Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Contrail SD-LAN Model


Contrail SD-LAN extends the Contrail SD-WAN solution by allowing tenant administrators to deploy, manage, and maintain LAN devices such as EX Series LAN access switches, EX Series Virtual Chassis, and Mist wireless access points. This allows you to monitor remote-site LANs and manage deployed access switches, Virtual Chassis, and WLAN access points as shown in Figure 1.

Figure 1: SD-LAN Overview
SD-LAN Overview

As shown in the diagram, you can deploy EX Series switches or Virtual Chassis at a branch site behind an on-premises spoke device. You can also place them in a campus or data center environment behind a provider hub or enterprise hub. In either case, you can add Mist WiFi access points to the LAN segments. Such flexibility enables you to use CSO to provision, manage, and monitor LAN segments across your WAN infrastructure.

There are several ways that you can provision the EX Series switches:

  • By adding a site containing one or more switches and connecting the site to an Internet gateway device, as shown in Figure 2.

    Figure 2: Switch Behind Internet Gateway Device
    Switch Behind
Internet Gateway Device
  • By adding a site that contains both an NGFW and a switch.

  • By adding a switch to an NGFW site that is already provisioned and managed by CSO.

    For either of these NGFW scenarios, Figure 3 shows where you place the switch in the network.

    Figure 3: Switch Behind NGFW
    Switch Behind NGFW
  • By adding a site with an SD-WAN CPE device and a switch.

  • By adding a switch to an SD-WAN CPE device that is already provisioned and managed by CSO.

    For either of these SD-WAN CPE scenarios, Figure 4 shows a LAN switch behind a CPE device.

    Figure 4: Switch Behind CPE Device
    Switch Behind
CPE Device

The EX Series switches that you can deploy as SD-LAN switches include the EX2300, EX3400, EX4300, EX4600, and EX4650 switches and Virtual Chassis.

In any of these scenarios using SD-LAN, you can monitor your LAN switch or Virtual Chassis for the following:

  • Resource utilization

  • Status of ports

  • Alerts and alarms generated on the switch

  • Ports consuming the maximum bandwidth

  • Ports with the maximum number of errors

  • Ports with the maximum packet loss

Virtual Chassis support on EX Series switches is shown in Table 1.

Table 1: EX Series Virtual Chassis Support

EX Series Switches

Number of Virtual Chassis Members












CSO does not support mixed-mode virtual chassis configurations.

The Virtual Chassis must be pre-built with master, backup, and the minimal number of other member devices before provisioning in CSO. Only the master member’s serial number is needed during the initial provisioning of a Virtual Chassis. For details about creating EX Series Virtual Chassis, see:

Adding Mist WLAN access points to your managed EX switches at remote sites allows CSO to automatically manage the access points. This gives CSO even more visibility into your remote sites.

See the CSO Deployment Guide for more details.