- play_arrow Switch Configuration
- Switch Configuration Overview (Mist)
- Onboard Switches to Mist Cloud
- Configure Switches
- Switch Configuration Options
- Configure BGP on Switches via Mist
- Configure Routing Policies on Switches via Mist
- Protection of Routing Engine
- QoS Configuration
- Configure SNMP on Switches
- Configure DHCP Server or Relay on a Switch
- Configure Bridge Priority on Switches via Mist
- OSPF Configuration for Switches
- Manage or Update Configuration Settings
- Upgrade Junos OS Software on Your Switch
- Create Recovery Snapshot for a Switch
- Assign a Role to Switches
- Locate a Switch by LED
- Replace a Switch
- Disable Remote Shell Access to Switches and Gateway Devices
- Connect a Switch to Mist Cloud via a Proxy Server Using Cloudx
- Configure the System Log
- Release a Switch from Inventory
- play_arrow Switch Dashboards
- play_arrow Virtual Chassis Configuration
- play_arrow Campus Fabric Configuration
- play_arrow Wired Service Levels
- play_arrow Troubleshooting
- play_arrow Appendix
Port Profiles Overview
Port profiles provide a convenient way to manually or automatically provision switch interfaces. Mist supports the following two types of port profiles based on how a profile is assigned to a port:
Static port profiles—A static port profile is the profile that is manually assigned to a specific switch port. These profiles are used for static provisioning of switch ports.
Dynamic port profiles—Dynamic port profiles help the switch port detect the device connected to it by using the port assignment rules configured and assign a matching profile to the port dynamically. Dynamic port profiles are used for autoprovisioning of switch ports (colorless ports).
- System-defined port profiles—By default, Juniper Mist provides you with system-defined port profiles that are preconfigured for you. These work the same way regular port profiles do, except these are available for you to use if you do not want to configure your own. The system-defined port profiles provided by Mist are as follows: ap, iot, uplink, default, and disabled.
Static Port Profiles
The static port profile assignment involves two steps - configuring a port profile and assigning it manually to a specific switch port. You can configure port profiles from the Port Profiles tile on the switch template or the switch details page. You can manually assign the profile to a port from the Port Config tab in the Select Switches section of the switch template, or from the Port Configuration section on the switch details page.
Video 1: Port Profiles
Dynamic Port Profiles
Dynamic port profiles enable you to configure rules for dynamically assigning port profiles to an interface. When a user connects a client device to a switch port with dynamic profile configuration, the switch identifies the device and assigns a suitable port profile to the port. Dynamic port profiling utilizes a set of device properties of the client device to automatically associate a preconfigured port and network setting to the interface. You can configure a dynamic port profile based on the various parameters such as LLDP name and MAC address.
Dynamic port configuration involves two steps:
- Set up dynamic port configuration (DPC) rules for automatically assigning port
profiles. Here's an example of a rule that automatically assigns the port
profile 'AP' to a Mist AP. As per this rule, when the port identifies a device
with a chassis ID that starts with D4:20:B0 or D4:21:B1, it assigns the 'AP'
profile to the connected device.
For more information, see the Dynamic Port Configuration step in Configure Switches.
Note: If you use multiple values in the If text starts with field in a DPC rule, separate them with commas and ensure that they all have the same length. If any value differs in length, you must create a separate rule for it. Specify the ports that you want to function as dynamic ports. You can do this by selecting the Enable Dynamic Configuration check box on the Port Config tab in the Select Switches section of the switch template. You can also do this at the switch level, from the Port Configuration section on the switch details page.
We recommend that you create a restricted network profile that can be assigned to unknown devices when connected to the switch ports enabled with dynamic port configuration. In the above example, the port is enabled with dynamic port configuration and is assigned with a restricted VLAN. In this case, if the connected device doesn't match the dynamic profiling attributes, it will be placed into a restricted VLAN such as a non-routable VLAN or a guest VLAN.
Ensure that the default or restricted VLAN used in dynamic port configuration does not have an active DHCP server running. Otherwise, you might encounter stale IP address issue on certain legacy devices.
Dynamic port configuration on a switch is meant for establishing connection to IoT devices, APs, and user port endpoints. You should not use it to create connection between switches, switches and routers, and switches and firewalls. You should not enable Dynamic Port Configuration on the uplink port. Also, you should not enable Dynamic Port Configuration on the uplink port.
See Configure Switches for more information on how to configure port profiles.
Video 2: Dynamic Port Profiles (for Colorless Ports)
Best Practices in Port Configuration
Here are a few recommendations for your switch ports to work seamlessly with the Mist APs:
On a trunk port, prune all the unwanted VLANs. Only the required VLANs (based on the WLAN configuration) should be on the port. Since the APs do not save the configuration by default, APs should be able to get the IP address on the native VLAN to get connected to the cloud and get configured.
We do not recommend port security (MAC address limit), except in the case where all WLANs are tunneled.
Feel free to enable BPDU guard, as BPDUs are typically not bridged from wireless to wired connection on an AP unless it is a mesh base. BPDUs are data messages that are exchanged across the switches within an extended LAN that uses a spanning tree protocol topology. BPDU packets contain information on ports, addresses, priorities, and costs and ensure that the data ends up where it was intended to go.
Here is a sample port configuration for a Juniper EX Series switch. This configuration assumes the existence of a dedicated management VLAN, a staff VLAN, and a guest VLAN.
interfaces {
ge-0/0/0 {
native-vlan-id 100;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ management staff guest ];
}
}
}
}
}
vlans {
guest {
vlan-id 667;
}
staff {
vlan-id 200;
}
management {
vlan-id 100;
l3-interface irb.100;
}
}The following example shows how to set an IP address on the management VLAN of a switch (10.10.100.50/24) to be accessible from other networks (gateway of 10.10.100.1).
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ management staff guest ];
}
native-vlan-id 100;
}
}
}
vlan {
unit 100 {
family inet {
address 10.10.100.50/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.10.100.1;
}
}
vlans {
guest {
vlan-id 667;
}
staff {
vlan-id 200;
}
management {
vlan-id 100;
l3-interface vlan.100;
}
}For Juniper EX switches, we recommend that you include your switch’s management address in the LLDP configuration.
In this example, the VLAN 100 is used for management, and the same is advertised over LLDP.
The following sample configuration is shown in set mode.
set interfaces irb unit 400 family inet address 10.33.1.110/24 set routing-options static route 0.0.0.0/0 next-hop 10.33.1.1 set routing-options static route 0.0.0.0/0 no-resolve set protocols lldp management-address 10.33.1.110 set protocols lldp port-id-subtype interface-name set protocols lldp interface all set protocols lldp-med interface all
System-defined Port Profiles
System-defined Port Profiles are port profiles that are built into the Mist portal and are available for you to use if you do not want to configure your own port profiles. These are preconfigured for you, so there is no configuration required in order for you to be able to use them. You can, however, delete these system-defined port profiles. This functionality is only available from the Switch Templates level of configuration.
The following steps describe how to delete a system-defined port profile.
The ability to delete a system-defined port profile only applies to the ap, iot, and uplink port profiles.
- From the Mist portal, navigate to Organization > Switch Templates.
- Select the appropriate Switch Template.
- Select the system-defined port profile you wish to delete (ap, iot, or uplink).
- Select the trashcan icon in the top left corner of the Edit Port
Profile configuration.
- A warning will appear letting you know that the delete action is permanent. You
will not be able to recover the port profile once deleted. Enter the name of the
port profile, then select Delete.
Note: If you delete the ap, iot, or uplink system-defined port profiles, any reference to these profiles at the Site or device level will revert to the default profile (port configurations or Dynamic Port profiles).Note: If you were to create your own port profile and name it “ap”, “iot”, or “uplink” (after having deleted the system-defined port profiles) it will be treated as any other user-defined port profile.
