Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation EX4000 EX4000 Switch Hardware Guide Installation and Configuration

EX4000 Switch Hardware Guide

keyboard_arrow_up
close
keyboard_arrow_left
EX4000 Switch Hardware Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Configure Junos OS on an EX4000 Switch

date_range 19-Feb-25
arrow_backward
arrow_forward

EX4000 Default Configuration

Each EX Series switch is programmed with a factory default configuration that contains the values set for each configuration parameter when the switch is shipped. The default configuration file sets values for system parameters such as syslog and commit, configures Ethernet switching on all interfaces, enables IGMP snooping, and enables the LLDP and RSTP protocols.

Note:

  • The factory default configuration file has more interfaces for models that have more ports.

  • The poe statement does not appear for models without PoE+ ports.

  • You can use to ignore management link alarm as part of factory default configuration.

  • set chassis alarm management-ethernet link-down ignore stanza is present by default under factory default configuration to ignore management link alarm. If required, you can delete this configuration to be notified for management link alarm.

When you commit changes to the configuration, a new configuration file is created. This file becomes the active configuration. You can always revert to the factory-default configuration. See Revert to the Default Factory Configuration on an EX Series Switch.

The following is the factory-default configuration file for an EX4000-48MP switch:

content_copy zoom_out_map
system {
    commit {
        factory-settings {
            reset-chassis-lcd-menu;
        }
    }
    services {
        netconf {
            ssh;
            rfc-compliant;
            yang-compliant;
        }
        ssh;
    }
    auto-snapshot;
    phone-home {
        server https://redirect.juniper.net;
        rfc-compliant;
    }
}
chassis {
    redundancy {
        graceful-switchover;
    }
}
alarm {
    management-ethernet {
        link-down ignore;
    }
}
interfaces {
    mge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    mge-0/0/1 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    mge-0/0/2 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    mge-0/0/3 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    mge-0/0/4 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    mge-0/0/5 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    mge-0/0/6 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    mge-0/0/7 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/8 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/9 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/10 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/11 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/12 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/13 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/14 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/15 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/16 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/17 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/18 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/19 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/20 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/21 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/22 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/23 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/24 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/25 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/26 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/27 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/28 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/29 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/30 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/31 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/32 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/33 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/34 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/35 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/36 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/37 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/38 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/39 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/40 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/41 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/42 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/43 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/44 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/45 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/46 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/0/47 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    xe-0/1/2 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/1/2 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    xe-0/1/3 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    ge-0/1/3 {
        unit 0 {
            family ethernet-switching {
                storm-control default;
            }
        }
    }
    irb {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
    vme {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
}
forwarding-options {
    storm-control-profiles default {
        all;
    }
}
protocols {
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
    igmp-snooping {
        vlan default;
    }
    rstp {
        interface all;
    }
}
poe {
    interface all;
}
vlans {
    default {
        vlan-id 1;
        l3-interface irb.0;
    }
}

Connect and Configure an EX4000 Switch

Before you connect and configure an EX4000 switch, set the following parameter values on the console server or PC:

  • Baud Rate—9600

  • Data—8

  • Flow Control—None

  • Parity—None

  • Stop Bits—1

  • DCD State—Disregard

Ensure that you have the following parts and tools available:

  • An Ethernet cable with an RJ-45 connector attached (not provided)

  • An RJ-45 to DB-9 serial port adapter (not provided)

  • A laptop or PC, with a serial port (not provided)

Note:

We no longer include the RJ-45 console cable with the DB-9 adapter as part of the device package. If the console cable and adapter are not included in your device package, or if you need a different type of adapter, you can order the following separately:

  • RJ-45 to DB-9 adapter (JNP-CBL-RJ45-DB9)

  • RJ-45 to USB-A adapter (JNP-CBL-RJ45-USBA)

If you want to use RJ-45 to USB-A you must have X64 (64-Bit) Virtual COM port (VCP) driver installed on your PC. See, https://ftdichip.com/drivers/vcp-drivers/ to download the driver.

Have the following information available before you configure custom settings for the switch:

  • Root password

  • IP address of the default gateway

  • IP address of the management port

  • IP address of a DNS server

  • (Optional) Hostname

  • (Optional) IP address of a backup router

  • (Optional) SNMP read community, location, and contact to configure SNMP parameters

  • (Optional) Static routes to remote subnets with access to the management port

  • (Optional) Static routes to remote prefixes with access to the management port

An EX4000 switch is shipped with Junos OS preinstalled and ready to be configured when the switch is powered on. You must perform the initial configuration of the switch through the console port (labeled CON) on the rear panel of the switch by using the CLI.

This procedure describes how to perform the initial configuration on the switch and connect it to the network. For complete information about enabling the switch to forward traffic, including examples, see the Junos OS configuration guides.

To perform the initial configuration on the switch and connect it to the network:

  1. Power the switch on.
  2. Connect the console port (labeled CON) on the rear panel of the switch to a management host such as a laptop or PC by using an RJ-45-to-DB-9 serial port adapter.
  3. At the Junos OS login prompt, type root to log in. You don't need to enter a password. If the software booted before you connected the console port, you might need to press the Enter key for the prompt to appear.
    content_copy zoom_out_map
    login: root
  4. Start the CLI.
    content_copy zoom_out_map
    root@:RE:0% cli
root>
  5. Enter configuration mode.
    content_copy zoom_out_map
    root> configure
[edit]
root#
  6. Add a password to the root administration user account. Enter a clear-text password, an encrypted password, or an SSH public key string.
    content_copy zoom_out_map
    [edit]
root# set system root-authentication plain-text-password
New password: password
Retype new password: password

    or

    content_copy zoom_out_map
    [edit]
root# set system root-authentication encrypted-password encrypted-password

    or

    content_copy zoom_out_map
    [edit]
root# set system root-authentication ssh-ecdsa public-key

    or

    content_copy zoom_out_map
    [edit]
root# set system root-authentication ssh-ed25519 public-key

    or

    content_copy zoom_out_map
    [edit]
root# set system root-authentication ssh-rsa public-key
  7. (Optional) Configure the hostname of the switch. If the name includes spaces, enclose the name in double quotation marks (“ ”).
    content_copy zoom_out_map
    [edit]
root# set system host-name host-name
  8. (Optional) Create a user account.
    content_copy zoom_out_map
    [edit]
root# set system login user user-name authentication plain-text-password
New password: password
Retype new password: password
  9. (Optional) Set the user account class to super-user.
    content_copy zoom_out_map
    [edit]
root# set system login user user-name class super-user
  10. (Optional) Configure the domain name of the switch.
    content_copy zoom_out_map
    [edit]
root# set system domain-name domain-name
  11. Configure the default gateway.
    content_copy zoom_out_map
    [edit]
root# set routing-options static route 0/0 next-hop address
  12. Configure the IP address and prefix length for the management interface on the switch.
    content_copy zoom_out_map
    [edit]
root# set interfaces vme unit 0 family inet address  address/prefix-length
    Note:

    The management port vme (labeled MGMT) is located on the rear panel of the switch.

  13. (Optional) Configure the IP address of a backup router, which is used only while the routing protocol is not running.
    content_copy zoom_out_map
    [edit]
root# set system backup-router address
  14. Configure the IP address of a DNS server.
    content_copy zoom_out_map
    [edit]
root# set system name-server address
  15. (Optional) Configure the static routes to remote subnets with access to the management port. Access to the management port is limited to the local subnet.
    content_copy zoom_out_map
    [edit]
root# set routing-options static route remote-subnet next-hop destination-IP retain no-readvertise
  16. (Optional) Configure the static routes to remote prefixes with access to the management port.
    content_copy zoom_out_map
    [edit]
root# set routing-options static route remote-prefix next-hop destination-IP retain no-readvertise
  17. Configure the SSH service.
    content_copy zoom_out_map
    [edit]
root# set system services ssh root-login allow
  18. Configure in-band management or out-of-band management:

    • With in-band management, you can configure a network port interface as the management interface and connect it to the management device. In this scenario, you can do either of the following:

      • Use the automatically created VLAN named default for management of all data interfaces as members of the default VLAN. Specify the management IP address and the default gateway.

      • Create a new management VLAN. Specify the VLAN name, VLAN ID, management IP address, and default gateway. Select the ports that must be part of this VLAN.

    • With out-of-band management, you use a dedicated management channel (MGMT, C0, or C1 port) to connect to the management device. Specify the IP address and gateway of the management interface. Use this IP address to connect to the switch.

  19. (Optional) Specify the SNMP read community, location, and contact to configure SNMP parameters.
  20. (Optional) Specify the system date and time. Select the time zone from the list. The configured parameters are displayed.
  21. Enter yes to commit the configuration. The configuration is committed as the active configuration for the switch.
  22. (Optional) Configure additional properties by adding the necessary configuration statements.
  23. Commit the configuration to activate it on the switch.
    content_copy zoom_out_map
    [edit]
root# commit
  24. When you have finished configuring the switch, exit configuration mode.
    content_copy zoom_out_map
    [edit]
root@switch# exit
root@switch>

You can now log in by using the CLI and continue configuring the switch.

Revert to the Default Factory Configuration on an EX Series Switch

With EX Series switches, if for any reason the current active configuration fails, you can revert to the factory-default configuration.

You can also roll back to a previous configuration, as described in Rolling Back Junos OS Configuration Changes, or revert to the rescue configuration, as described in Reverting to the Rescue Configuration for the EX Series Switch.

Note:

Rescue configuration not saved alarm will not be reported on EX4000 switches.

Tip:

If you have lost the root password, it is not necessary to revert to the factory-default configuration to reset it. See Recovering the Root Password on Switches.

The factory-default configuration contains the basic configuration settings for the switch. This is the first configuration of the switch and is loaded when the switch is first powered on. For the factory-default configuration file for your switch, see the hardware documentation for your switch.

You can revert to the factory-default configuration by using the request system zeroize operational command or the load factory-default configuration command to revert to the factory-default configuration file that contains all default settings.

These procedures are described in the following sections:

Revert to the EX Series Switch Factory-Default Configuration Using the request system zeroize Command

The request system zeroize command is a standard Junos OS operational mode command that removes all configuration information and resets all key values. The operation unlinks all user-created data files, including customized configuration and log files, from their directories. The switch then reboots and reverts to the factory-default configuration.

To completely erase user-created data so that it is unrecoverable, use the request system zeroize media command.

CAUTION:

Before issuing request system zeroize, use the request system snapshot command to back up the files currently used to run the switch to a secondary device. Using the zeroize command will destroy Junos and OAM partitions, and the switch may not boot. To recover from a failed software installation, see Recovering from a Failed Software Installation.

To revert to the factory-default configuration by using the request system zeroize command:

  1. content_copy zoom_out_map
    user@switch>request system zeroize warning: System will be rebooted and may not boot without configuration
Erase all data, including configuration and log files?. In case of Dual RE system, both Routing Engines will be zeroized [yes,no] (no)
  2. Type yes to remove configuration and log files and revert to the factory-default configuration.
    Note:

    The auto-image-upgrade statement is added under the [edit chassis] hierarchy level when you use this procedure. The automatic image upgrade feature is then available on the switch.

Revert to the EX Series Switch Factory-Default Configuration Using the load factory-default Command

The load factory-default command is a standard Junos OS configuration command that replaces the current active configuration with the factory-default configuration except the root password setting. By default, the root password is not set; you must set it to commit the new configuration in this procedure.

To revert to the factory-default configuration by using the load factory-default command:

Note:

If you use this procedure, you must delete the system commit factory settings, set the root password, and commit the configuration. These steps are not required when you revert to the factory-default configuration by using request system zeroize. Also, the auto-image-upgrade statement is not added to the configuration when you use this procedure; it is added to the configuration when you use request system zeroize.

  1. [edit] user@switch# load factory-default
  2. [edit] user@switch# delete system commit factory-settings
  3. [edit] user@switch# set system root-authentication plain-text-password
  4. [edit] user@switch# commit

Revert to the EX Series Switch Factory-Default Configuration or Zeroize the Switch Using Pin Hole Reset Button

You can use the Pin Hole Reset button on the front panel of EX4000 switches to revert the switch to factory default configuration or zeroize the switch.

To revert the switch to factory default configuration or zeroize the switch:

  1. To revert the switch to factory default configuration - press the Pin Hole Reset button for more than 5 seconds and less than 10 seconds and release it to trigger the factory reset.

    On the console screen, factory reset messages is displayed. Additional indication is provided by the SYS LED which turn blue color for few seconds and then color is restored depending on the status of switch.

  2. To zeroize the switch - press the Pin Hole Reset button for more than 10 seconds and release it to trigger zeroize.

    To indicate users of zeroize operation, SYS Led will turn purple to indicate zeroize is triggered and once switch reboots as part of zeroize process, SYS Led will start blinking to indicate the same. After the operation, color of SYS LED is restored depending on the status of the switch.

See Also

arrow_backward PREVIOUS Connect the EX4000 Switch to the Network
NEXT arrow_forward Maintain Fiber-Optic Cables
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top