Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Create Management Connectivity Between a CPE and a Switch

To set up management connectivity between an SRX Series Customer Premise Equipment (CPE) and an EX Series switch or an access point (AP), create a zone-based LAN segment and include the CPE port (to be connected to the switch or AP) in it. This LAN segment is associated with a security zone for underlay breakout. If you have configured a LAG interface to manage the connectivity to the switch, you can add the Aggregated Ethernet (ae) interface to the LAN. This step creates reachability between the EX Series switch and Juniper Mist.

To create management connectivity between a CPE and an EX Series switch or an AP:

  1. Click Resources > Devices.
  2. Select a CPE from the list of devices displayed and click More > Manage Switch Connectivity.

    The Manage Switch Connectivity page is displayed.


    You can configure the management connectivity on a CPE only if its Management Status is Provisioned.

  3. On the right side of the Management Connectivity section, click the + icon.

    The Create Management Pool page is displayed.

    Alternatively, you can create a management pool (zone-based LAN segment) from the Add LAN Segment screen (Resources > Site Management > site-name > LAN (tab) > +. When you create a LAN segment, disable the Use for Overlay VPN option to associate the LAN segment with a security zone for underlay breakout.

  4. Complete the configuration settings according to the guidelines provided in Table 1.
  5. Click OK.

    The LAN segment is added to the list in the Management Connectivity section on the Manage Switch Connectivity page.

    On clicking OK, CSO applies the configuration and displays the switch or AP connected to the CPE in the Device Name column on Devices page (Resources > Devices), if a switch or an AP is already connected to the CPE. Also, the Connected Switches column in the Sites List on the Site Management page displays the number of switches connected to the CPE.

    To view a switch or an AP which is connected to a CPE at a later time (after the Management Pool was created), select the CPE from the Device page and click Discover Connected Device.

Table 1: Fields on the Create Management Pool page




Enter a name for the LAN segment.

CPE Port

Select the CPE port to be added to the management pool (the zone-based LAN segment). If you are using a LAG interface to connect the CPE to the switch or an AP, select an aggregated Ethernet (ae) interface. In case of dual CPE deployments, you can select a reth interface.


Ensure that you have enabled LLDP on the interface selected.


Specify a VLAN ID for this LAN Segment. By default, VLAN ID is set to 1 and native VLAN is enabled for untagged traffic.

Use for Native VLAN

Enable this option to use the specified VLAN ID for untagged traffic. The CPE interface is configured with a native-vlan-id, which has the same value as the VLAN ID.

Gateway Address/Mask

Enter a valid gateway IP address and mask for the LAN segment. This address will be the default gateway for endpoints in this LAN segment.

For example:


Select a security zone to be associated with this LAN segment. Alternatively click Create Zone to create a new security zone and assign that to this LAN segment. See Adding a Security Zone for details.


For directly connected LAN segments, click the toggle button to enable DHCP.

You can enable DHCP if you want to assign IP addresses by using a DHCP server or disable DHCP if you want to assign a static IP address to the LAN segment.


If you enable DHCP, additional fields appear on the page.

Additional fields related to DHCP

Address Range Low

Enter the starting IP address in the range of IP addresses that can be allocated by the DHCP server to the LAN segment.

Address Range High

Enter the ending IP address in the range of IP addresses that can be allocated by the DHCP server to the LAN segment.

Maximum Lease Time

Specify the maximum duration (in seconds) for which a client can request for and hold a lease on the DHCP server.

Default: 1440

Range: 0 through 4,294,967,295 seconds.

Name Server

Specify one or more IPv4 addresses of the DNS server.

To enter more than one DNS server address, type the address, press Enter, and then type the next address.


DNS servers are used to resolve hostnames into IP addresses.