Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 

New and Changed Features

This section describes the new features and enhancements to existing features in Junos OS Releases 15.1X53-D5x for the EX Series.

Note: The following EX Series platforms are supported in Junos OS Release 15.1X53-D5x: EX2300 and EX3400.

New Features in Release 15.1X53-D55

Hardware

  • 48-port EX2300 switch models—Starting with Junos OS Release 15.1X53-D55, EX2300 switch models EX2300-48T and EX2300-48P with 48 built-in network ports with 10/100/1000 BASE-T connectors are available as fixed configuration switches that provide connectivity for low-density environments. The ports in EX2300-48P provide Power over Ethernet (PoE) or Power over Ethernet Plus (PoE+) on all network ports.

Authentication and Access Control

  • Central Web authentication (EX2300 and EX3400)—Starting with Junos OS Release 15.1RX53-D55, you can configure central Web authentication to redirect Web browser requests to a login page that requires the user to input a username and password. Upon successful authentication, the user is allowed to access the network. The login process is handled by a central Web authentication server, which provides scaling benefits over local Web authentication, also known as captive portal.

    Central Web authentication is useful for providing network access to temporary users, such as visitors to a corporate site who are trying to access the network using devices that are not 802.1X-enabled. Web authentication can also be used as a fallback authentication method for regular network users who have 802.1X-enabled devices that fail authentication because of other issues, such as expired network credentials.

    [See Understanding Central Web Authentication.]

  • RADIUS-initiated changes to an authorized user session (EX2300 and EX3400)—Starting with Junos OS Release 15.1X53-D55, EX2300 and EX3400 switches support changes to an authorized user session that are initiated by the authentication server. The server can send the switch a Disconnect message to terminate the session or a Change of Authorization (CoA) message to modify the session authorization attributes. CoA messages are typically used to change data filters or VLANs for an authenticated host.

    [See Understanding RADIUS-Initiated Changes to an Authorized User Session.]

  • Flexible authentication order (EX2300 and EX3400)—Starting with Junos OS Release 15.1RX53-D55, you can configure the order of authentication methods that the switch will use to authenticate an end device. By default, the switch will first attempt to authenticate using 802.1X authentication, then MAC RADIUS authentication, and then captive portal. You can override the default order of authentication methods by configuring the authentication-order statement to specify that the switch use either 802.1X authentication or MAC RADIUS authentication first. Captive portal must always be last in the order of authentication methods.

    [See Understanding Authentication on EX Series Switches.]

  • RADIUS accounting interim updates (EX2300 and EX3400)—Starting with Junos OS Release 15.1RX53-D55, you can configure the switch to send periodic updates for a user accounting session at a specified interval to the accounting server. Interim accounting updates are included in the exchange of messages between the client and the accounting server. In RADIUS accounting, the client sends Accounting-Request messages to the server, which acknowledges receipt of the requests with Accounting-Response messages. Interim accounting updates are sent in Accounting-Request messages with the Acct-Status-Type set to Interim-Update.

    [See Understanding 802.1X and RADIUS Accounting on EX Series Switches.]

  • Support for multiple terms in a filter sent from the RADIUS server (EX2300 and EX3400)—Starting with Junos OS Release 15.1X53-D55, you can use RADIUS server attributes to implement dynamic firewall filters with multiple terms on a RADIUS authentication server. These filters can be dynamically applied on all switches that authenticate supplicants through that server, eliminating the need to configure the same filter on multiple switches. You can define the filters directly on the server by using the Juniper-Switching-Filter attribute, which is a RADIUS attribute specific to Juniper Networks, also known as a vendor-specific attribute (VSA). Filter terms are configured using one or more match conditions and a resulting action.

    [See Understanding Dynamic Filters Based on RADIUS Attributes.]

  • EAP-PAP protocol support for MAC RADIUS authentication (EX2300 and EX3400)—Starting with Junos OS Release 15.1X53-D55, you can configure the switch to use the Password Authentication Protocol (PAP) when authenticating clients with the MAC RADIUS authentication method. PAP transmits plaintext passwords over the network without encryption. It is required for use with Lightweight Directory Access Protocol (LDAP), which supports plaintext passwords for client authentication. This feature is configured by using the authentication- protocol CLI statement at the [edit protocols dot1x authenticator interface interface-name mac-radius] hierarchy level.

    [See Understanding Authentication on EX Series Switches.]

Port Security

  • IPv6 router advertisement (RA) guard (EX3400)—Starting with Junos OS Release 15.1X53-D55 for EX Series switches, IPv6 RA guard is supported on EX3400 switches. RA guard protects networks against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. RA guard works by validating RA messages based on whether they meet certain criteria, which are configured on the switch as a policy. RA guard inspects the RA message and compares the information contained in the message attributes to the policy. Depending on the policy, RA guard either drops or forwards the RA messages that match the conditions.

    [See Understanding IPv6 Router Advertisement Guard].

Virtual Chassis

  • NSSU (EX3400)—Starting with Junos OS Release 15.1X53-D55 for EX Series switches, EX3400 switches support the Non-Stop Software Upgrade feature. This support enables an NSSU upgrade from 15.1X53-D55 to a future release. You cannot upgrade from previous versions of 15.1X53 to 15.1X53-D55 using NSSU.

New Features in Release 15.1X53-D51

Hardware

  • Starting with Junos OS Release 15.1X53-D51, the DC-powered EX2300 switch model EX2300-24T-DC with 24 built-in network ports with 10/100/1000 BASE-T connectors is also available as a fixed configuration switch that provides connectivity for low-density environments.
  • Starting with Junos OS Release 15.1X53-D51, the DC-powered EX3400 model EX3400-24T-DC switch with 24 built-in network ports with 10/100/1000 BASE-T connectors is also available as a fixed configuration switch that provides connectivity for low-density environments.

New Features in Release 15.1X53-D50

Hardware

  • EX2300 switches—Starting with Junos OS Release 15.1X53-D50, EX2300 switches are available as fixed configuration switches that provide connectivity for low-density environments. They are available in models with 12 or 24 built-in network ports with 10/100/1000 BASE-T connectors that provide Power over Ethernet (PoE) or Power over Ethernet Plus (PoE+) on all network ports (in PoE-capable models). The compact, fanless EX2300-C switches have 12 network ports.

    EX2300-C switches have two 10-Gigabit Ethernet uplink ports that support 1-gigabit small form-factor pluggable (SFP) transceivers and 10-gigabit small form-factor pluggable plus (SFP+) transceivers. EX2300 switches except the EX2300-C switch model have four 10-Gigabit Ethernet uplink ports that support SFP and SFP+ transceivers. You can use these uplink ports as network ports or configure these ports as Virtual Chassis ports (VCPs) and use them to connect up to four switches by using SFP+ transceivers to form a Virtual Chassis.

  • EX3400 switches—Starting with Junos OS Release 15.1X53-D50, EX3400 switches are available as fixed configuration switches that provide connectivity for low-density environments. They are available in models with 24 or 48 built-in network ports with 10/100/1000 BASE-T connectors that provide Power over Ethernet (PoE) or Power over Ethernet Plus (PoE+) on all network ports (in PoE-capable models).

    EX3400 switches have four 10-Gigabit Ethernet uplink ports that support SFP transceivers and SFP+ transceivers and two 40-Gigabit Ethernet uplink ports that support quad small form-factor pluggable plus (QSFP+) transceivers. You can use these ports as network ports or as VCPs to connect up to ten switches to form one Virtual Chassis. The 40-Gigabit Ethernet uplink ports are configured as VCPs by default. To use these uplink ports as network ports, you must configure them as network ports. The10-Gigabit Ethernet uplink ports are configured as network ports by default. To use these uplink ports as VCPs, you must configure them as VCPs.

High Availability

  • Graceful Routing Engine switchover (GRES), nonstop active routing and nonstop bridging—High availability features refer to the hardware and software components that provide redundancy and reliability for network communications. EX2300 switches support GRES. EX3400 switches support GRES, nonstop active routing, and nonstop bridging.
  • Virtual Router Redundancy Protocol (VRRP) support—VRRP enables you to provide alternative gateways for end hosts that are configured with static default routes. You can implement VRRP to provide a high availability default path to a gateway without the need to configure dynamic routing or router discovery protocols on end hosts.

Interfaces and Chassis

  • Link aggregation—Link aggregation enables you to use multiple network cables and ports in parallel to increase link speed and redundancy.

Layer 2 Features

  • VLAN support—VLANs enable you to divide one physical broadcast domain into multiple virtual domains.
  • Link Layer Discovery Protocol (LLDP) support—LLDP enables a switch to advertise its identity and capabilities on a LAN, as well as receive information about other network devices.
  • Q-in-Q tunneling support—This feature enables service providers on Ethernet access networks to extend a Layer 2 Ethernet connection between two customer sites. By using Q-in-Q tunneling, providers can also segregate or bundle customer traffic into fewer VLANs or different VLANs by adding another layer of 802.1Q tags. Q-in-Q tunneling is useful when customers have overlapping VLAN IDs, because the customer’s 802.1Q (dot1Q) VLAN tags are prepended by the service VLAN (S-VLAN) tag.
  • Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and VLAN Spanning Tree Protocol (VSTP) support—These protocols enable a switch to advertise its identity and capabilities on a LAN and receive information about other network devices.

Layer 3 Features

  • OSPF support—The IPv4 OSPF protocol is an interior gateway protocol (IGP) for routing traffic within an autonomous system (AS). EX2300 and EX3400 switches support OSPFv1 and OSPFv2. You can configure OSPF at the [edit protocols ospf] hierarchy level.
  • Bidirectional Forwarding Detection (BFD) support for static routes and the OSPF, PIM, and RIP protocols—BFD uses control packets and shorter detection time limits to rapidly detect failures in a network. Hello packets are sent at a specified, regular interval by routing devices. A neighbor failure is detected when a routing device stops receiving a reply after a specified interval.

    You can configure BFD for static routes and for the OSPF, PIM, and RIP protocols.

Multicast Protocols

  • Internet Group Management Protocol (IGMP) support—IGMP manages the membership of hosts and routers in multicast groups. IP hosts use IGMP to report their multicast group memberships to any immediately neighboring multicast routers. Multicast routers use IGMP to learn, for each of their attached physical networks, which groups have members.
  • IGMP snooping support—IGMP snooping regulates multicast traffic in a switched network. With IGMP snooping enabled, a LAN switch monitors the IGMP transmissions between a host (a network device) and a multicast router, keeping track of the multicast groups and associated member interfaces. The switch uses that information to make intelligent multicast-forwarding decisions and forward traffic to the intended destination interfaces.

Network Management and Monitoring

  • SNMP support—SNMP support includes versions 1, 2, and 3 for monitoring system activity.
  • System logging (syslog) support—Syslog enables you to log system messages into a local directory on the switch or to a syslog server.
  • sFlow technology support—This feature provides monitoring technology for high-speed switched or routed networks. You can configure sFlow technology to monitor traffic continuously at wire speed on all interfaces simultaneously. sFlow technology also collects samples of network packets, providing visibility into network traffic information. You configure sFlow monitoring at the [edit protocols sflow] hierarchy level. sFlow operational commands include show sflow and clear sflow collector statistics.
  • Port mirroring support—Port mirroring copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface for local monitoring. You can use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on.

Security

  • Firewall filter support—You can provide rules that define whether to accept or discard packets. You can use firewall filters on interfaces, VLANs, integrated routing and bridging (IRB) interfaces, link aggregation groups (LAGs), and loopback interfaces.
  • Policing support—You can use policing to apply limits to traffic flow and to set consequences for packets that exceed those limits.
  • Storm control support—You can enable the switch to monitor traffic levels and take a specified action when a specified traffic level—called the storm control level—is exceeded, preventing packets from proliferating and degrading service. You can configure a switch to drop broadcast and unknown unicast packets, shut down interfaces, or temporarily disable interfaces when a traffic storm occurs.

System Management

  • Login authentication using RADIUS and TACACS+—You can use RADIUS and TACACS+ authentication to validate users who attempt to access the switch.
  • System utilization alarms support—This feature provides system alarms to alert you of high disk usage in the /var partition on the switch. You can display these alarm messages by issuing the show system alarms operational mode command if the /var partition usage is higher than 75 percent. A usage level between 76 and 90 percent indicates high usage and triggers a minor alarm condition, whereas a usage level over 90 percent indicates that the partition is full and triggers a major alarm condition.

Traffic Management

  • Class of service (CoS)—When a packet traverses a switch, the switch provides the appropriate level of service to the packet using either default class-of-service(CoS) settings or CoS settings that you configure. On ingress ports, the switch classifies packets into appropriate forwarding classes and assigns a loss priority to the packets. On egress ports, the switch applies packet scheduling and any rewrite rules to re-mark packets.
  • Class-of-service (CoS) rewrite rules and classifier support—You can use rewrite rules to set the value of the CoS bits within a packet header, and thereby alter the CoS settings of incoming packets. Packet classification maps incoming packets to a particular class-of-service (CoS) servicing level. You can use classifiers to map packets to a forwarding class and a loss priority and to assign packets to output queues based on the forwarding class.
  • Port scheduling with queue shaping support—You can manage excess traffic and avoid congestion on a network interface where traffic might exceed the maximum port bandwidth. You can manage parameters such as transmit rate, shaping rate, and priority on each queue.

Related Documentation

Modified: 2017-07-21