Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Junos OS JSRC Feature Guide for Subscriber Services

keyboard_arrow_up
{ "lCode": "en_US", "lName": "English", "folder": "en_US" }
English
 

Configuring a Single Site

date_range 18-Jun-18

You can specify the underlay configuration of a hub device or site by using the Configure Site feature on the Site Management page.

You can also configure an SD-WAN on-premise spoke site using dual CPE devices. The workflow to configure a site with dual CPE devices is similar to single CPE device. You need at least one WAN link per CPE to act as a OAM_AND_DATA for redundancy, so that the individual nodes establish connectivity with CSO.

You must provide the serial number and the activation code for both the primary and the secondary devices.

To configure a site:

  1. Select a site and click the Configure Site button .

    The Configure Site Site Name page is displayed.

  2. Complete the configuration settings according to the guidelines provided in Table 1, and Table 2.

    Table 1: Fields on the Configure On-Premise Hub Site Page

    Field

    Description

    Site Type

    Displays the site type as hub.

    Management Region

    Displays the regional server with which the CPE device communicates based on the information in the device template. This field cannot be modified.

    Selected Plan

    Displays the connection plan that you selected when you created the site. This field cannot be modified.

    Hub Multihoming

    Displays whether multihoming was enabled or disabled on the site during the creation of the site. This field cannot be modified.

    Configuration Based on the site requirements, the following fields are displayed.

    Connectivity

    Primary Hub Site

    Select the primary hub site to which the spoke site must connect.

    Secondary Hub Site

    Select the secondary hub site to which the spoke site must connect. In case of multihoming, a single spoke site can connect to more than one hub site.

    Management Connectivity

    OAM Traffic Information

    Enable Operation, Administration, and Maintenance (OAM) traffic information to specify the IP prefix for the site management network.

    IP Prefix

    Enter an IP address prefix for the cloud hub site’s management network. You can specify an IPv4 or IPv6 address.

    Example: 192.0.2.10/24

    WAN_0, WAN_1, WAN_2, WAN_3

    WAN Interface

    Displays the interface name configured in the device profile. This field cannot be modified.

    Link Type

    Displays the link type (MPLS or Internet) configured in the device profile. This field cannot be modified.

    Use for Fullmesh

    Click the toggle button to specify that the WAN link is part of fullmesh or partial-mesh topology.

    Connects To Hubs

    Click the toggle button to specify that the WAN link of the spoke site connects to a hub.

    Address Assignment

    Select the method of IP address assignment. Select DHCP to assign IP addresses by using a DHCP sever or Static to assign a static IP address.

    Traffic Type

    Select the traffic type. You specify whether you want to use the WAN link to transmit only data traffic(DATA_ONLY) or both management traffic and data traffic (OAM_AND_DATA).

    You must select the traffic type as OAM_and_DATA when you configure a site with dual CPE devices. You need atleast one WAN link per CPE device to act as a OAM_AND_DATA for redundancy.

    Data VLAN ID

    Enter the VLAN ID that is associated with the data link. A data VLAN identifier is an integer in the range 0–4095.

    Local Breakout

    Displays whether local breakout was enabled on the WAN link during creation of the site. This field cannot be modified.

    If the WAN link is selected to be used for only local breakout traffic, then the Overlay Tunnel section is not displayed.

    Autocreate Source NAT Rule

    Select this option to enable interface-based source NAT on the WAN link.

    Note: If this option is enabled for a WAN interface W1 during the site creation workflow, a series of NAT source rules are automatically created. Each automatically created NAT rule is from a zone to the WAN interface, with a translation of type interface. Each pair of [zone - interface] represents a rule-set.

    For example, the following zone to W1 interface rule-set might be created:

    Zone1 --> W1: Translation=Interface

    Zone2 --> W1: Translation=Interface

    Zone3 --> W1: Translation=Interface

    To manually override any of these rules, you can create a NAT rule within a particular rule-set. For example, to use a source NAT pool instead of an interface for translation, create a NAT rule within this particular rule-set, that includes the relevant zone and WAN interface as the source and destination. For example:

    Zone1 --> W1 : Translation=Pool-2

    The manually created NAT rule is placed at a higher priority than the corresponding automatically created NAT rule.

    You can also add other fields (such as addresses, ports, protocols, and so on) as part of the source or destination endpoints. For example:

    Zone1, Port 56578 --> W1: Translation=Pool-2

    Overlay Tunnel

    Tunnel Type

    Select the tunnel type—GRE or GRE over IPsec.

    Peer Device

    Displays the hub device to which the site is connected.

    Interface Name

    Select the interface name of the hub device to which the MPLS or Internet link is connected.

    Advanced Configuration

    Name Servers

    Specify the IP addresses of one or more DNS name servers.

    Example: 192.0.2.15

    NTP Servers

    Specify the FQDNs or IP addresses of one or more NTP servers.

    Example: ntp.example.net

    Time Zone

    Specify the time zone for your NTP Server.

    Example: UTC

    Devices

    Assign CPE Devices

    Device Redundancy

    Displays whether CPE device redundancy is enabled or disabled for an SD-WAN on-premise spoke site.

    Primary Device Serial Number

    Enter the serial number of the primary CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive.

    Primary Device Activation Code

    Enter the activation code of the primary device that your service provider supplied for the device.

    Note: If you do not want to specify an activation code, on the Resources > Device Templates > Template Settings page, disable the ACTIVATION_CODE_ENABLED field and save the changes.

    Secondary Device Serial Number

    Enter the serial number of the secondary CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive.

    Secondary Device Activation Code

    Enter the activation code of the secondary device that your service provider supplied for the device.

    Note: If you do not want to specify an activation code, on the Resources > Device Templates > Template Settings page, disable the ACTIVATION_CODE_ENABLED field and save the changes.

    Boot Image

    (Optional) If you want to upgrade the device image for an SRX Series or an NFX Series device, select the boot image from the list. The boot image is the device image that was previously uploaded to the image management system. The boot image is used to upgrade the device when the CSO starts the ZTP process. If the boot image is not provided, then the device skips the automatic upgrade procedure. The boot image (NFX or SRX) is populated based on the connection profile that you have selected while creating a site. See Uploading a Device Image.

    Table 2: Fields on the Configure On-Premise Spoke Site Page

    Field

    Description

    Site Type

    Displays the site type.

    Management Region

    Displays the regional server with which the CPE device communicates based on the information in the device template. This field cannot be modified.

    Selected Plan

    Displays the connection plan that you selected when you created the site. This field cannot be modified.

    Device Model

    Select a device model from the list. Device models are listed based on the connection plan that you selected while creating the site.

    For example, if the connection plan that you selected is NFX150 as SD-WAN CPE, the Device Model field lists NFX150 models only.

    Hub Multihoming

    Displays whether multihoming was enabled or disabled on the site during the creation of the site. This field cannot be modified.

    Configuration Based on the site requirements, the following fields are displayed.

    Connectivity

    Primary Hub Site

    Select the primary hub site to which the spoke site must connect.

    Secondary Hub Site

    Select the secondary hub site to which the spoke site must connect. In case of multihoming, a single spoke site can connect to more than one hub site.

    PPPoE Settings

    Username

    Specify the username for the CPE device.

    Password

    Specify the password for the CPE device.

    Management Connectivity

    OAM Traffic Information

    Enable Operation, Administration, and Maintenance (OAM) traffic information to specify the IP prefix for the site management network.

    IP Prefix

    Specify one or more prefixes for the site management network.

    Example: 192.0.2.16/24

    WAN_0, WAN_1, WAN_2, WAN_3

    WAN Interface

    Displays the interface name configured in the device profile. This field cannot be modified.

    Link Type

    Displays the link type (MPLS or Internet) configured in the device profile. This field cannot be modified.

    Use for Fullmesh

    Click the toggle button to specify that the WAN link is part of fullmesh or partial-mesh topology.

    Connects To Hubs

    Click the toggle button to specify that the WAN link of the spoke site connects to a hub.

    Address Assignment

    Select the method of IP address assignment. Select DHCP to assign IP addresses by using a DHCP sever or Static to assign a static IP address.

    Traffic Type

    Select the traffic type. You specify whether you want to use the WAN link to transmit only data traffic(DATA_ONLY) or both management traffic and data traffic (OAM_AND_DATA).

    You must select the traffic type as OAM_and_DATA when you configure a site with dual CPE devices. You need atleast one WAN link per CPE device to act as a OAM_AND_DATA for redundancy.

    Use for OAM Traffic

    Click the toggle button to enable the WAN interface for transmitting OAM traffic. This WAN interface is used to establish the OAM tunnel. By default, this option is enabled for the first two WAN links.

    Data VLAN ID

    VLAN ID associated with the WAN link.

    Local Breakout

    Displays whether local breakout was enabled on the WAN link during creation of the site. This field cannot be modified.

    If the WAN link is selected to be used for only local breakout traffic, then the Overlay Tunnel section is not displayed.

    Autocreate Source NAT Rule

    Select this option to enable interface-based source NAT on the WAN link.

    Note: If this option is enabled for a WAN interface W1 during the site creation workflow, a series of NAT source rules are automatically created. Each automatically created NAT rule is from a zone to the WAN interface, with a translation of type interface. Each pair of [zone - interface] represents a rule-set.

    For example, the following zone to W1 interface rule-set might be created:

    Zone1 --> W1: Translation=Interface

    Zone2 --> W1: Translation=Interface

    Zone3 --> W1: Translation=Interface

    To manually override any of these rules, you can create a NAT rule within a particular rule-set. For example, to use a source NAT pool instead of an interface for translation, create a NAT rule within this particular rule-set, that includes the relevant zone and WAN interface as the source and destination. For example:

    Zone1 --> W1 : Translation=Pool-2

    The manually created NAT rule is placed at a higher priority than the corresponding automatically created NAT rule.

    You can also add other fields (such as addresses, ports, protocols, and so on) as part of the source or destination endpoints. For example:

    Zone1, Port 56578 --> W1: Translation=Pool-2

    Overlay Tunnel

    Tunnel Type

    Select the tunnel type—GRE or GRE over IPsec.

    Peer Device

    Displays the hub device to which the site is connected.

    Interface Name

    Select the interface name of the hub device to which the MPLS or Internet link is connected.

    Advanced Configuration

    Name Servers

    Specify the IP addresses of one or more DNS name servers.

    Example: 192.0.2.15

    NTP Servers

    Specify the FQDNs or IP addresses of one or more NTP servers.

    Example: ntp.example.net

    Time Zone

    Specify the time zone for your NTP Server.

    Example: UTC

    Devices

    Assign CPE Devices

    Device Redundancy

    Displays whether CPE device redundancy is enabled or disabled for an SD-WAN on-premise spoke site.

    Primary Device Serial Number

    Enter the serial number of the primary CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive.

    Primary Device Activation Code

    Enter the activation code of the primary device that your service provider supplied for the device.

    Note: If you do not want to specify an activation code, on the Resources > Device Templates > Template Settings page, disable the ACTIVATION_CODE_ENABLED field and save the changes.

    Secondary Device Serial Number

    Enter the serial number of the secondary CPE device. You can use a unique string of alphanumeric characters. The maximum length is 64 characters. Serial numbers are case-sensitive.

    Secondary Device Activation Code

    Enter the activation code of the secondary device that your service provider supplied for the device.

    Note: If you do not want to specify an activation code, on the Resources > Device Templates > Template Settings page, disable the ACTIVATION_CODE_ENABLED field and save the changes.

    Boot Image

    (Optional) Select the boot image from the drop-down list. The boot image is the device image that was previously uploaded to the image management system through the “Images” page. The boot image is used to upgrade the device when the CSO starts the ZTP process. If the boot image is not provided, then the device skips the automatic upgrade procedure. See Uploading a Device Image.

  3. Click OK.

Related Documentation

footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top