Hardware

• Support for 802.1X authentication. [See 802.1X Authentication.]

• Support for captive portal authentication. [See Captive Portal Authentication.]

Support for chassis management features, such as:

• PSU, fan, and temperature sensor monitoring.
• Power management for PSUs and fans. When one fan fails, the switch can function with the other fan until fire shutdown temperature is reached.
• Fan speed adjustment based on the temperature readings or values reported by sensors. The system initiates shutdown when the temperature exceeds the fire shutdown threshold.

[See show chassis temperature-thresholds.]

CoS

Support for the following ACL and Class of Service Features:

• Port ACLs (ingress and egress)

• VLAN ACLs (ingress and egress)

• Routed ACLs (ingress and egress)

• Filter based forwarding (FBF)

• Multi-Destination CoS

• CoS on interfaces, RVIs, LAGs

• L2 CoS (classification, rewrite, queuing)

• L3 CoS (classification, rewrite, queuing)

• Strict priority and low latency queuing

• Scheduled deficit weighted round robin (SDWRR) egress scheduling

• Policers (srTCM, trTCM)

[See Junos OS CoS for EX Series Switches Overview.]

DDoS

Support for distributed denial of service (DDoS) protection.

[See Control Plane Distributed Denial-of-Service (DDoS) Protection Overview.]

DHCP

• EX4000-12MP, EX4000-24MP, EX4000-48MP, EX4000-8P, EX4000-12P, EX4000-12T, EX4000-24P, EX4000-24T, EX4000-48P, and EX4000-48T support the following DHCP features:

  • DHCPv4 and DHCPv6 client

  • DHCPv4 and DHCPv6 server

  • DHCPv4 and DHCPv6 relay agent

[See DHCP User Guide.]

Hardware

The cloud-native, low-cost, enterprise-grade switches support the following components and cooling feature:

• Ports:

  • EX4000-12MP — 8x1G, 4x2.5G, PoE++ 60 W

  • EX4000-24MP — 20x1G, 4x2.5G, PoE++ 60 W

  • EX4000-48MP — 40x1G, 8x2.5G, PoE++ 60 W

  • EX4000-8P - 8x1G PoE+ 30 W

  • EX4000-12P - 12x1G PoE+ 30 W

  • EX4000-12T - 12x1G

  • EX4000-24P - 24x1G PoE+ 30 W

  • EX4000-24T - 24x1G

  • EX4000-48P - 48x1G PoE+ 30 W

  • EX4000-48T - 48x1G

• Virtual Chassis ports:

  • EX4000-12MP — Two 10G SFP+ (numbered 0 and 1)

  • EX4000-24MP — Two 10G SFP+ (numbered 0 and 1)

  • EX4000-48MP — Two 10G SFP+ (numbered 0 and 1)

  • EX4000-8P - Two 10G SFP+ uplink ports (numbered 2 and 3) that can be converted to Virtual Chassis ports using CLI.

  • EX4000-12P - Two 10G SFP+ (numbered 0 and 1)

  • EX4000-12T - Two 10G SFP+ (numbered 0 and 1)

  • EX4000-24P - Two 10G SFP+ (numbered 0 and 1)

  • EX4000-24T - Two 10G SFP+ (numbered 0 and 1)

  • EX4000-48P - Two 10G SFP+ (numbered 0 and 1)

  • EX4000-48T - Two 10G SFP+ (numbered 0 and 1)

• Uplink ports:

  • EX4000-12MP — Two 1G/10G SFP+ (numbered 2 and 3)

  • EX4000-24MP — Two 1G/10G SFP+ (numbered 2 and 3)

  • EX4000-48MP — Two 1G/10G SFP+ (numbered 2 and 3)

  • EX4000-8P — Two 1G RJ45 non-POE ports (numbered 0 and 1)

  • EX4000-12P - Two 1G/10G SFP+ (numbered 2 and 3)

  • EX4000-12T - Two 1G/10G SFP+ (numbered 2 and 3)

  • EX4000-24P - Two 1G/10G SFP+ (numbered 2 and 3)

  • EX4000-24T - Two 1G/10G SFP+ (numbered 2 and 3)

  • EX4000-48P - Two 1G/10G SFP+ (numbered 2 and 3)

  • EX4000-48T - Two 1G/10G SFP+ (numbered 2 and 3)

• Power supply

  • All the switches have internal fixed power supplies.

• Cooling

  • EX4000-12MP — Natural convection cooling, fanless.

  • EX4000-24MP — Two inbuilt fans

  • EX4000-48MP — Three inbuilt fans

  • EX4000-8P - Natural convection cooling, fanless.

  • EX4000-12P - Natural convection cooling, fanless.

  • EX4000-12T - Natural convection cooling, fanless.

  • EX4000-24P - Two inbuilt fans

  • EX4000-24T - One inbuilt fan

  • EX4000-48P – Three inbuilt fans

  • EX4000-48T - One inbuilt fan

Interfaces

• Port Speed on Network Interfaces:

  • EX4000-12MP, EX4000-24MP, and EX4000-48MP support two PICs each.

    • PIC 0 speed configuration on:

      • EX4000-12MP—Four 100-Mbps/1-Gbps/2.5-Gbps ports and eight 10-Mbps/100-Mbps/1-Gbps ports.

      • EX4000-24MP—Four 100-Mbps/1-Gbps/2.5-Gbps ports and twenty 10-Mbps/100-Mbps/1-Gbps ports.

      • EX4000-48MP—Eight 100-Mbps/1-Gbps/2.5-Gbps ports and forty 10-Mbps/100-Mbps/1-Gbps ports.

    • PIC 1 on all the three switches comprises of four 1-Gbps/10-Gbps ports.

  • Each of the EX4000-8port, EX4000-12port, EX4000-24port, and EX4000-48port models provide two fixed uplink ports supporting 1GbE or 10GbE SFP+ transceivers. In addition, the EX4000-12port, EX4000-24port, and EX4000-48port models include two additional 1GbE/10GbE SFP+ ports for Virtual Chassis connections. You can reconfigure these ports for use as network ports.

    The supported speeds for the EX4000 switch models are as follows:

    • EX4000-8P: 8 x 1GbE PoE+ ports;, 2 x 1GBaseT ports, and 2 x 1/10G SFP+ uplink ports

    • EX4000-12T: 12 x 1GbE non-PoE access ports; 2 x 1/10G SFP+ uplink ports; and 2 x 10G SFP+ VC ports.

    • EX4000-12P: 12 x 1 GbE PoE+ access ports, 2 x 1/10G SFP+ uplink ports, and 2 x 10G SFP+ VC ports

    • EX4000-12MP: 8 x 1GbE PoE++ access ports, 2 x 1/10G SFP+ uplink ports, and 2 x 10G SFP+ VC ports

    • EX4000-24T: 24 x 1GbE non-PoE access ports, 2 x 1/10G SFP+ uplink ports, and 2 x 10G SFP+ VC ports

    • EX4000-24P: 24 x 1GbE, PoE+ access ports, 2 x 1/10G SFP+ uplink ports, and 2 x 10G SFP+ VC ports

    • EX4000-24MP: 4 x 2.5 MGig access ports, 20 x 1GbE POE++ access ports, 2 x 1/10G SFP+ uplink ports, and 2 x 10G SFP+ VC ports

    • EX4000-48: 48 x 1GbE non-PoE access ports, 2 x 1/10G SFP+ uplink ports, and 2 x 10G SFP+ VC ports

    • EX4000-48P: 48 x 1GbE PoE+ access ports, 2 x 1/10G SFP+ uplink ports, 2 x 10G SFP+ VC ports

    • EX4000-48MP: 8 x 2.5 MGig, 40 x 1GbE PoE++ access ports, 2 x 1/10G SFP+ uplink ports and 2 x 10G SFP+ VC ports

  [See Port Speed and Network Interfaces for EX Series.]

• Perpetual and Fast PoE support— All the ports of EX4000-12MP, EX4000-24MP, EX4000-48MP, EX4000-24P, EX4000-48P, EX4000-8P, and EX4000-12P switches support PoE and PoE++.

  If you enable perpetual PoE, power to the connected power device remains uninterrupted even when the switch is rebooting. Perpetual PoE and fast PoE are independent of each other and can coexist. When you power cycle the switch, fast PoE is applicable, if enabled. When you reload the switch by using a Junos CLI reboot command, perpetual PoE is applicable, if enabled.

  [ See Understanding PoE on EX Series Switches.]

Layer 2 features

• Support for Layer 2 features.

  [See Ethernet Switching User Guide, Security Services Administration Guide, and Spanning-Tree Protocols User Guide.]

• Use the interface-name and ip-address options to configure the management address on the switch.

  [See Configuring LLDP (CLI Procedure).]

• Support for Layer 2 multicast features.

  [See Multicast Overview and Understanding Multicast Snooping.]

Layer 3 features

Support for Layer 3 features and interior gateway protocols (OSPF, IS-IS, RIP, and ECMP).

[See Understanding OSPF Configurations and BGP Overview.]

Network management and monitoring

• Port mirroring and analyzers, both local and remote.

  [See Port Mirroring and Analyzers.]

• sFlow support

  [See sFlow Technology Overview .]

• Support for secure packet capture (PCAP) to Cloud using JTI. Use secure packet capture by including the /junos/system/linecard/packet-capture resource path using a Junos remote procedure call (RPC).

Optics

Select your product in the Hardware Compatibility Tool to view supported transceivers, optical interfaces, and direct attach copper (DAC) cables for your platform or interface module. We update the HCT and provide the first supported release information when the optic becomes available

[See Hardware Compatibility Tool.]

Resiliency

We support resiliency for platform components on EX4000 switches. Resiliency enables the system to monitor component health, alert you of errors, and take appropriate action to restore normal operation based on error severity.

[See Resiliency.]

Routing Policy and Firewall Filters

• Support for filter based forwarding.

• Support for policers (Single Rate Three Color Marker, Two Rate Three Color Marker).

• Firewall filter support for port, VLANs, and routed interfaces on ingress and egress.

[See Routing Policies, Firewall Filters, and Traffic Policers User Guide

Security

• EX4000-12MP, EX4000-24MP, EX4000-48MP, EX4000-8P, EX4000-12P, EX4000-12T, EX4000-24P, EX4000-24T, EX4000-48P, and EX4000-48T support the following security features:

  • DHCP snooping (DHCPv4 and DHCPv6)

  • Dynamic Address Resolution Protocol (ARP) inspection

  • Neighbor discovery inspection

  • DHCP option 82

  • DHCPv6 option 18 and option 37

  • Lightweight DHCPv6 relay agent

  • Stateless address autoconfiguration (SLAAC) snooping

  • IPv6 Router Advertisement (RA) Guard

[See Security Services Administration Guide.]

Services Applications

RPM IPv4 traffic probe support with the tcp-ping, icmp-ping, icmp-ping-timestamp, udp-ping, and udp-ping-timestamp probe types. Probes use software timestamping only.

[See Understanding Real-Time Performance Monitoring on EX and QFX switches.]

Software installation and upgrade

• The EX4000 switches support the request system firmware upgrade command to upgrade firmware.

  [See request system firmware upgrade.]

• Support for PHC.

  [See Obtaining Configurations and Software Image Without User Intervention Using Phone-Home Client.]

• Support for ZTP.

  [See Zero Touch Provisioning.]

• Support for SZTP.

  [See Secure Zero Touch Provisioning and Generate Voucher Certificate.]

Virtual Chassis

From Junos 24.4R1-S2, EX4000 switches support virtual chassis.

[See Understanding EX Series Virtual Chassis.]

• Support for 802.1X authentication.

  [See 802.1X Authentication.]

• Support for captive portal authentication.

  [See Captive Portal Authentication.]

• Support for environment monitoring, chassis and systems alarm management. Monitoring of power entry modules (PEMs) and board temperature sensors.
• N+1 power redundancy, online insertion and removal (OIR), and use of different PSU types (AC/DC) as part of PSU management.
• Monitoring of temperature and humidity sensors. Red alarms are raised when the temperature crosses the set threshold. Red or yellow alarms are raised when humidity crosses the set thresholds. The system shuts down when the board temperature sensors cross the set threshold. Use the show chassis environment and show chassis alarms commands to check these alarms.
• SNMP support.
• Support for dry-contact alarm.

• 12V-only PSU support (EX4100-H-12MP)― From Junos 24.4R1-S2, the EX4100-H-12MP device supports a 12V-only power supply unit (PSU) for system power-on and normal operation, excluding PoE features. Junos OS monitors each PSU slot's feed status. Major CLI enhancements include:

  • New command set chassis fpc fpc_slot ignore-poe-feed-status to use a 12V-only third-party PSU and clear the Feed 54V not connected alarm.

  • show chassis environment displays PSU slot status.

  • show chassis environment pem displays individual power feeds.

  • show chassis power-budget-statistics displays the power budget based on available PSU PoE feeds.

  • show chassis hardware displays the PSU type.

[See 12-V Only Power Supply Unit Support for EX4100-H-12MP, EX4100-H Chassis, and temperature-sensor.]

Class of Service (CoS)

• Support for CoS configuration.

  [See Junos OS CoS for EX Series Switches Overview.]

• Support for EVPN-VXLAN group-based policies. You can use group-based policies (GBPs) for different levels of access control for endpoints and applications within the same VLAN. The switch also supports the GBP feature for locally switched traffic on VXLAN access ports.

  [See Micro and Macro Segmentation using Group Based Policy in a VXLAN.]

• Support for the following Layer 2 VXLAN gateway services in an EVPN-VXLAN network:

  • 802.1X authentication, accounting, central web authentication (CWA), and captive portal

  • CoS

  • DHCPv4 and DHCPv6 snooping, dynamic Address Resolution Protocol (ARP) inspection (DAI), neighbor discovery inspection, IP and IPv6 source guard, and router advertisement (RA) guard (no multihoming)

  • Firewall filters and policing

  • Storm control, port mirroring, and MAC filtering

  [See EVPN Feature Guide.]

• Support for Layer 3 VXLAN gateway in EVPN-VXLAN centrally routed bridging (CRB) overlay or edge-routed bridging (ERB) overlay networks on standalone switches or Virtual Chassis. The switch supports the following features:

  • Default gateway using IRB interfaces to route traffic between VLANs. [See Using a Default Layer 3 Gateway to Route Traffic in an EVPN-VXLAN Overlay Network.]

  • IPv6 data traffic routed through an EVPN-VXLAN overlay network with an IPv4 underlay. [See Routing IPv6 Data Traffic through an EVPN-VXLAN Network with an IPv4 Underlay.]

  • EVPN pure Type 5 routes. [See Understanding EVPN Pure Type-5 Routes.]

  The Virtual Chassis doesn’t support EVPN-VXLAN multihoming. You can use the standalone switch as an EVPN-VXLAN provider edge (PE) device in multihoming use cases. We support the following Layer 2 VXLAN gateway features in an EVPN-VXLAN network:

  • Active/active multihoming

  • Proxy ARP use and ARP suppression, and Neighbor Discovery Protocol (NDP) use and NDP suppression on non-IRB interfaces

  • Ingress node replication for broadcast, unknown unicast, and multicast (BUM) traffic forwarding

  [See EVPN Feature Guide.]

Hardware

• The EX4100-H-12MP has the following port configuration:

  • Four PoE++ enabled and MACsec-enabled RJ-45 Ethernet ports that support 100-Mbps, 1-Gbps, and 2.5-Gbps speeds.

  • Eight PoE++ enabled RJ-45 Ethernet ports that support 10-Mbps, 100-Mbps, and 1-Gbps speeds

  • Two 1/10GbE SFP+ stacking/uplink ports

  • Two 1/10GbE SFP+ MacSec-enabled uplink ports

• The EX4100-H-24MP has the following port configuration:

  • Eight PoE++ enabled RJ-45 Ethernet ports that support 100-Mbps, 1-Gbps, and 2.5-Gbps speeds

  • Sixteen PoE++ enabled RJ-45 Ethernet ports that support 10-Mbps, 100-Mbps, and 1-Gbps speeds

  • Four 1/10GbE SFP+ stacking/uplink ports

  • Four 1/10GbE SFP+ MacSec-enabled uplink ports

• The EX4100-H-24F has the following port configuration:

  • Twenty four 1 GbE SFP ports

  • Four 1/10GbE SFP+ stacking/uplink ports

  • Four 1/10GbE SFP+ MacSec-enabled uplink ports

[See EX4100-H Hardware Guide .]

High availability and resiliency

• Resiliency support for inter-integrated circuit (I2C), disk failure, and disk health.

  [See High Availability User Guide.]

Interfaces

• Network Interfaces Support -

  • EX4100-H-12MP supports three PICs. The PIC speeds are as follows:

    • PIC 0 with four 100-Mbps/1-Gbps/2.5-Gbps and eight 10-Mbps/100-Mbps/1-Gbps ports (downlink ports)

    • PIC 1 with two 1GbE/10GbE ports

    • PIC 2 with two 1GbE/10GbE ports (uplink ports)

    [See Port speed.]

  • EX4100-H-24MP and EX4100-H-24F support three PICs each, with the following speed configurations:

    • Twenty-four downlink ports (ports 0–23) on PIC 0:

      • EX4100-H-24MP—Eight 100-Mbps/1-Gbps/2.5-Gbps ports and sixteen 10-Mbps/100-Mbps/1-Gbps ports.

      • EX4100-H-24F—Twenty-four 100-Mbps/1-Gbps ports (10-Mbps, 100-Mbps, and 1-Gbps on tri-rate SFP optics).

    • Four stacking/network ports (ports 0–3) on PIC 1 that support 1-Gbps and 10-Gbps speeds.

    • Four uplink ports (ports 0–3) on PIC 2 that support 1-Gbps and 10-Gbps speeds.

    [See Network Interfaces for EX Series, Understanding HiGig and HGoE Modes in a Virtual Chassis, and Port Speed.]

• Perpetual and Fast PoE suport. EX4100-H supports PoE and PoE++. If you enable perpetual PoE, power to the connected power device remains uninterrupted even when the switch is rebooting. Perpetual PoE and fast PoE are independent of each other and can coexist. When you power cycle the switch, fast PoE is applicable, if enabled. When you reload the switch through a Junos CLI reboot command, perpetual PoE is applicable, if enabled.

  [See Understanding PoE on EX Series Switches.]

Junos telemetry interface

EX4100-H Series routers now allow subscription to the OpenConfig root resource path /state/chassis/ to export statistics for dry contact alarms and relative humidity sensors. The following paths are supported:

• For dry contact alarm sensors:

  • /state/chassis/modules/module[name='FPC 0']/fpm/alarm-port/input-port[index='0']/

  • /state/chassis/modules/module[name='FPC 0']/fpm/alarm-port/input-port[index='1']/

  • /state/chassis/modules/module[name='FPC 0']/fpm/alarm-port/output-port[index='0']/

• For humidity sensors: /state/chassis/modules/module[name='FPC 0']/environment/sensors/sensor[name='Humidity Sensor 1']/

For a complete list of sensors supported, see Junos YANG Data Model Explorer.

Layer 2 features

• Support for Layer 2 features.

  [See Configuring Q-in-Q Tunneling and VLAN Q-in-Q Tunneling and VLAN Translation, Layer 2 Bridge Domains Overview, and Understanding Layer 2 Learning and Forwarding.]

• Support for Layer 2 multicast features.

  [See Multicast Overview and Understanding Multicast Snooping.]

• Use the interface-name and ip-address options to configure the management address on the switch.

  [See Configuring LLDP (CLI Procedure) .]

Layer 3 features

• Support for Layer 3 features and interior gateway protocols (OSPF, IS-IS, RIP, and ECMP) for IPv4 and IPv6.

  [See Understanding OSPF Configurations and BGP Overview.]

MACsec

Support for Media Access Control Security (MACsec) in static connectivity association key (CAK) mode with GCM-AES-128, GCM-AES-256, GCM-AES-XPN-128 and GCM-AES-XPN-256 encryption.

[See Configuring MACsec.]

Network management and monitoring

• Support for the following Ethernet OAM link fault management (LFM) and CFM features:

  • Monitor faults by using the continuity check message (CCM) protocol to discover and maintain adjacencies at the VLAN or link level.

  • Discover paths and verify faults by using the Link Trace Message (LTM) protocol to determine the path taken from an endpoint to a destination MAC address.

  • Isolate faults by using loopback messages.

  [See Ethernet OAM and CFM for Switches and OAM Link Fault Management.]

• Support for IEEE 802.1ag CFM on service provider interfaces and Q-in-Q (point-to-point) interfaces.

  [See Introduction to OAM Connectivity Fault Management (CFM).]

• Support for Juniper Mist Wired Assurance. Juniper EX4100 Series switches can be automatically on-boarded to the Juniper Mist Cloud using a single activation code, and the switch interfaces automatically provisioned. This is part of Wired Assurance, which provides automated operations and enables the use of service level expectations (SLEs) for IoT devices, Juniper Mist access points, and other network devices.

  [See Juniper AI-Driven Enterprise and Overview of EX Series Switches and the Juniper Mist Cloud.]

• Support for:

  • Spanning-tree protocols. [See Spanning Tree Protocol Instances and Interfaces.]

  • sFlow network monitoring technology. [See sFlow Monitoring Technology.]

  • Local and remote port mirroring, and remote port mirroring to an IP address (GRE encapsulation). [See Port Mirroring and Analyzers.]

Software installation and upgrade

• Support for DHCP option 43 suboption 8 to provide proxy server information in phone-home client. During the bootstrapping process, the phone-home client (PHC) can access the redirect server through a proxy server. The DHCP server uses DHCP option 43 suboption 8 to deliver the details of IPv4 and/or IPv6 proxy servers to the PHC. The DHCP daemon running on the target switch learns about the proxy servers in the initial DHCP cycle and then populates either the phc_vendor_specific_info.xml or the phc_v6_vendor-specific_info.xml file located in the /var/etc/ directory with the vendor-specific information.

  Obtaining Configurations and Software Image Without User Intervention Using Phone-Home Client

• Support for phone-home client (PHC). The PHC can securely provision an EX4100 Virtual Chassis without the need for user interaction.

  [See Provision a Virtual Chassis Using the Phone-Home Client.]

• Secure boot support to authenticate and verify the loaded software image while also preventing software-based attacks.

  [See Secure Boot.]

• Support ZTP. Use zero-touch provisioning (ZTP) to install or upgrade the software on your device with minimal manual intervention.

  [See Zero Touch Provisioning.]

• Support for SZTP. You can use RFC-8572-based secure zero-touch provisioning (SZTP) to bootstrap your remotely located network devices that are in a factory-default state. SZTP enables mutual authentication between the bootstrap server and the network device before the remote network device is accessed for initiating ZTP.

  To enable mutual authentication, you need a unique digital voucher, which is generated based on the DevID (Digital Device ID or Cryptographic Digital Identity) of the network device. The DevID is embedded inside the Trusted Platform Module (TPM) 2.0 chip on the network device. Juniper Networks issues a digital voucher to customers for each eligible network device.

  [See Secure Zero Touch Provisioning and Generate Voucher Certificate.]

Timing

• Support for Precision Time Protocol (PTP) transparent clock.

  [See PTP Transparent Clocks.]

Uplink failure detection

• Support for debounce interval configuration. You can configure the debounce interval, which is the time (in seconds) that elapses before the downlink interfaces are brought up after a state change of the uplink interfaces.

  You can configure the debounce-interval statement at the [edit protocols uplink-failure-detection group group-name] hierarchy level.

  [See Uplink Failure Detection.]

Virtual Chassis

• Support for Virtual Chassis.

  [See Understanding EX Series Virtual Chassis.]