Creating and Managing Port Profiles
Port profiles provide a way to provision multiple switch interfaces, including Ethernet interfaces on EX Series switches, Campus Switching ELS, Data Center Switching devices, and fibre channel (FC) interfaces on Data Center Switching devices. In a Port profile, you can define a set of attributes to be shared by multiple interfaces. For example, you could create a Port profile for all access interfaces that connect to VoIP desk phones, configuring the appropriate class-of-service (CoS), authentication, and port security settings for these interfaces in the Port profile. You then assign the Port profile to those interfaces and deploy the resulting configuration on the interfaces.
Port profiles define only the shared attributes. You can configure specific attributes for an interface or a switch during the process of assigning a Port profile to an interface.
To manage or create Port profiles: In Build mode, select Port from Profile and Configuration Management in the Tasks pane. The Manage Port Profiles page appears.
This topic describes:
Managing Port Profiles
Use the Manage Port Profiles page to manage existing Port profiles and to create new ones. Port profiles enable the definition and application of a common set of attributes to interfaces.
From the Manage Port Profiles page, you can:
- Create a new profile by clicking Add. For details, see Creating Port Profiles.
- Modify an existing profile by selecting it and clicking Edit.
- Associate a Port profile to specific interfaces by selecting
it and clicking Assign.
During the assignment process, you will have an opportunity to configure interface-specific settings, such as IP address.
- Change a Port profile’s current interface assignments by selecting it and clicking Edit Assignments.
- View information about a profile, including the interfaces it is associated with, by selecting the profile and clicking Details or by clicking the profile name.
- Delete profiles by selecting the profiles and clicking Delete.
Tip: You cannot delete profiles that are in use—that is, assigned to objects or used by other profiles. To see the current assignments for a profile, click the profile name.
- Clone a profile by selecting a profile and clicking Clone.
Network Director provides a set of default Port profiles: Desktop Port, Desktop and Phone Port, Server Port, Switched Downlink, Switched Uplink, Wireless Access Port, and Custom Port. These profiles contain configuration appropriate for the named port role. You can manage these profiles the same way that you manage a user-created profile. For more information about these profiles, see Understanding Port Profiles.
Table 1 describes the information provided about Port profiles on the Manage Port Profiles page. This page lists all Port profiles defined for your network, regardless of your current selected scope in the network view.
Table 1: Manage Port Profiles Table
Column | Description |
|---|---|
Profile Name | Name given to the profile when the profile was created. Click the profile name to view profile details. |
Family Type | One of the following:
|
Description | Description of the Port profile that was entered when the profile was created. |
Port Family | One of the following:
|
Assignment State | One of the following states:
|
Creation Time | Date and time when this profile was created. |
Update Time | Date and time when this profile was last modified. |
User Name | The username of the user who created or modified the profile. |
| Tip: All columns might not be currently displayed. To show or hide fields in the table, click the down arrow on the field header, select Columns, and select or clear the check box adjacent to the field that you want to show or hide. |
Creating Port Profiles
To create a Port profile for EX Series switches, Campus Switching ELS, or Data Center Switching:
- Click
in the
Network Director banner. - Under Select View, select either Logical View, Location View, Device View or Custom
Group View.
Tip: Do not select Virtual View or Topology View.
- Click Port under Profile and Configuration
Management in the Tasks pane.
The Manage Port Profiles page appears.
- Click Add.
The Device Family Chooser appears.
- Select Switching (EX), Campus Switching
ELS, or Data Center Switching Non_ELS.
The Create Port Profile page appears for the selected family with the appropriate fields for configuring that family.
- Enter settings for the Port profile. For information about the Port profile settings, select the section for the type of port you are configuring:
Specifying Settings for an EX Switching Port Profile
Use the Create Port Profile page to define a common set of port attributes, which you can then apply to a group of interfaces. These directions address creating a Port profile for EX Series switches.
| Tip: You can reference a CoS profile, ingress and egress Filter profiles, and an Authentication profile in a Port profile. Create these profiles before you create Port profiles. You can also enable power over Ethernet (PoE). |
After you create a Port profile, you assign it to individual interfaces or to members of a port group. During this process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as the Access profile to use for all ports on the device. You can assign only one Port profile to an interface.
Table 2 describes the basic settings available in a Port profile. Table 3 describes the advanced settings. The defaults for these options depend on which Service Type you select.
Table 2: Port Profile Basic Settings for an EX Switching Port Profile
Field | Action |
|---|---|
Profile Name | A default name that corresponds to the Service Type is displayed—when you change the Service Type, this default profile name changes. You can also change the name of profile, using up to 64 alphanumeric characters and no special characters other than an underscore. The name must be unique among Port profiles. |
Description | A default description of the preconfigured service types appears by default. You can change the description of the Port profile, which will appear on Manage Port Profiles page. You can use up to 256 characters. |
Service Type | Select one the preconfigured switching options, Desktop Port, Desktop Phone Port, Switched Uplink, Switched Downlink, Server Port, or Wireless Access Port. To create your own switching or routing service type, select Custom. Tip: No preconfigured routing Service Types are provided. You must create them using the Custom option. |
Desktop Port default service type has the following default settings:
| |
Desktop Phone Port preconfigured service type has the following default settings:
| |
Switched Uplink preconfigured service type has the following default settings:
| |
Switched Downlink preconfigured service type has the following default settings:
| |
Server Port preconfigured service type has the following default settings:
| |
Wireless Access Port preconfigured service type has the following default settings:
| |
CoS Profile | Click Select to choose from existing CoS profiles. The CoS configuration contained in the CoS profile will be applied to the interfaces that the Port profile is assigned to when you deploy the configuration. Click OK. Some preconfigured Service Types have a default CoS profile—see Service Types for details. |
| Port Family Options The available settings and defaults for these options depend on which Service Type you selected—see Service Type for details. | |
Family Type | This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, indicate whether the interface operates as a Layer 2 (Switching) or a Layer 3 (Routing) interface. Tip: All preconfigured Service Types are for switching. If you select Routing, you configure an IP address on a per-interface basis when you assign the profile to individual interfaces. Tip: Service Type must be set to Custom to configure a routing interface. |
Port Mode | This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, select the port mode for the EX Series switching interface, either Access, Trunk, or Tagged Access.
|
Authentication Profile for these switching interfaces
only: | Select the Authentication profile for the interface from a list of existing profiles by clicking Select, selecting one of the listed profiles, and then clicking OK. By assigning an Authentication profile to the Port profile, you can enable 802.1X and captive portal authentication on interfaces. If you do not specify an Authentication profile, the interface is an open port and no authentication is required to connect. Note: You cannot configure 802.1X authentication on aggregated Ethernet interfaces. If you attempt to deploy a Port profile that contains an Authentication profile on an aggregated Ethernet interface, the deployment will fail. |
Ingress Filter | Select an Ingress Filter for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. |
Egress Filters | Select an egress Filter for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. |
| VLAN Options Available VLAN options depend on the Service Type selected. | |
Member VLANs | Select a VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. The VLAN is added to the Member VLANS list. |
Voice VLAN | Select a voice VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. The VLAN is added to the Member VLANS list. |
VLAN Options | This configuration includes both member VLANs and a Native VLAN option for Trunk ports and Tagged Access ports.
|
| Power over Ethernet
(PoE) You can enable PoE and display the configuration options by enabling Configure Power over Ethernet. | |
Configure Power over Ethernet | Enable to configure PoE settings. If you do not enable this option, Network Director will not send any PoE configuration commands to the device when the profile is deployed on the device. For example, if PoE is enabled on an interface, it will remain enabled. On EX Series switches, the factory default configuration enables PoE on all interfaces that support PoE. If you enable this option, the PoE settings in this profile will be deployed on the interfaces that support PoE. If you assign this Port profile to interfaces that do not support PoE, the profile will be deployed successfully on those interfaces, but the PoE settings will not take effect. |
Maximum Power (W) | Use the arrows to adjust the maximum PoE power in watts allocated to a PoE port. The powered device cannot draw more power than the wattage specified. If it does so, PoE power to the port is shut down. Maximum power for PoE is 15.4W, Extended PoE is 18.6W and PoE+ is 30W. The Maximum Power setting has no effect when the PoE management mode for a switch or line card is class mode, which is the default mode. In class mode, the power allocated to a PoE port is determined either by LLDP negotiation with the powered device or by the PoE class of the powered device if LLDP is not supported. You must set the PoE power management mode for the switch or line card to static mode for the Maximum Power setting to take effect. Do this in the Device Common Settings profile. If you specify a maximum wattage that is greater than the maximum wattage that can be supplied by the port, your configuration is accepted when the Port profile is deployed on the port. However, the maximum wattage is set to the port’s maximum supported wattage. The maximum supported wattages for PoE ports are:
Default: 15.4W |
Priority | Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by port number—ports with a lower port number have a higher power priority. Default: low priority |
Disable PoE | Select to disable PoE on the interfaces using this port profile. |
To use default Port profile Advanced Settings, click Done to create the Port profile. To configure Advanced Settings, click Advanced Settings and then provide the information in Table 3.
Table 3: Port Profile Advanced Settings
Field | Action |
|---|---|
| Advanced Settings Expand Advanced Settings to configure link settings and port security. The defaults for these options depend on which Service Type you selected. | |
Enable Auto Negotiation | Autonegotiation of link speed and duplex mode is enabled by default; clear to disable autonegotiation. If you disable autonegotiation, you must set link speed and link mode. You cannot disable autonegotiation if a link speed of 1 Gbps is configured. This configuration might be accepted, but autonegotiation will not be disabled. Note: This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Enable Flow Control | Select to enable flow control on the interface, which permits the switch suspend packet transmission for a set period of time in response to a PAUSE frame sent by a congested switch. Flow control applies only to links operating in 1 Gbps, full-duplex mode. |
Maximum Size (bytes) | Using the arrows, indicate the maximum transmission unit (MTU), which is the maximum size of Ethernet frames sent by the interface. To calculate the MTU, add 14 bytes overhead to the maximum payload you want sent. Range: 256 through 9216 bytes |
Speed | Select the link speed. If you select a link speed when autonegotiation is enabled, autonegotiation remains enabled and the interface will advertise the link speed that you specify as its maximum link speed. Note: This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Link Mode | Select the duplex mode, either Automatic, Full Duplex, or Half Duplex. Select Automatic to enable auto-negotiation when autonegotiation is enabled. Note: This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. You cannot select Half Duplex when link speed Autonegotiation or 1 Gbps. |
| Port Security
(Switching Interfaces Only) Select to enable port security (default); clear to disable port security. When port security is enabled, you can configure port security options such as learned MAC address limits on an interface. When port security is disabled, no port security is applied to the interface, including the default port security options. | |
Trust DHCP | Select to permit messages from a DHCP server to be received on the interface—this is the default. Clear to block all messages from a DHCP server from being received on the interface. Tip: For this port security feature to work, DHCP snooping must be enabled on the VLAN the interface belongs to. You can enable DHCP snooping on the VLAN in the VLAN profile. For directions, see Creating and Managing VLAN Profiles. |
MAC Limit | Type the number of MAC address that can be dynamically learned on the interface. Range: 1 through 163839 Default: For Desktop Ports, 1. For Desktop Phone Ports, 2. For all others, none. |
MAC Limit Action | Select the action to be taken if the MAC address limit is exceeded:
|
Allowed MAC List | Indicate the MAC addresses of devices that are allowed access to the interface in the Allowed MAC List. Any device whose MAC address does not match an address in the list will not be allowed access to the interface. A list with no entries means that a client with any MAC address is permitted to access the interface. To enter a MAC address, click Add and then type the MAC addresses in the field provided. Enter MAC addresses as two-character hexadecimal numbers separated by colons. Click Save to save the entry. Note: Configuring an allowed MAC address list does not block the switch from receiving Layer 2 control packets—such as Link Layer Discovery Protocol (LLDP) packets—transmitted from MAC addresses that are not specified in the address list. Control packets do not undergo the MAC address check. However, the switch does not forward them to another destination. Default: No entries |
If you configured Advanced Settings, click OK.
Click Done to create the port profile.
Specifying Settings for a Campus Switching ELS Port Profile
Use the Create Port Profile page to define a common set of port attributes in a Port profile. You can then apply the Port profile to interfaces on a group of Campus Switching ELS devices.
| Tip: In a Port profile, you can reference a CoS profile, ingress and egress filters, and an Authentication profile. You must reference a VLAN profile. Create these profiles before you create the Port profile. You can also enable power over Ethernet (PoE). |
After you create a Port profile, you can assign it to individual interfaces or to members of a Port group. During this assignment process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as the Access profile to use for all ports on the device. You can assign only one Port profile to an interface.
Table 4 describes the basic settings available in a Port profile. Table 5 describes the advanced settings. The defaults for these options depend on which Service Type you select.
Table 4: Port Profile Basic Settings For Campus Switching ELS
Field | Action |
|---|---|
Profile Name | Type the name of profile, using up to 64 alphanumeric characters and no special characters other than an underscore. The name must be unique among Port profiles. |
Description | Type a description of the Port profile, which will appear on Manage Port Profiles page. You can use up to 256 characters. |
Service Type | Select one the preconfigured options Desktop Port, Desktop Phone Port, Switched Uplink, Switched Downlink, Server Port, or Wireless Access Port. To create your own service type, select Custom. |
Desktop Port service type has the following default settings:
| |
Desktop Phone Port service type has the following default settings:
| |
Switched Uplink service type has the following default settings:
| |
Switched Downlink service type has the following default settings:
| |
Server Port service type has the following default settings:
| |
Wireless Access Port service type has the following default settings:
| |
CoS Profile | Click Select to choose from existing CoS profiles. The CoS configuration contained in the CoS profile will be applied to the interfaces that the Port profile is assigned to when you deploy the configuration. Most Service Types use a default CoS Profile—for details, see Service Type. |
| Port Family Options The available settings and defaults for these options depend on which Service Type you selected. | |
Family Type: Switching or | This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, indicate whether the interface operates as a Layer 2 (Switching) or a Layer 3 (Routing) interface. Tip: Service Type must be set to Custom to configure a routing interface. If you select routing, you configure an IP address on a per-interface basis when you assign the profile to individual interfaces. |
Port Mode for switching interfaces only | This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, select the port mode for the interface, either Access, Trunk, or Tagged Access.
|
Authentication Profile for these switching interfaces
only: | Select the Authentication profile for the interface from a list of existing profiles by clicking Select. By assigning an Authentication profile to the Port profile, you can enable 802.1X and captive portal authentication on interfaces. If you do not specify an Authentication profile, the interface is an open port and no authentication is required to connect. Note: You cannot configure 802.1X authentication on aggregated Ethernet interfaces. If you attempt to deploy a Port profile that contains an Authentication profile on an aggregated Ethernet interface, the deployment will fail. |
Ingress Filter | Select an Ingress Filter for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. |
Egress Filters | Select an Egress Filter for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. |
| VLAN Options Available VLAN options depend on the Service Type selected. VLAN association is required for Campus Switching ELS. | |
Member VLAN | This configuration is for one VLAN. Select a VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. |
Voice VLAN | This configuration is for one VLAN. Select a voice VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. |
Native VLAN | These configurations include both member VLANs and a Native VLAN option. To configure the Native VLAN:
|
| Power over Ethernet (PoE) | |
Configure Power over Ethernet | Enable to configure PoE settings. If you do not enable this option, Network Director will not send any PoE configuration commands to the device when the profile is deployed on the device. For example, if PoE is enabled on an interface, it will remain enabled. If you enable this option, the PoE settings in this profile will be deployed on the interfaces that support PoE. If you assign this Port profile to interfaces that do not support PoE, the profile can be deployed successfully on those interfaces, but the PoE settings do not take effect. Tip: EX 9200 does not support PoE. |
Maximum Power (W) | Use the arrows to adjust the maximum PoE power allocated to a PoE port in watts. The powered device cannot draw more power than the wattage specified. If it does so, PoE power to the port is shut down. The Maximum Power setting has no effect when the PoE management mode for the switch or line card is class mode, which is the default mode. In class mode, the power allocated to a PoE port is determined either by LLDP negotiation with the powered device or by the PoE class of the powered device if LLDP is not supported. You must set the PoE power management mode for the switch or line card to static mode for the Maximum Power setting to take effect. You can do so in Device Common Settings profile. If you specify a maximum wattage that is greater than the maximum wattage that can be supplied by the port, your configuration is accepted when the Port profile is deployed on the port. However, the maximum wattage is set to the port’s maximum supported wattage. The maximum supported wattages for PoE ports are:
Default: 15.4W |
Priority | Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by port number—ports with a lower port number have a higher power priority. Default: low priority |
Disable PoE | Select to disable PoE on the interface. |
To skip Advanced Settings and use default Advanced Settings, click Done to create the port profile. To configure Advanced Settings, click Advanced Settings and then provide the information in Table 5.
Table 5: Port Profile Advanced Settings for Campus Switching ELS
Field | Action |
|---|---|
| Link Settings The defaults for these settings depend on which Service Type you selected. | |
Enable Auto Negotiation | Autonegotiation of link speed and duplex mode is enabled by default; remove the check mark to disable autonegotiation. Tip: If you disable autonegotiation, you must set link speed and link mode. You cannot disable autonegotiation if a link speed of 1 Gbps is configured. This configuration might be accepted, but autonegotiation will not be disabled. Note: This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Enable Flow Control | Select to enable flow control on the interface, which permits the switch suspend packet transmission for a set period of time in response to a PAUSE frame sent by a congested switch. Flow control applies only to links operating in 1 Gbps, full-duplex mode. |
Maximum Size (bytes) | Type the maximum transmission unit (MTU), which is the maximum size of Ethernet frames sent by the interface. To calculate the MTU, add 14 bytes overhead to the maximum payload you want sent. Range: 256 through 9216 bytes |
Speed | Select the link speed. If you select a link speed when autonegotiation is enabled, autonegotiation remains enabled and the interface will advertise the link speed that you specify as its maximum link speed. Note: This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Link Mode | Select the duplex mode. Select Automatic to enable auto-negotiation when autonegotiation is enabled. Note: This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. You cannot select Half Duplex when link speed Autonegotiation or 1 Gbps. |
| Port Security
(Switching Interfaces Only) The defaults for these settings depend on which Service Type you selected. | |
Port Security | Select to enable port security; clear to disable port security. When port security is enabled, you can configure port security options on an interface, such as learned MAC address limits. When port security is disabled, no port security is applied to the interface, including the default port security options. Default: Port security is disabled |
Trust DHCP | Select to permit messages from a DHCP server to be received on the interface. Clear to block all messages from a DHCP server from being received on the interface. Tip: For this port security feature to work, DHCP snooping must be enabled on the VLAN the interface belongs to. You can enable DHCP snooping on the VLAN in the VLAN profile. |
MAC Limit | Using the arrows, indicate the number of MAC addresses that can be dynamically learned on the interface. Note: This setting is required when you enable port security. Range: 1 through 163839 |
MAC Limit Action | Select the actions to be taken if the MAC address limit is exceeded:
|
Allowed MAC List | Add the MAC addresses of devices that are allowed access to the interface in the Allowed MAC List. Any device whose MAC address does not match an address in the list will not be allowed access to the interface. However, a list with no entries means that a client with any MAC address is permitted to access the interface. To add a MAC address, click Add and type the MAC addresses in the Enter MAC addresses here... field. Enter MAC addresses as two-character hexadecimal numbers separated by colons. Click Save to save the entry. Note: Configuring an allowed MAC address list does not block the switch from receiving Layer 2 control packets—such as Link Layer Discovery Protocol (LLDP) packets—transmitted from MAC addresses that are not specified in the address list. Control packets do not undergo the MAC address check. However, the switch does not forward them to another destination. |
Click OK to close the Advanced Settings window.
Click Done to save the Port profile for Campus Switching ELS.
Specifying Settings for the Data Center Switching Port Profile
Use the Create Port Profile page to define a common set of attributes in a Port profile, which you can then apply to a group of interfaces on Data Center Switching devices. Data Center Switching Port profiles can be one of two types, Ethernet Port or Fibre Channel (FC) Port.
| Tip: You can reference the following profile types in an Ethernet Port profile: CoS, Filter (ingress and egress), Authentication, and VLAN. Create these profiles and maps before you create Port profiles. |
After you create a Port profile, you can assign it to either individual interfaces or to members of port groups. During this process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as the Access profile to use for all ports on the device. You can assign only one Port profile to either an interface or port group.
Table 6 describes the basic settings available in the data center Port profile. Table 7 describes the standard settings available for an Ethernet port profile. Table 8 describes the advanced settings available for an Ethernet port profile. Table 9 describes the settings available for an FC port profile.
Table 6: Port Profile Basic Settings for Data Center Ports
Field | Action |
|---|---|
Profile Name | Type the name of profile, using up to 64 alphanumeric characters and no special characters other than an underscore. The name must be unique among Port profiles. |
Description | Type a description of the Port profile, which will appear on Manage Port Profiles page. You can use up to 256 characters. |
Service Type | Select a service type for the profile. The service type describes the function that the port will serve. Selecting a service type automatically configures some of the other page fields to support that service type. Some of the automatic settings are mandatory for the service type, so you cannot edit those fields. Select one the preconfigured switching options, Desktop Port, Desktop Phone Port, Switched Uplink, Switched Downlink, Server Port, FCoE Gateway, Fibre Channel Port, or FCoE Transit Port. To create your own switching or routing service type, select Custom. Tip: No preconfigured routing Service Types are provided. You must create them using the Custom option. |
Desktop Port service type has the following default settings:
| |
Desktop Phone Port service type has the following default settings:
| |
Switched Uplink service type has the following default settings:
| |
Switched Downlink service type has the following default settings:
| |
Server Port service type has the following default settings:
| |
FCoE Gateway service type has the following default settings:
| |
Fibre Channel Port service type has the following default settings:
| |
FCoE Transit Port service type has the following default settings:
| |
Port Type | If you selected the service type Custom, select the port type. If you selected a service type other than Custom, you cannot edit this field. Each port type has a different set of fields to configure. The options are Ethernet Port or Fibre Channel Port. |
Table 7: Port Profile Settings for Data Center Ethernet Ports
Field | Action |
|---|---|
CoS Profile | Click Select to choose from existing CoS profiles. The CoS configuration contained in the CoS profile will be applied to the interfaces that the Port profile is assigned to when you deploy the configuration. For QFX Series and QFabric devices, only a Hierarchical CoS profile is applicable. For EX4500 and EX4550 Series devices, only a Non Hierarchical CoS profile is applicable. |
| Port Family Options The available settings and defaults for these options depend on which Service Type you selected. | |
Switching | Select whether the interface operates as a Layer 2 (switching) or a Layer 3 (routing) interface. Tip: If you select routing, you configure an IP address on a per-interface basis when you assign the profile to individual interfaces. |
Port Mode | (Switching interfaces only) Select the port mode for the interface:
|
Authentication Profile | (Applicable to switching interfaces on EX4500 and EX4550 switches only) Select the Authentication profile for the interface from a list of existing profiles by clicking Select. By assigning an Authentication profile to the Port profile, you can enable 802.1X and captive portal authentication on interfaces. If you do not specify an Authentication profile, the interface is an open port and no authentication is required to connect. Note: You cannot configure 802.1X authentication on aggregated Ethernet interfaces. If you attempt to deploy a Port profile that contains an Authentication profile on an aggregated Ethernet interface, the deployment will fail. |
Ingress Filter | Select an ingress Filter profile for the interface from a list of existing profiles by clicking Select. |
Egress Filters | Select an egress Filter profile for the interface from a list of existing profiles by clicking Select. |
| VLAN Options Available VLAN options depend on the Service Type selected. | |
VLAN Profile | (Access ports only) Select a VLAN profile for the interface from a list of existing profiles by clicking Select. |
VLAN profile list | (Trunk and Tagged Access ports only) Select a set of VLAN profiles for the interface from a list of existing profiles by using the Add and Remove functions. |
Native VLAN | (Trunk and Tagged Access ports only) Select a native VLAN profile for the interface from a list of existing profiles by clicking Select. |
Voice VLAN | (Applicable to access ports on EX4500 and EX4550 switches only) Select a voice VLAN for the interface by clicking Select, selecting one of the listed profiles, and then clicking OK. |
| DCBX Settings Data Center Bridging Capability Exchange protocol is a discovery and exchange protocol for conveying configuration and capabilities among network neighbors to ensure consistent configuration across the network. It is an extension of the Link Layer Data Protocol (LLDP, described in IEEE 802.1AB). The defaults for these settings depend on which Service Type you selected. | |
DCBX Version | Select one of the following versions of the Data Center Bridging Capability Exchange protocol:
|
Disable DCBX | Select this option to turn off Data Center Bridging Capability Exchange protocol. |
Disable Priority Flow Control | Select this option to turn off priority flow control. Priority-based flow control (PFC) is a link-level flow control mechanism defined by IEEE 802.1Qbb that enables independent flow control for each class of service (as defined in the 3-bit CoS field of the Ethernet header by IEEE 802.1Q tags) to ensure that no frame loss from congestion occurs in DCB networks. |
ETS No Auto Negotiation | Select this option to turn off ETS auto-negotiation. Enhanced transmission selection (ETS) is a mechanism that provides finer granularity of bandwidth management within a link. |
Recommendation TLV | Select either Enable TLV or Disable TLV. The enhanced transmission selection (ETS) Recommendation TLV communicates the ETS settings that the switch wants the connected peer interface to use. If the peer interface is “willing,” the peer interface changes its configuration to match the configuration in the ETS Recommendation TLV. By default, the switch interfaces send the ETS Recommendation TLV to the peer. The settings communicated are the egress ETS settings defined by configuring hierarchical scheduling on the interface. |
Advanced Settings | Click to set advanced settings. See Table 8 for information about the advanced settings. |
Table 8: Port Profile Advanced Settings for Data Center Ethernet Ports
Field | Action |
|---|---|
| Link Settings
Options The defaults for these settings depend on which Service Type you selected. | |
Enable Auto Negotiation | Select to enable autonegotiation of link speed and duplex mode; clear to disable autonegotiation. If you disable autonegotiation, you must set link speed and link mode. You cannot disable autonegotiation if a link speed of 1 Gbps is configured. This configuration might be accepted, but autonegotiation will not be disabled. Note: This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Enable Flow Control | Select to enable flow control on the interface, which permits the switch suspend packet transmission for a set period of time in response to a PAUSE frame sent by a congested switch. Flow control applies only to links operating in 1 Gbps, full-duplex mode. |
Maximum Size (bytes) | Type the maximum transmission unit (MTU), which is the maximum size of Ethernet frames sent by the interface. To calculate the MTU, add 14 bytes overhead to the maximum payload you want sent. Range: 256 through 9216 bytes |
Speed | Select the link speed. If you select a link speed when autonegotiation is enabled, autonegotiation remains enabled and the interface will advertise the link speed that you specify as its maximum link speed. Note: This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Link Mode | Select the duplex mode. Select Automatic to enable autonegotiation when autonegotiation is enabled. Note: This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. You cannot select Half Duplex when link speed Autonegotiation or 1 Gbps. |
| Port Security
Options (Switching Interfaces Only) The defaults for these settings depend on which Service Type you selected. | |
Port Security | Select to enable port security; clear to disable port security. When port security is enabled, you can configure port security options on an interface, such as learned MAC address limits. When port security is disabled, no port security is applied to the interface, including the default port security options. |
Trust DHCP | Select to permit messages from a DHCP server to be received on the interface. Clear to block all messages from a DHCP server from being received on the interface. Tip: For this port security feature to work, DHCP snooping must be enabled on the VLAN the interface belongs to. You can enable DHCP snooping on the VLAN in the VLAN profile. |
FCoE Trusted | Select to configure the interface to trust Fibre Channel over Ethernet (FCoE) traffic. If an interface is connected to another switch such as an FCoE forwarder (FCF) or a transit switch, you can configure the interface as trusted so that the interface forwards FCoE traffic from the switch to the FCoE devices without installing FIP snooping filters. |
MAC Limit | Type the number of MAC address that can be dynamically learned on the interface. This setting is disabled if the port is set to Trunk mode. Note: This setting is required when you enable port security. Range: 1 through 163839 |
MAC Limit Action | Select the actions to be taken if the MAC address limit is exceeded. This setting is disabled if the port is set to Trunk mode.
|
Allowed MAC List | Enter the MAC addresses of devices that are allowed access to the interface in the Allowed MAC List. Any device whose MAC address does not match an address in the list will not be allowed access to the interface. A list with no entries means that a client with any MAC address is permitted to access the interface. This setting is disabled if the port is set to Trunk mode. To enter a MAC address, click Add and type the MAC addresses in the field provided. Enter MAC addresses as two-character hexadecimal numbers separated by colons. Click Save to save the entry. Note: Configuring an allowed MAC address list does not block the switch from receiving Layer 2 control packets—such as Link Layer Discovery Protocol (LLDP) packets—transmitted from MAC addresses that are not specified in the address list. Control packets do not undergo the MAC address check. However, the switch does not forward them to another destination. |
Table 9: Port Profile Settings for Data Center FC Ports
Field | Action |
|---|---|
Profile Name | Type the name of profile, using up to 64 alphanumeric characters and no special characters other than an underscore. The name must be unique among Port profiles. |
Description | Type a description of the port profile, which will appear on Manage Port Profiles page. You can use up to 256 characters. |
Port Type | Select Fibre Channel Port. The remaining settings change to fibre channel settings. |
| Fibre Channel Settings | |
Speed | Select the FC speed, Auto (default), 2Gbps, 4Gbps, or 8Gbps. |
Buffer to Buffer State Change Number | Configure the buffer-to-buffer credit state change number to prevent the permanent loss of Fibre Channel credits over time (buffer-to-buffer credit recovery). Select a number from 0 through 15. |
Loopback Setting | Select Loopback to configure an FC loopback interface. |
What to Do Next
After you create a Port profile, you can assign it to interfaces or members of port groups. During this process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as which Access profile to use for all ports on the device. For more information, see Assigning a Port Profile to Interfaces.
