Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Recommendations

The following list of recommendations summarizes those recommendations covered throughout this document:

  • Check how you connect the WAN router to the EX Series Switch and what features it supports. When using a LAG between the two devices, features like active LACP and “force-up” will help you manage the attached EX Series Switch more effectively using in-band management.
  • Use switch templates for efficient configuration management. Configuration errors and unnecessary additional work can be avoided this way.
    • Use the template hierarchy from organization-level templates to site-level templates. Making changes to individual switches should be done as a last resort.
    • Rather than making change to individual switches, leverage the use of site variables for unique configuration settings within templates.
    • Do not duplicate templates to make unique configuration settings. Having many templates may cause you to lose sight over time. Leverage features like site variables and roles instead.
    • For added security we recommend either to disable unused ports or at least define and use a quarantine VLAN on all unused ports. Please review the example here.
  • When designing and using Virtual Chassis:
    • When designing Virtual Chassis, it is not recommended using the maximum of supported Virtual Chassis Members stated in the Virtual Chassis Overview (Juniper Mist) . Roughly cut the stated maximum members to a half. This is to avoid oversubscription of the bandwidth of the Virtual Chassis port (VCP) linkshave when building the Ring between the Virtual Chassis members.
    • Create and assign individual Templates for Virtual Chassis with the same amount of members. Avoid configuring the same port configurations on all kinds of sizes of Virtual Chassis. This helps the system to apply your configuration changes straight without needing to detect each time if Template specified ports are really avail in your local Virtual Chassis configuration.
    • All Virtual Chassis configurations should be done via the Mist-Cloud and the Modify Virtual Chassis-dialogue. CLI or Additional CLI should not be used for managing a Virtual Chassis.
  • Juniper recommends enabling the protection of the Routing Engine .
  • When needing to decide how to manage port configuration dynamically:
    • Assigning VLANs and filters via RADIUS/NAC infrastructure is the recommended approach. Especially for those customers using Juniper Mist Access Assurance.
    • Using Dynamic Port Configuration is less preferred.
  • When using Dynamic Port Configuration:
    • Avoid matching by MAC-Address if the device supports LLDP.
    • Don’t match by MAC-Address if ports are enabled with dot1x.
    • The use of a Filter-Id should be avoided. Usually there is no need to do that if the ports are dot1x enabled a one can apply a dynamic VLAN via RADIUS.
    • Avoid a high number of port flaps for a DPC-configured port.
    • Refer switch insights to ascertain the individual configuration is applied.
  • Try to avoid using additional Junos OS CLI commands if possible.
  • For the recommended version for Juniper products, see Recommended Junos OS Releases.