Understanding Network Configuration Profiles
To support rapid network deployment, Junos Space Network Director enables you to define your network configuration in a set of profiles that you can apply to multiple objects in your network. For example, you can define a Port profile to set up class-of-service (CoS), authentication, firewall filters, and Ethernet switching settings that are appropriate for all access ports in your network that connect to employee desktop VoIP phones.
After you have defined a profile, you can associate it with devices in one of two ways:
By directly assigning it to a device (or to ports on the device). When you assign a profile to a device, you can configure certain device-specific parameters. For example, when you assign a VLAN profile to a device, you can configure the IP address for that VLAN on that device. Or when you assign a Port profile for a Layer 3 interface to the interface, you can configure the IP address for that interface.
By referencing the profile in another profile. Some profiles are not assigned directly to network devices—instead they are referenced from other profiles that are, in turn, assigned to network devices. For example, the settings in the CoS, Filter, and Authentication profiles are assigned indirectly to a port by the profiles being included in the Port profile.
Because a child profile might be a required setting in its parent profile, you must create the child profiles before you create the parent profiles. For example, to create a Port profile, create the profiles in this order:
Access, VLAN, CoS, and Filter profiles
Authentication
Network Director also includes six predefined Port profiles and one predefined CoS profile for EX Series switches. You can choose to apply the Port profiles to one or more ports of a single device or a group of devices, and the CoS profile to a Port profile (using an Authorization profile).
After you have created and included the child profiles in to parent profiles, you can assign these parent profiles at various levels in your wired networks. Table 1 shows the levels at which you can assign each of these parent profiles.
Name of the Profile |
EX Series Ethernet Switches |
QFX Series Switches |
|---|---|---|
Device Common Settings profile |
Device |
Device |
VLAN profile |
Device |
Device |
Port profile |
Port |
Port |
Fabric profile |
Not applicable |
Port |
FC Gateway Service |
Not applicable |
Port |
Local Switching VLAN profile |
Not applicable |
Not applicable |
mDNS profile |
Not applicable |
Not applicable |
Remote Sites profile |
Not applicable |
Not applicable |
Once you have assigned profiles to devicesor ports, you can view the profile associations in the Profiles Assigned to the Device page. For more information, see Viewing Profiles Assigned to a Device.
In addition to the profiles you create yourself, Network Director creates profiles for you from existing device configuration. Typically, you create profiles and associations manually when you are setting up a new network from scratch, adding a new device to your existing network, or when you want to make certain customized changes to the way your network is currently operating. Network Director creates profiles for you when:
You discover existing devices in your network. As part of device discovery, Network Director examines the configurations present in the discovered device or devices. If configurations match existing profiles, Network Director assigns the matching profiles to the appropriate levels on the devices. If configurations do not match existing profiles, Network Director creates the required profiles and associates them at the appropriate levels. For more information about device discovery, see Discovering Devices in a Physical Network.
Note:If Network Director fails to read the configuration of one or more devices after the device discovery, such devices are not displayed in the Assign Profile page. You will not be able to assign profiles to such devices. The Manage Jobs page in System mode displays details of the device discovery jobs. Use the information displayed on this page to take appropriate corrective steps to enable Network Director to reread the configuration of the failed device. For more information, see Troubleshooting Device Discovery Error Messages.
You first install Network Director and supported devices are already being managed by Junos Space. In this case, Network Director imports the device configurations into profiles the same way it does when you discover devices with Network Director.
You resynchronize the Network Director configuration with the device configuration in order to resolve out-of-band configuration changes—that is, configuration changes that are not made with Network Director. Out-of-band configuration changes result in the device configuration not matching or being in sync with the Network Director configuration for the device. When you resynchronize the Network Director configuration with the device configuration, Network Director creates and associates new profiles if none of the existing profiles match the changed configuration. For more information about resynchronization of device configuration, see Understanding Resynchronization of Device Configuration.
After a profile is created, you can edit it from the Manage Profile page by selecting the profile and clicking Edit. The only exception is when the profile that you want to edit is part of a job that is scheduled for deployment. When you schedule a deployment job, that job and any profiles assigned to that job are locked. You cannot edit the job or any of its assigned profiles until the job is completed or gets cancelled. For more information, see Deploying Configuration Changes.
When you delete a device in Network Director, the system deletes only the device and the profile associations. The profiles are retained in the system. If you rediscover the deleted devices into the system at a later stage, without making any configuration changes on the device, Network Director identifies this and reinstates the previous profile associations.