Hardware

New EX4000 switches (EX Series)— We introduce the EX4000-12MP, EX4000-24MP, and EX4000-48MP cloud-native switches, which are managed in Juniper Mist Cloud for enabling simplicity of deployment, configuration, and troubleshooting. EX4000-12MP has eight 1Gbps and four 2.5Gbps PoE++ RJ-45 Ethernet ports. EX4000-24MP has 20 1Gbps and four 2.5Gbps PoE++ RJ-45 ports. EX4000-48MP has 40 1Gbps and eight 2.5Gbps PoE++ RJ-45 ports. All switches have four SFP+ 10Gbps uplink ports.

Table 1: EX4000-12MP, EX4000-24MP, and EX4000-48MP Feature Support
Feature	Description
Access and authentication	Support for 802.1X authentication. [See 802.1X Authentication.] Support for captive portal authentication. [See Captive Portal Authentication.]
Chassis	Support for chassis management features, such as: PSU, fan, and temperature sensor monitoring. Power management for PSUs and fans. When one fan fails, the switch can function with the other fan until fire shutdown temperature is reached. Fan speed adjustment based on the temperature readings or values reported by sensors. The system initiates shutdown when the temperature exceeds the fire shutdown threshold. [See show chassis temperature-thresholds.]
CoS	Support for class of service (CoS) features such as: Multi-Destination CoS L2 CoS (classification, rewrite, scheduling) L3 CoS (classification, rewrite, scheduling) Strict priority and low latency queueing Policers Weighted round robin (WRR) egress scheduling [See Junos OS CoS for EX Series Switches Overview.]
DDoS	Support for distributed denial of service (DDoS) protection. [See Control Plane Distributed Denial-of-Service (DDoS) Protection Overview.]
DHCP	Support for the following dynamic host configuration protocol (DHCP) features: DHCPv4 client DHCPv4 server DHCPv4 relay agent [See DHCP User Guide.]
Hardware	The cloud-native, low-cost, enterprise-grade switches support the following components and cooling feature: Ports: EX4000-12MP — 8x1G, 4x2.5G, PoE++ 60 W EX4000-24MP — 20x1G, 4x2.5G, PoE++ 60 W EX4000-48MP — 40x1G, 8x2.5G, PoE++ 60 W Virtual Chassis ports: EX4000-12MP — Two 1G/10G SFP+ (numbered 0 and 1) EX4000-24MP — Two 1G/10G SFP+ (numbered 0 and 1) EX4000-48MP — Two 1G/10G SFP+ (numbered 0 and 1) Uplink ports: EX4000-12MP — Two 1G/10G SFP+ (numbered 2 and 3) EX4000-24MP — Two 1G/10G SFP+ (numbered 2 and 3) EX4000-48MP — Two 1G/10G SFP+ (numbered 2 and 3) Power supply All the switches have internal fixed power supplies. Cooling EX4000-12MP — Natural convection cooling, fanless. EX4000-24MP — Two inbuilt fans EX4000-48MP — Three inbuilt fans
Interfaces	EX4000-12MP, EX4000-24MP, and EX4000-48MP support two PICs each. PIC 0 speed configuration on: EX4000-12MP—Four 100-Mbps/1-Gbps/2.5-Gbps ports and eight 10-Mbps/100-Mbps/1-Gbps ports. EX4000-24MP—Four 100-Mbps/1-Gbps/2.5-Gbps ports and twenty 10-Mbps/100-Mbps/1-Gbps ports. EX4000-48MP—Eight 100-Mbps/1-Gbps/2.5-Gbps ports and forty 10-Mbps/100-Mbps/1-Gbps ports. PIC 1 on all the three switches comprises of four 1-Gbps/10-Gbps ports. [See Port Speed and Network Interfaces for EX Series.] Perpetual and Fast PoE support— All the ports of EX4000-12MP, EX4000-24MP, and EX4000-48MP switches support PoE and PoE++. If you enable perpetual PoE, power to the connected power device remains uninterrupted even when the switch is rebooting. Perpetual PoE and fast PoE are independent of each other and can coexist. When you power cycle the switch, fast PoE is applicable, if enabled. When you reload the switch by using a Junos CLI reboot command, perpetual PoE is applicable, if enabled. [ See Understanding PoE on EX Series Switches.]
Layer 2 features	Support for Layer 2 features. [See Ethernet Switching User Guide, Security Services Administration Guide, and Spanning-Tree Protocols User Guide.] Use the `interface-name` and `ip-address` options to configure the management address on the switch. [See Configuring LLDP (CLI Procedure).] Support for Layer 2 multicast features. [See Multicast Overview and Understanding Multicast Snooping.]
Layer 3 features	Support for Layer 3 features and interior gateway protocols (OSPF, IS-IS, RIP, and ECMP) for IPv4. [See Understanding OSPF Configurations and BGP Overview.]
Network management and monitoring	Support for sFlow and for port mirroring and analyzers. [See sFlow Technology Overview and Port Mirroring and Analyzers.] Support for secure packet capture (PCAP) to Cloud using JTI. Use secure packet capture by including the /junos/system/linecard/packet-capture resource path using a Junos remote procedure call (RPC).
Resiliency	We support resiliency for platform components on EX4000 switches. Resiliency enables the system to monitor component health, alert you of errors, and take appropriate action to restore normal operation based on error severity. [See Resiliency.]
Routing Policy and Firewall Filters	Support for filter based forwarding. Support for policers (Single Rate Three Color Marker, Two Rate Three Color Marker). Firewall filter support for port, VLANs, and routed interfaces on ingress and egress. [See Routing Policies, Firewall Filters, and Traffic Policers User Guide
Security	Support for the following security features: DHCPv4 snooping Dynamic Address Resolution Protocol (ARP) inspection DHCP option 82 [See Security Services Administration Guide.]
Services Applications	RPM IPv4 traffic probe support with the tcp-ping, icmp-ping, icmp-ping-timestamp, udp-ping, and udp-ping-timestamp probe types. Probes use software timestamping only. [See Understanding Real-Time Performance Monitoring on EX and QFX switches.]
Software installation and upgrade	The EX4000 switches support the `request system firmware upgrade` command to upgrade firmware. [See request system firmware upgrade.] Support for PHC. [See Obtaining Configurations and Software Image Without User Intervention Using Phone-Home Client.] Support for ZTP. [See Zero Touch Provisioning.] Support for SZTP. [See Secure Zero Touch Provisioning and Generate Voucher Certificate.]
Virtual Chassis	You can interconnect individual switches to form a Virtual Chassis and then configure and manage the Virtual Chassis as one unit. You can interconnect up to six EX4000 switches (any EX4000 models) to form an EX4000 Virtual Chassis. The EX4000 line of switches will support Virtual Chassis from Junos OS Release 24.4R1-S2 onward.

New EX4100-H-12MP switch (EX Series)—The EX4100-H-12MP industrial ruggedized switch is a convection-cooled, fanless switch, with an operational temperature range of –40°C through 75°C under various conditions. You can install this temperature-hardened switch inside enclosures (indoor or outdoor) with proper airflow. The switches are manufactured to operate reliably under extended temperature ranges. Common deployment scenarios include smart cities and safe cities, transportation (outdoor or traffic signals), factory floors, and defense networks (outdoors with extended temperature range). The EX4100-H-12MP switches use the 340 W external AC and DC PSUs - you can connect a mix of AC and DC PSUs to the switch.

Table 2: EX4100-H-12MP Feature Support
Feature	Description
Access and authentication	Support for 802.1X authentication. [See 802.1X Authentication.] Support for captive portal authentication. [See Captive Portal Authentication.]
Chassis	Support for environment monitoring, chassis and systems alarm management. Monitoring of power entry modules (PEMs) and board temperature sensors. `N`+1 power redundancy, online insertion and removal (OIR), and use of different PSU types (AC/DC) as part of PSU management. Monitoring of temperature and humidity sensors. Red alarms are raised when the temperature crosses the set threshold. Red or yellow alarms are raised when humidity crosses the set thresholds. The system shuts down when the board temperature sensors cross the set threshold. Use the `show chassis environment` and `show chassis alarms` commands to check these alarms. SNMP support. Support for dry-contact alarm. [See EX4100-H Chassis.]
Class of Service (CoS)	Support for CoS configuration. [See Junos OS CoS for EX Series Switches Overview.]
EVPN	Support for EVPN-VXLAN group-based policies. You can use group-based policies (GBPs) for different levels of access control for endpoints and applications within the same VLAN. The switch also supports the GBP feature for locally switched traffic on VXLAN access ports. [See Micro and Macro Segmentation using Group Based Policy in a VXLAN.] Support for the following Layer 2 VXLAN gateway services in an EVPN-VXLAN network: 802.1X authentication, accounting, central web authentication (CWA), and captive portal CoS DHCPv4 and DHCPv6 snooping, dynamic Address Resolution Protocol (ARP) inspection (DAI), neighbor discovery inspection, IP and IPv6 source guard, and router advertisement (RA) guard (no multihoming) Firewall filters and policing Storm control, port mirroring, and MAC filtering [See EVPN Feature Guide.] Support for Layer 3 VXLAN gateway in EVPN-VXLAN centrally routed bridging (CRB) overlay or edge-routed bridging (ERB) overlay networks on standalone switches or Virtual Chassis. The switch supports the following features: Default gateway using IRB interfaces to route traffic between VLANs. [See Using a Default Layer 3 Gateway to Route Traffic in an EVPN-VXLAN Overlay Network.] IPv6 data traffic routed through an EVPN-VXLAN overlay network with an IPv4 underlay. [See Routing IPv6 Data Traffic through an EVPN-VXLAN Network with an IPv4 Underlay.] EVPN pure Type 5 routes. [See Understanding EVPN Pure Type-5 Routes.] The Virtual Chassis doesn’t support EVPN-VXLAN multihoming. You can use the standalone switch as an EVPN-VXLAN provider edge (PE) device in multihoming use cases. We support the following Layer 2 VXLAN gateway features in an EVPN-VXLAN network: Active/active multihoming Proxy ARP use and ARP suppression, and Neighbor Discovery Protocol (NDP) use and NDP suppression on non-IRB interfaces Ingress node replication for broadcast, unknown unicast, and multicast (BUM) traffic forwarding [See EVPN Feature Guide.]
Hardware	The EX4100-H-12MP has the following port configuration: Four PoE++ enabled and MACsec-enabled RJ-45 Ethernet ports that support 100-Mbps, 1-Gbps, and 2.5-Gbps speeds. Eight PoE++ enabled RJ-45 Ethernet ports that support 10-Mbps, 100-Mbps, and 1-Gbps speeds Two 1/10GbE SFP+ stacking/uplink ports Two 1/10GbE SFP+ MacSec-enabled uplink ports [See EX4100-H Hardware Guide .]
High availability and resiliency	Resiliency support for inter-integrated circuit (I2C), disk failure, and disk health. [See High Availability User Guide.]
Interfaces	Interfaces support. EX4100-H-12MP supports three PICs. The PIC speeds are as follows: PIC 0 with four 100-Mbps/1-Gbps/2.5-Gbps and eight 10-Mbps/100-Mbps/1-Gbps ports (downlink ports) PIC 1 with two 1GbE/10GbE ports PIC 2 with two 1GbE/10GbE ports (uplink ports) [See Port speed.] Perpetual and Fast PoE suport. EX4100-H-12MP supports PoE and PoE++. If you enable perpetual PoE, power to the connected power device remains uninterrupted even when the switch is rebooting. Perpetual PoE and fast PoE are independent of each other and can coexist. When you power cycle the switch, fast PoE is applicable, if enabled. When you reload the switch through a Junos CLI reboot command, perpetual PoE is applicable, if enabled. [See Understanding PoE on EX Series Switches.]
Junos telemetry interface	Stream data from a device to a collector using the basic Junos telemetry interface (JTI) infra sensors and new component environment sensors. Junos OS supports these new sensors: Relative humidity sensor /components/component[name='FPC0']/properties/property[name='moisture']/ Two input and one output dry contact sensors /components/component[name='FPC0']/properties/property[name='alarm-port-output0'] /components/component[name='FPC0']/properties/property[name='alarm-port-input0'] /components/component[name='FPC0']/properties/property[name='alarm-port-input1'] You can also display the dry contact and relative humidity information using the `show chassis environment` and `show chassis craft-interface` operational mode commands. For state sensors, see Junos YANG Data Model Explorer. For commands, see show chassis environment and show chassis craft-interface.
Layer 2 features	Support for Layer 2 features. [See Configuring Q-in-Q Tunneling and VLAN Q-in-Q Tunneling and VLAN Translation, Layer 2 Bridge Domains Overview, and Understanding Layer 2 Learning and Forwarding.] Support for Layer 2 multicast features. [See Multicast Overview and Understanding Multicast Snooping.] Use the `interface-name` and `ip-address` options to configure the management address on the switch. [See Configuring LLDP (CLI Procedure) .]
Layer 3 features	Support for Layer 3 features and interior gateway protocols (OSPF, IS-IS, RIP, and ECMP) for IPv4 and IPv6. [See Understanding OSPF Configurations and BGP Overview.]
MACsec	Support for Media Access Control Security (MACsec) in static connectivity association key (CAK) mode with GCM-AES-128, GCM-AES-256, GCM-AES-XPN-128, and GCM-AES-XPN-256 encryption. [See Configuring MACsec.]
Network management and monitoring	Support for the following Ethernet OAM link fault management (LFM) and CFM features: Monitor faults by using the continuity check message (CCM) protocol to discover and maintain adjacencies at the VLAN or link level. Discover paths and verify faults by using the Link Trace Message (LTM) protocol to determine the path taken from an endpoint to a destination MAC address. Isolate faults by using loopback messages. [See Ethernet OAM and CFM for Switches and OAM Link Fault Management.] Support for IEEE 802.1ag CFM on service provider interfaces and Q-in-Q (point-to-point) interfaces. [See Introduction to OAM Connectivity Fault Management (CFM).] Support for Juniper Mist Wired Assurance. You can automatically onboard and provision Juniper Networks EX4100-H-12MP switches to the Juniper Mist cloud by using a single activation code and provision the switch interfaces. [See Juniper AI-Driven Enterprise and Overview of EX Series Switches and the Juniper Mist Cloud.] Support for: Spanning-tree protocols. [See Spanning Tree Protocol Instances and Interfaces.] sFlow network monitoring technology. [See sFlow Monitoring Technology.] Local and remote port mirroring, and remote port mirroring to an IP address (GRE encapsulation). [See Port Mirroring and Analyzers.]
Software installation and upgrade	Support for DHCP option 43 suboption 8 to provide proxy server information in phone-home client. During the bootstrapping process, the phone-home client (PHC) can access the redirect server through a proxy server. The DHCP server uses DHCP option 43 suboption 8 to deliver the details of IPv4 and/or IPv6 proxy servers to the PHC. The DHCP daemon running on the target switch learns about the proxy servers in the initial DHCP cycle and then populates either the phc_vendor_specific_info.xml or the phc_v6_vendor-specific_info.xml file located in the /var/etc/ directory with the vendor-specific information. Obtaining Configurations and Software Image Without User Intervention Using Phone-Home Client Support for phone-home client (PHC). The PHC can securely provision an EX4100 Virtual Chassis without the need for user interaction. [See Provision a Virtual Chassis Using the Phone-Home Client.] Secure boot support to authenticate and verify the loaded software image while also preventing software-based attacks. [See Secure Boot.] Support ZTP. Use zero-touch provisioning (ZTP) to install or upgrade the software on your device with minimal manual intervention. [See Zero Touch Provisioning.] Support for SZTP. You can use RFC-8572-based secure zero-touch provisioning (SZTP) to bootstrap your remotely located network devices that are in a factory-default state. SZTP enables mutual authentication between the bootstrap server and the network device before the remote network device is accessed for initiating ZTP. To enable mutual authentication, you need a unique digital voucher, which is generated based on the DevID (Digital Device ID or Cryptographic Digital Identity) of the network device. The DevID is embedded inside the Trusted Platform Module (TPM) 2.0 chip on the network device. Juniper Networks issues a digital voucher to customers for each eligible network device. [See Secure Zero Touch Provisioning and Generate Voucher Certificate.]
Timing	Support for Precision Time Protocol (PTP) transparent clock. [See PTP Transparent Clocks.]
Uplink failure detection	Support for debounce interval configuration. You can configure the debounce interval, which is the time (in seconds) that elapses before the downlink interfaces are brought up after a state change of the uplink interfaces. You can configure the `debounce-interval` statement at the `[edit protocols uplink-failure-detection group group-name]` hierarchy level. [See Uplink Failure Detection.]
Virtual Chassis	Support for Virtual Chassis. [See Understanding EX Series Virtual Chassis.]

Higher PoE budget (EX4400)—With the introduction of the EX4400-48MXP and EX4400-48XP switches, we now support up to 3600W of PoE power. [See EX4400 Switch Hardware Guide].