Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

System Basics Configuration

 

Connecting and Configuring an EX Series Switch (J-Web Procedure)

There are two ways to connect and configure an EX Series switch: one method is through the console by using the CLI and the other is by using the J-Web interface.

Note

You cannot connect to and perform initial configuration of EX2200-24T-4G-DC, EX4300-48MP, EX4300-48MP-S switches, and EX4600 switches using EZSetup procedure from the J-Web interface. For EX2200-24T-4G-DC switches, you must use EZSetup from the switch console. For EX4300-48MP, EX4300-48MP-S, and EX4600 switches, you must use the CLI procedure through the switch console.

This topic describes the J-Web procedure.

Note

Before you begin the configuration, enable a DHCP client on the management PC that you will connect to the switch so that the PC can obtain an IP address dynamically.

Read the following steps before you begin the configuration. You must complete the initial configuration by using EZSetup within 10 minutes. The switch exits EZSetup after 10 minutes and reverts to the factory default configuration, and the PC loses connectivity to the switch.

  • EX2200 and EX2200-C switch—The LEDs on the network ports on the front panel blink when the switch is in the initial setup mode.

  • EX3200, EX3300, EX4200, EX4300 switches except EX4300-48MP and EX4300-48MP-S switches, EX4500, EX4550, EX6200, or EX8200 switch—The LCD panel displays a count-down timer when the switch is in initial setup mode.

    Note

    There is no LCD panel on EX4300-48MP and EX4300-48MP-S switches.

To connect and configure the switch by using the J-Web interface:

  1. Transition the switch into initial setup mode:
    • EX2200 and EX2200-C switch—Press the mode button located on the lower right corner of the front panel for 10 seconds.

    • EX3200, EX3300, EX4200, EX4300 switches except EX4300-48MP and EX4300-48MP-S switches, EX4500, EX4550, EX6200, or EX8200 switch—Use the Menu and Enter buttons located to the right of the LCD panel (see Figure 1 or Figure 2):

      Figure 1: LCD Panel in an EX3200, EX4200, EX4500, EX4550, or EX8200 Switch
      LCD Panel in an EX3200,
EX4200, EX4500, EX4550, or EX8200 Switch
      Figure 2: LCD Panel in an EX4300 Switches Except EX4300-48MP and EX4300-48MP-S Switches
      LCD Panel in an EX4300
Switches Except EX4300-48MP and EX4300-48MP-S Switches
        1
      LCD panel
        3
      LCD panel Menu button
        2
      LCD panel Enter button
        4
      Chassis status LEDs
      1. Press the Menu button until you see MAINTENANCE MENU. Then press the Enter button.

      2. Press Menu until you see ENTER EZSetup. Then press Enter.

        If EZSetup does not appear as an option in the menu, select Factory Default to return the switch to the factory default configuration. EZSetup is displayed in the menu of standalone switches only when a switch is set to the factory default configuration.

      3. Press Enter to confirm setup and continue with EZSetup.

  2. Connect the Ethernet cable from the Ethernet port on the PC to the switch.
    • EX2200, EX3200, or EX4200 switch—Connect the cable to port 0 (ge-0/0/0) on the front panel of the switch.

    • EX3300, EX4500, or EX4550 switch—Connect the cable to the port labeled MGMT on the front panel (LCD panel side) of the switch.

    • EX4300 switches except EX4300-48MP and EX4300-48MP-S switches—Connect the cable to the port labeled MGMT on the rear panel of the switch.

    • EX6200 switch—Connect the cable to one of the ports labeled MGMT on the Switch Fabric and Routing Engine (SRE) module in slot 4 or 5 in an EX6210 switch.

    • EX8200 switch—Connect the cable to the port labeled MGMT on the Switch Fabric and Routing Engine (SRE) module in slot SRE0 in an EX8208 switch or on the Routing Engine (RE) module in slot RE0 in an EX8216 switch.

    These ports are configured as the DHCP server with the default IP address, 192.168.1.1. The switch can assign an IP address to the management PC in the IP address range 192.168.1.2 through 192.168.1.253.

  3. From the PC, open a Web browser, type http://192.168.1.1 in the address field, and press Enter.
  4. On the J-Web login page, type root as the username, leave the password field blank, and click Login.
  5. On the Introduction page, click Next.
  6. On the Basic Settings page, modify the hostname, the root password, and date and time settings:
    • Enter the hostname. This is optional.

    • Enter a password and reenter the password.

    • Specify the time zone.

    • Synchronize the date and time settings of the switch with the management PC or set them manually by selecting the appropriate option button. This is optional.

    Click Next.

  7. Use the Management Options page to select the management scenario:Note

    On EX4500, EX6210, and EX8200 switches, only the out-of-band management option is available.

    • Configure in-band management. In in-band management, you configure a network interface or an uplink module (expansion module) interface as the management interface and connect it to the management device.

      In this scenario, you have the following two options:

      • Use the automatically created VLAN default for management—Select this option to configure all data interfaces as members of the default VLAN. Specify the management IP address and the default gateway.

      • Create a new VLAN for management—Select this option to create a management VLAN. Specify the VLAN name, VLAN ID, management IP address, and default gateway. Select the ports that must be part of this VLAN.

    • Configure out-of-band management—Configure the management port. In out-of-band management, you use a dedicated management channel (MGMT port) to connect to the management device. Specify the IP address and gateway of the management interface. Use this IP address to connect to the switch.

  8. Click Next.
  9. On the Manage Access page, you can select options to enable Telnet, SSH, and SNMP services. For SNMP, you can configure the read community, location, and contact.
  10. Click Next. The Summary screen displays the configured settings.
  11. Click Finish. The configuration is committed as the active switch configuration.Note

    After the configuration is committed, the connectivity between the PC and the switch might be lost. To renew the connection, release and renew the IP address by executing the appropriate commands on the management PC or by removing and reinserting the Ethernet cable.

  12. (For EX4500 switches only) In the CLI, enter the request chassis pic-mode intraconnect operational mode command to set the PIC mode to intraconnect.

You can now log in by using the CLI or the J-Web interface to continue configuring the switch.

If you use the J-Web interface to continue configuring the switch, the Web session is redirected to the new management IP address. If the connection cannot be made, the J-Web interface displays instructions for starting a J-Web session.

Configuring Date and Time for the EX Series Switch (J-Web Procedure)

Note

This topic applies only to the J-Web Application package.

To configure date and time on an EX Series switch:

  1. Select Configure > System Properties > Date & Time.
  2. To modify the information, click Edit. Enter information into the Edit Date & Time page as described in Table 26.
  3. Click one of the following options:
    • To apply the configuration, click OK.

    • To cancel your entries and return to the System Properties page, click Cancel.

      Note

      After you make changes to the configuration on this page, you must commit the changes for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes for details about all commit options.

Table 26: Date and Time Settings

Time

Function

Your Action

Time Zone

Identifies the timezone that the switching platform is located in.

Select the appropriate time zone from the list.

Set Time

Synchronizes the system time with that of the NTP server. You can also manually set the system time and date.

To immediately set the time, Click one of the following options:

  • Synchronize with PC time—The switch synchronizes the time with that of the PC.

  • NTP Servers—The switch sends a request to the NTP server and synchronizes the system time.

  • Manual—A pop-up window allows you to select the current date and time from a list.

Configuring System Identity for an EX Series Switch (J-Web Procedure)

Note

This topic applies only to the J-Web Application package.

To configure identification details for an EX Series switch:

  1. Select Configure > System Properties > System Identity. The System Identity page displays configuration details.
  2. To modify the configuration, click Edit. Enter information into the System Identity page as described in Table 27.Note

    After you make changes to the configuration on this page, you must commit the changes for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes for details about all commit options.

Table 27: System Identity Configuration Summary

Field

Function

Your Action

Host Name

Defines the hostname of the switching platform.

Type the hostname.

Domain Name

Defines the network or subnetwork that the machine belongs to.

Type the domain name.

Root Password

Sets the root password that user root can use to log in to the switching platform.

Type a plain-text password. The system encrypts the password.

Note: After a root password has been defined, it is required when you log in to the J-Web user interface or the CLI.

Confirm Root Password

Verifies that the root password has been typed correctly.

Retype the password.

DNS Name Servers

Specifies a DNS server for the switching platform to use to resolve hostnames into addresses.

To add an IP address, click Add.

To edit an IP address, click Edit.

To delete an IP address, click Delete.

Domain Search

Specifies the domains to be searched.

To add a domain, click Add.

To edit a domain click Edit.

To delete a domain, click Delete.

Configuring Management Access for the EX Series Switch (J-Web Procedure)

You can manage an EX Series switch remotely through the J-Web interface. To communicate with the switch, the J-Web interface uses HTTP. HTTP enables easy Web access, but uses no encryption. The data that is transmitted between the Web browser and the switch by means of HTTP is vulnerable to interception and attack. To enable secure Web access the switch supports HTTPS. You can enable HTTP or HTTPS access on specific interfaces and ports as needed.

Navigate to the Secure Access Configuration page by selecting Configure > System Properties > Management Access. On this page, you can enable HTTP and HTTPS access on interfaces for managing the EX Series switch through the J-Web interface. You can also install SSL certificates and enable Junos XML management protocol over SSL with the Secure Access page.

  1. Click Edit to modify the configuration. Enter information into the Management Access Configuration page as described in Table 28.
  2. To verify that Web access is enabled correctly, connect to the switch using the appropriate method:
    • For HTTP access—In your Web browser, type http://URL or http://IP address.

    • For HTTPS access—In your Web browser, type https://URL or https://IP address.

    • For SSL Junos XML management protocol access—To use this option, you must have a Junos XML management protocol client such as Junos Scope. For information about how to log in to Junos Scope, see the Junos Scope Software User Guide.

      Note

      After you make changes to the configuration on this page, you must commit the changes for them to take effect. To commit all changes to the active configuration, select Commit Options > Commit. See Using the Commit Options to Commit Configuration Changes for details about all commit options.

Table 28: Secure Management Access Configuration Summary

Field

Function

Your Action

Management Access tab

Management Port IP/Management Port IPv6

Specifies the management port IP address. The software supports both IPv4 ( displayed as IP) and IPv6 address.

Note: IPv6 is not supported on EX2200 and EX 4500 switches.

To specify an IPv4 address:

  1. Select the check box IPv4 address.
  2. Type an IP address—for example: 10.10.10.10.

    Note: In J-Web Application package Release 14.1X53-A2, EX4600 switches display two management ports, em0 and em1. In Type the IP address and subnet mask for any of the two management ports.

  3. Enter the subnet mask or address prefix. For example, 24 bits represents 255.255.255.0.
  4. Click OK.

To specify an IPv6 address:

  1. Select the check box IPv6 address.
  2. Type an IP address—for example:2001:ab8:85a3::8a2e:370:7334.
  3. Enter the subnet mask or address prefix.
  4. Click OK.

Default Gateway

Defines a default gateway through which to direct packets addressed to networks that are not explicitly listed in the bridge table constructed by the switch.

For IPv4 address type a 32-bit IP address, in dotted decimal notation. Type a 128-bit IP address for IPv6 address type.

Loopback address

Specifies the IP address of the loopback interface.

Type an IP address.

Subnet Mask

Specifies the subnet mask for the loopback interface.

Enter the subnet mask or address prefix.

Services tab  

Services

Specifies services to be enabled: telnet and SSH.

Select to enable the required services.

Enable Junos XML management protocol over Clear Text

Enables clear text access to the Junos XML management protocol XML scripting API.

To enable clear text access, select the Enable Junos XML management protocol over Clear Text check box.

Enable Junos XML protocol over SSL

Enables secure SSL access to the Junos XML management protocol XML scripting API.

To enable SSL access, select the Enable Junos XML management protocol over SSL check box.

Junos XML management protocol Certificate

Specifies SSL certificates to be used for encryption.

This field is available only after you create at least one SSL certificate.

To enable an SSL certificate, select a certificate from the Junos XML management protocol SSL Certificate list—for example, new.

Enable HTTP

Enables HTTP access on interfaces.

To enable HTTP access, select the Enable HTTP access check box.

Select and clear interfaces by clicking the direction arrows:

  • To enable HTTP access on an interface, add the interface to the HTTP Interfaces list. You can either select either all interfaces or specific interfaces.

Enable HTTPS

Enables HTTPS access on interfaces.

To enable HTTPS access, select the Enable HTTPS access check box.

Select and deselect interfaces by clicking the direction arrows:

  • To enable HTTPS access on an interface, add the interface to the HTTPS Interfaces list. You can either select either all interfaces or specific interfaces.

    Note: Specify the certificate to be used for HTTPS access.

Certificates tab

Certificates

Displays digital certificates required for SSL access to the switch.

Allows you to add and delete SSL certificates.

To add a certificate:

  1. Have a general SSL certificate available. See Generating SSL Certificates for more information.
  2. Click Add. The Add a Local Certificate page opens.
  3. Type a name in the Certificate Name box—for example, new.
  4. Open the certificate file and copy its contents.
  5. Paste the generated certificate and RSA private key in the Certificate box.

To edit a certificate, select it and click Edit.

To delete a certificate, select it and click Delete.

Generating SSL Certificates to Be Used for Secure Web Access (EX Series Switch)

You can set up secure Web access for an EX Series switch. To enable secure Web access, you must generate a digital Secure Sockets Layer (SSL) certificate and then enable HTTPS access on the switch.

To generate an SSL certificate:

  1. Enter the following openssl command in your SSH command-line interface on a BSD or Linux system on which openssl is installed. The openssl command generates a self-signed SSL certificate in the privacy-enhanced mail (PEM) format. It writes the certificate and an unencrypted 1024-bit RSA private key to the specified file.

    % openssl req –x509 –nodes –newkey rsa:1024 –keyout filename.pem -out filename.pem

    where filename is the name of a file in which you want the SSL certificate to be written—for example, my-certificate.

  2. When prompted, type the appropriate information in the identification form. For example, type US for the country name.
  3. Display the contents of the file that you created.

    cat my-certificate.pem

You can use the J-Web Configuration page to install the SSL certificate on the switch. To do this, copy the file containing the certificate from the BSD or Linux system to the switch. Then open the file, copy its contents, and paste them into the Certificate box on the J-Web Secure Access Configuration page.

You can also use the following CLI statement to install the SSL certificate on the switch:

[edit]

user@switch# set security certificates local my-signed-cert load-key-file my-certificate.pem

Rebooting or Halting the EX Series Switch (J-Web Procedure)

You can use the J-Web interface to schedule a reboot or to halt the switching platform.

To reboot or halt the switching platform by using the J-Web interface:

  1. In the J-Web interface, select Maintain > Reboot.
  2. Select one:
    • Reboot Immediately—Reboots the switching platform immediately.

    • Reboot in number of minutes—Reboots the switch in the number of minutes from now that you specify.

    • Reboot when the system time is hour:minute —Reboots the switch at the absolute time that you specify, on the current day. You must select a 2-digit hour in 24-hour format and a 2-digit minute.

    • Halt Immediately— Stops the switching platform software immediately. After the switching platform software has stopped, you can access the switching platform through the console port only.

  3. (Optional) In the Message box, type a message to be displayed to any users on the switching platform before the reboot occurs.
  4. Click Schedule. The J-Web interface requests confirmation to perform the reboot or halt.
  5. Click OK to confirm the operation.
    • If the reboot is scheduled to occur immediately, the switch reboots. You cannot access the J-Web interface until the switch has restarted and the boot sequence is complete. After the reboot is complete, refresh the browser window to display the J-Web interface login page.

    • If the reboot is scheduled to occur in the future, the Reboot page displays the time until reboot. You have the option to cancel the request by clicking Cancel Reboot on the J-Web interface Reboot page.

    • If the switch is halted, all software processes stop and you can access the switching platform through the console port only. Reboot the switch by pressing any key on the keyboard.

Release History Table
Release
Description
In J-Web Application package Release 14.1X53-A2, EX4600 switches display two management ports, em0 and em1.