Protocols

  • IS-IS protocol (EX3300)—EX3300 switches now support the Intermediate System-to-Intermediate System (IS-IS) protocol. On EX3300 switches, the IS-IS configuration is available at the [edit protocols] hierarchy level.

    [See Layer 3 Protocols Supported on EX Series Switches.]

MPLS

  • Ethernet-over-MPLS (L2 circuit) (EX4600)—Starting with Junos OS Release 14.1X53-D10, Ethernet-over-MPLS is supported on EX4600 switches. Ethernet-over-MPLS enables you to send Layer 2 Ethernet frames transparently over an MPLS cloud. Ethernet-over-MPLS uses a tunneling mechanism for Ethernet traffic through an MPLS-enabled Layer 3 core. It encapsulates Ethernet protocol data units (PDUs) inside MPLS packets and forwards the packets, using label stacking, across the MPLS network.

    This technology has applications in service provider, enterprise, and data center environments. For disaster recovery purposes, data centers are hosted in multiple sites that are geographically distant and interconnected using a WAN network. These data centers require Layer 2 connectivity between them for the following reasons:

    • To replicate the storage over Fibre Channel over IP (FCIP). FCIP works only on the same broadcast domain.
    • To run a dynamic routing protocol between the sites.
    • To support high availability clusters that interconnect the nodes hosted in the various data centers.
  • MPLS-based Layer 3 VPNs (EX4600)—Starting with Junos OS Release 14.1X53-D10, MPLS-based Layer 3 VPNs are supported on EX4600 switches.

    Customer networks are private and can use either public addresses or private addresses. When customer networks that use private addresses connect to the public Internet infrastructure, the private addresses might overlap with private addresses being used by other network users. MPLS BGP VPNs solve this problem by adding the route distinguisher prefix to the route.

    You can configure the switch as a CE or PE device using Layer 3 MPLS/BGP VPN for interprovider and carrier-of-carrier VPNs. The key difference between interprovider and carrier-of-carriers VPNs is whether the customer sites belong to the same autonomous system (AS) or to a separate AS:

    • Interprovider VPNs—The customer sites belong to different ASs. You need to configure EBGP to exchange the customer’s external routes.
    • Carrier-of-carriers VPNs—The customer sites belong to the same AS. You need to configure IBGP to exchange the customer’s external routes.
  • MPLS LSP protection (EX4600)—Starting with Junos OS Release 14.1X53-D10, the following types of MPLS LSP protection are supported on EX4600 switches:
    • Fast reroute (FRR)
    • Link protection
    • Node link protection

[ See MPLS Overview.]

Network Management and Monitoring

  • Chef for Junos OS (EX4300)—Starting with Junos OS Release 14.1X53-D10, Chef for Junos OS is supported on EX4300 switches.
  • Puppet for Junos OS (EX4300)—Starting with Junos OS Release 14.1X53-D10, Puppet for Junos OS is supported on EX4300 switches.
  • Network analytics (EX4300)—Starting with Junos OS Release 14.1X53-D10, EX4300 switches support the network analytics feature. The network analytics feature provides visibility into the performance and behavior of the data center infrastructure. This feature collects data from the switch, analyzes the data by using sophisticated algorithms, and captures the results in reports. Network administrators can use the reports to help troubleshoot problems, make decisions, and adjust resources as needed. The analytics manager (analyticsm) in the Packet Forwarding Engine collects traffic and queue statistics, and the analytics daemon (analyticsd) in the Routing Engine analyzes the data and generates reports. You can enable network analytics by configuring microburst monitoring and high-frequency traffic statistics monitoring.

    [See Network Analytics Overview.]

  • Ethernet frame delay measurement (EX2200)—Starting with Junos OS Release 14.1X53-D10, you can obtain Ethernet frame delay measurements (ETH-DM) on an EX2200 switch. You can configure Operation, Administration, and Maintenance (OAM) statements for connectivity fault management (IEEE 802.1ag) to provide on-demand measurements of frame delay and frame delay variation (jitter). You configure the feature under the [edit protocols oam ethernet connectivity-fault-management] hierarchy level.
  • Support for native analyzers and remote port-mirroring capabilities (EX4300)—Starting with Junos OS Release 14.1X53-D10, native analyzers and remote port mirroring are supported on EX4300 switches. A native analyzer configuration contains both an input stanza and an output stanza in the analyzer hierarchy for mirroring packets. In remote port mirroring, the mirrored traffic is flooded into a remote mirroring VLAN that can be specifically created for the purpose of receiving mirrored traffic. On EX4300 switches, the analyzer configuration is available under the [edit forwarding-options] hierarchy level.

Port Security

  • IPv6 access security (EX2200 and EX3300)—Starting with Junos OS Release 14.1X53-D10, the following IPv6 access security features are supported on EX2200 and EX3300 switches: DHCPv6 snooping, IPv6 Neighbor Discovery Inspection, IPv6 source guard, and RA guard. DHCPv6 snooping enables a switch to process DHCPv6 messages between a client and a server and build a database of the IPv6 addresses assigned to the DHCPv6 clients. The switch can use this database, also known as the binding table, to stop malicious traffic. DHCPv6 includes the relay agent Remote-ID option, also known as Option 37, to optionally append additional information to the messages sent by the client towards the server. This information can be used by the server to assign addresses and configuration parameters to the client. IPv6 Neighbor Discovery inspection analyzes neighbor discovery messages sent between IPv6 nodes on the same link and verifies them against the DHCPv6 binding table. IPv6 source guard inspects all IPv6 traffic from the client and verifies the source IPv6 address and source MAC address against the entries in the DHCPv6 binding table. If no match is found, the traffic is dropped. RA guard examines incoming Router Advertisement (RA) messages and decides whether to forward or block them based on statically configured IPv6/MAC address bindings. If the content of the RA message does not match the bindings, the message is dropped.

    Starting with this release, Remote-ID (Option-37) is not added by default on when you enable dhcpv6-snooping.

    You configure DHCPv6 snooping, IPv6 Neighbor Discovery Inspection, and IPv6 source guard at the [edit ethernet-switching-options secure-access-port vlan vlan-name] hierarchy level. You configure RA guard at the [edit ethernet-switching-options secure-access-port interface interface-name] hierarchy level.

    [See Port Security Overview.]

  • IPv6 access security (EX4300)—Starting with Junos OS Release 14.1X53-D10, DHCPv6 snooping supports a configuration to optionally append the relay agent Remote ID (Option-37), Interface-ID (Option-18), and Vendor-Class (Option-16) to the DHCPv6 packets sent by a client. You can configure these options under the [edit vlans vlan-name forwarding-options dhcp-security dhcpv6-options] hierarchy level.
  • Media Access Control Security (MACsec) support for switch to host connections (EX4200, EX4300, and EX4550)—Starting with Junos OS Release 14.1X53-D10, MACsec is supported on links connecting EX4200, EX4300, and EX4550 switches to host devices, such as phones, servers, personal computers, or other endpoint devices. This feature also introduces MACsec dynamic mode and the ability to retrieve MACsec Key Agreement (MKA) keys from a RADIUS server, which are required to enable MACsec on a switch to host link.

    [See Understanding Media Access Control Security (MACsec).]

Virtual Chassis and Virtual Chassis Fabric

  • Alias support for Virtual Chassis and Virtual Chassis Fabric (VCF) nodes—Starting with Junos OS Release 14.1X53-D10, an alias can be used to label nodes in a Virtual Chassis and VCF. An alias enables you to more clearly identify a member switch in your Virtual Chassis or VCF by assigning a text label to it. The text label appears alongside the switch's serial number whenever operational commands, such as show virtual-chassis, are used to monitor Virtual Chassis status.

    [See aliases.]

Modified: 2017-11-29