Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Creating and Managing Port Profiles

Port profiles provide a way to provision multiple switch interfaces, including Ethernet interfaces on EX Series switches and Campus Switching ELS. In a Port profile, you can define a set of attributes to be shared by multiple interfaces. For example, you can create a Port profile for all access interfaces that connect to VoIP desk phones, configuring the appropriate class-of-service (CoS), authentication, and port security settings for these interfaces in the Port profile. You then assign the Port profile to those interfaces and deploy the resulting configuration on the interfaces.

Port profiles define only shared attributes. To enable you to configure specific attributes for an interface or a switch during the process of assigning a Port profile to an interface, the Create Port profile wizard provides two setup options: Quick Setup and Custom Setup. The Quick Setup option enables you to create initial configuration settings for a Port profile including selecting or create inline VLAN profile. The Custom Setup option enables you to configure all the advanced settings and create any inline sub-profiles. In Custom Setup option, apart from selecting the existing VLAN, CoS, and authentication sub-profiles, you can also create these sub-profiles.

CAUTION:

Ports that are involved in EVPN-VXLAN is not configured through port profile. Else, it renders EVPN-VXLAN defunct.

Note:

If you switch from Quick Setup to Custom Setup, all the configuration settings are saved. However, if you switch from Custom Setup to Quick Setup, all the advanced settings done in the Custom Setup are lost.

To manage or create Port profiles: In Build mode, select Port from Profiles in the Tasks pane. The Manage Port Profile page appears.

This topic describes:

Managing Port Profiles

Use the Manage Port Profiles page to manage existing Port profiles and to create new ones. Port profiles enable the definition and application of a common set of attributes to interfaces.

From the Manage Port Profiles page, you can:

  • Create a new profile by clicking Add. For details, see Creating Port Profiles.

  • Modify an existing profile by selecting it and clicking Edit.

  • Associate a Port profile to specific interfaces by selecting it and clicking Assign.

    During the assignment process, you can choose to configure interface-specific settings, such as IP address.

  • Change a Port profile’s current interface assignments by selecting it and clicking Edit Assignments. This opens the Edit assignments for profile-name page, which displays the assignment state and other details of the interfaces in a grid layout. After editing an assignment, and click Apply. The Edit Profile Assignment Job Details window opens, which reports the status of the interface assignment that you edited.

  • View information about a profile, including the interfaces it is associated with, by selecting the profile and clicking Details or by clicking the profile name, which opens the Profiles Details page. This page displays the profile details and the interface associations in a grid layout. It also has an option using which you can search profiles associated with a device and filter devices. Click Show Filters to filter an interface based on its IP address, serial number, type, or location or custom group.

  • Perform the search for the following:

    • A Port profile for a specific device by specifying the device details in the search field.

    • A port profile that is assigned to a specific port on a device. In this case, you must first enter the device details and then specify the port details in the search field to view the port profile.

    • Port profiles that are assigned to interfaces that are part of the same VLAN. When you specify the VLAN name in the search field, all the Port profiles that are part of the same VLAN are listed in the table.

  • Delete profiles by selecting the profiles and clicking Delete.

    Tip:

    You cannot delete profiles that are in use—that is, assigned to objects or used by other profiles. To see the current assignments for a profile, click the profile name.

  • Clone a profile by selecting a profile and clicking Clone.

Network Director provides a set of default Port profiles: Desktop Port, Desktop and Phone Port, Server Port, Switched Downlink, Switched Uplink, and Custom Port. These profiles contain configuration appropriate for the named port role. You can manage these profiles the same way that you manage a user-created profile. For more information about these profiles, see Understanding Port Profiles.

Table 1 describes the information provided about Port profiles on the Manage Port Profiles page. This page lists all Port profiles defined for your network, regardless of your current selected scope in the network view.

Table 1: Manage Port Profiles Table

Column

Description

Profile Name

Name given to the profile when the profile was created.

Click the profile name to view profile details.

A next to the profile name indicates that the profile is assigned to a port using an auto assignment policy. For more details on auto assignment policies, see Managing Auto Assignment Policies.

Family Type

One of the following:

  • EX—for EX Series switches

  • ELS—for Campus Switching ELS

  • Data Center Switching ELS—for Data Center Switching ELS devices

Description

Description of the Port profile that was entered when the profile was created.

Port Family

One of the following:

  • Switching—for Port profiles that configure Layer 2 interfaces

  • Routing—for Port profiles that configure Layer 3 interfaces

  • FIBRE—for Port profiles that configure Fibre Channel (FC) interfaces.

VLANs

Name of the member VLANs configured or referenced for that Port profile.

Assignment State

One of the following states:

  • Deployed—The profile has been assigned to interfaces and the configuration has been deployed on the devices.

  • Pending Deployment—The profile has been assigned to interfaces or its previous assignments have been changed, but the new or modified configuration has not yet been deployed on the devices.

  • Unassigned—The profile has not yet been assigned to interfaces.

Creation Time

Date and time when the profile was created.

Last Updated Time

Date and time when the profile was last modified.

Assigned to Devices

Number of devices to which the Port profile is assigned.

Click on the link to view the profile details.

Assigned to Port

Number of ports to which the Port profile is assigned.

Click on the link to view the profile details.

Assigned to

Number of port assignments and device associations for a profile.

User Name

The username of the user who created or modified the profile.

Tip:

All columns might not be currently displayed. To show or hide fields in the table, click the down arrow on the field header, select Columns, and select or clear the check box adjacent to the field that you want to show or hide.

Creating Port Profiles

To create a Port profile for EX Series switches, Campus Switching ELS, or Data Center Switching ELS:

  1. Click in the Network Director banner.
  2. Under Views, select one of the following views: Logical View, Location View, Device View or Custom Group.
    Tip:

    Do not select Topology View.

  3. Click Port under Wired > Profiles in the Tasks pane.

    The Manage Port Profile page appears.

  4. Click Add.

    The Select a Device Family page opens.

  5. Select Switching (EX), Campus Switching ELS or Data Center Switching ELS.

    The Create Port Profile page appears showing the Quick Setup and Custom Setup tabs for the selected family with the appropriate fields for configuring that family.

  6. Select initial settings in the Quick Setup option and advanced settings in the Custom Setup option for the Port profile. For information about the Port profile settings, select the section for the type of port you are configuring:
    Note:

    No registered multicast and no unregistered multicast are not applicable for EX Series switches that belong to Switching (EX) device family. For example, EX2200 and EX4200.

Specifying Settings for an EX Switching Port Profile

Use the Create Port Profile page to define a common set of port attributes, which you can then apply to a group of interfaces. These directions address creating a Port profile for EX Series switches.

Tip:

You can reference a VLAN profile, CoS profile, Ingress Filter profile, Egress Filter profile, and an Authentication profile in a Port profile. You can either create these profiles in their respective profile pages before you create Port profiles or you can create these profiles as in-line sub-profiles while configuring Port profiles. You can also enable power over Ethernet (PoE).

After you create a Port profile, you assign it to individual interfaces or to members of a port group. During this process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as the Access profile to use for all ports on the device. You can assign only one Port profile to an interface.

Table 2 describes the Quick Setup settings available in a Port profile. Table 3 describes the Custom Setup settings. The defaults for these options depend on the Service Type you select.

Table 2: Port Profile Quick Setup Settings for an EX Switching Port Profile

Field

Action

Profile Name

A default name that corresponds to the Service Type is displayed—when you change the Service Type, this default profile name changes. You can also change the name of profile, using up to 64 alphanumeric characters and no special characters other than the underscore. The name must be unique among Port profiles.

Description

A default description of the preconfigured service types appears by default. You can change the description of the Port profile, which appears on the Manage Port Profiles page. You can use up to 256 characters.

Service Type

Select one the preconfigured switching options, Desktop Port, Desktop Phone Port, Printer Port, Switched Uplink, Switched Downlink, or Server Port. To create your own switching or routing service type, select Custom.

Tip:

No preconfigured routing Service Types are provided. You must create them using the Custom option.

Desktop Port default service type has the following default settings:

  • CoS Profile—no default provided

  • Family Type—switching

  • Port Mode—access

  • Power over Ethernet—disabled

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—disabled

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • Trust DHCP—disabled

  • MAC Limit—1

  • MAC Limit Action—drop

  • Allowed MAC List—no default provided

Desktop Phone Port preconfigured service type has the following default settings:

  • CoS Profile—juniper_CoS_template

  • Family Type—switching

  • Port Mode—access

  • Power over Ethernet—disabled

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—disabled

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • Trust DHCP—disabled

  • MAC Limit—2

  • MAC Limit Action—drop

  • Allowed MAC List—no default provided

Printer Port preconfigured service type has the following default settings:

  • Family Type—switching

  • Port Mode—access

  • Power over Ethernet—no default provided

  • Auto Negotiation—enabled

  • Flow Control—enabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—no default provided

  • Trust DHCP—no default provided

  • MAC Limit—no default provided

  • MAC Limit Action—no default provided

  • Allowed MAC List—no default provided

Switched Uplink preconfigured service type has the following default settings:

  • CoS Profile—juniper_CoS_template

  • Family Type—switching

  • Port Mode—trunk

  • Power over Ethernet—disabled

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • MAC Limit—no default provided

  • Trust DHCP—disabled

  • MAC Limit Action—no default provided

  • Allowed MAC List—no default provided

Switched Downlink preconfigured service type has the following default settings:

  • CoS Profile—juniper_CoS_template

  • Family Type—switching

  • Port Mode—trunk

  • Power over Ethernet—disabled

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • MAC Limit—no default provided

  • Port Security—enabled

  • Trust DHCP—enabled

  • MAC Limit Action—no default provided

  • Allowed MAC list—no default provided

Server Port preconfigured service type has the following default settings:

  • CoS Profile—juniper_CoS_template

  • Family Type—switching

  • Port Mode—trunk

  • Power over Ethernet—disabled

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • MAC Limit—no default provided

  • MAC Limit Action—no default provided

  • Allowed MAC list—no default provided

 

Family Type

This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, indicate whether the interface operates as a Layer 2 (Switching) or a Layer 3 (Routing) interface.

Tip:

All preconfigured Service Types are for switching.

If you select Routing, you configure an IP address on a per-interface basis when you assign the profile to individual interfaces.

Tip:

Service Type must be set to Custom to configure a routing interface.

Port Mode

This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, select the port mode for the EX Series switching interface, either Access, Trunk, or Tagged Access.

  • Access—Use for interfaces that connect to an end device, such as a desktop computer, an IP telephone, a printer, or a security camera. The interface must belong to a single VLAN. Frames sent and received over the over the interface are untagged Ethernet frames. This is the default for a Desktop Port and Desktop Phone Port .

  • Trunk—Use for interfaces that connect to a switch or router. Trunk interfaces can belong to more than one VLAN, enabling VLAN traffic to be multiplexed on a single physical interface. The Ethernet frames sent and received over the interface are tagged frames, in which IEEE 802.1Q tagging is used to segregate the traffic from each VLAN. This is the default for Switched Uplink, Switched Downlink, and Server Port.

  • Tagged Access—Use for access interfaces where VLAN tagging is required, typically when the interface connects to a server running virtual machines using virtual Ethernet port aggregator (VEPA) technology. The traffic generated by the server can contain an aggregation of VLAN packets from different virtual machines on that server, requiring that packets be tagged.

VLAN Options

Available VLAN options depend on the Service Type selected.

Member VLAN (available for Switched Uplink, Switched Downlink, Server Port)

Click All if you want to assign an interface to all the VLANs.

This option is enabled when Port Mode is Trunk or TaggedAccess.

Member VLANs

(available for Desktop Port, Desktop Phone Port, Switched Uplink, Switched Downlink, Server Port, , Custom Port)

Select a VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. The VLAN is added to the Member VLANS list.

Or

Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK.

Voice VLAN

(available for Desktop Phone Port, Custom Port)

Select a voice VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. The VLAN is added to the Member VLANS list.

Or

Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN Name and ID and click OK.

Native VLAN (available for Switched Uplink, Switched Downlink)

Select a native VLAN for the interface by clicking Select, selecting one of the listed VLANs, and then clicking OK. The VLAN is added to the Member VLANs list.

Or

Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK.

After providing the information in the fields listed in the preceding, click Done.

To use default Port Profile Custom Setup settings, click Done. To configure Custom Setup settings, click Custom Setup and then provide the information in Table 3 and then click Done.

Clicking Done in either case displays the dialog Do you want to assign Port Profile to Ports. Click Yes to create a profile assignment; else click No to navigate to the Manage Port Profile page and to create the Port assignment later on.

Table 3: Port Profile Custom Setup Settings

Field

Action

Advanced Settings

Expand Advanced Settings to configure link settings and port security. The Link Setting in Port profile is disabled by default. On enabling Link Settings, autonegotiation and flow control are enabled by default.

Enable Auto Negotiation

Autonegotiation of link speed and duplex mode is enabled by default; clear to disable autonegotiation.

If you disable autonegotiation, you must set link speed and link mode.

You cannot disable autonegotiation if a link speed of 1 Gbps is configured. This configuration might be accepted, but autonegotiation is not disabled.

Note:

This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface.

Enable Flow Control

Select to enable flow control on the interface, which permits the switch suspend packet transmission for a set period of time in response to a PAUSE frame sent by a congested switch.

Flow control applies only to links operating at 1 Gbps, full-duplex mode.

MTU

Using the arrows, indicate the maximum transmission unit (MTU), which is the maximum size of Ethernet frames sent by the interface. To calculate the MTU, add 14 bytes overhead to the maximum payload you want sent.

Range: 256 through 9216 bytes

Speed

Select the link speed.

If you select a link speed when autonegotiation is enabled, autonegotiation remains enabled and the interface advertises the link speed that you specify as its maximum link speed.

Note:

This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface.

Link Mode

Select the duplex mode, either Automatic, Full Duplex, or Half Duplex. Select Automatic to enable autonegotiation when autonegotiation is disabled.

Note:

This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface.

You cannot select Half Duplex with link speed set to Autonegotiation or 1 Gbps.

Storm Control Settings

Enabling storm control on a switching device monitors traffic levels and drops broadcast, multicast, and unknown unicast packets when a specified traffic level—called the storm control level or storm control bandwidth—is exceeded, thus preventing packets from proliferating and degrading the LAN.

You can customize the storm control level for a specific interface by explicitly configuring either bandwidth or level.

Note:

You cannot configure both bandwidth and level for the same interface.

Unit

  • Percentage—Configures the storm control level as a percentage of the available bandwidth used by the combined applicable traffic streams that are subject to storm control on that interface.

    The level can be set from 0% to 100%, where 0% indicates that the entire traffic is being suppressed and 100% indicates no traffic is being suppressed, in other words there is no storm control.

    The default level is 80%.

  • Kbps—Configures the storm control level as the bandwidth in kilobits per second (Kbps) of the applicable traffic streams on that interface.

    Set the bandwidth from 100 through 10,000,000 in Kbps. When you configure storm control bandwidth, the value you configure is rounded off internally to the closest multiple of 64 Kbps, and the rounded-off value represents the bandwidth that is actually used. For example, if you configure a bandwidth limit of 150 Kbps, storm control uses a bandwidth limit of 128 Kbps.

Value

Configures the traffic storm control threshold level value as a percentage of bandwidth or bandwidth in kilobits per second depending upon the specified unit.

No broadcast

Select this option to enable storm control for no broadcast traffic on a specific interface or on all interfaces.

No unknown broadcast

Select this option to enable storm control for no unknown broadcast traffic on a specific interface or on all interfaces.

No multicast

Select this option to enable storm control for no multicast traffic on a specific interface or on all interfaces.

Power over Ethernet (PoE)

You can enable PoE and display the configuration options by enabling Configure Power over Ethernet.

Configure Power over Ethernet

Enable to configure PoE settings.

If you do not enable this option, Network Director does not send any PoE configuration commands to the device when the profile is deployed on the device. For example, if PoE is enabled on an interface, it remains enabled. On EX Series switches, the factory-default configuration enables PoE on all interfaces that support PoE.

If you enable this option, the PoE settings in this profile is deployed on the interfaces that support PoE. If you assign this Port profile to interfaces that do not support PoE, the profile is deployed successfully on those interfaces, but the PoE settings do not take effect.

Maximum Power (W)

Use the arrows to adjust the maximum PoE power in watts allocated to a PoE port. The powered device cannot draw more power than the wattage specified. If it does so, PoE power to the port is shut down. Maximum power for PoE is 15.4W, Extended PoE is 18.6W and PoE+ is 30W.

The Maximum Power setting has no effect when the PoE management mode for a switch or line card is class mode, which is the default mode. In class mode, the power allocated to a PoE port is determined either by LLDP negotiation with the powered device or by the PoE class of the powered device if LLDP is not supported.

You must set the PoE power management mode for the switch or line card to static mode for the Maximum Power setting to take effect. Do this in the Device Common Settings profile.

If you specify a maximum wattage that is greater than the maximum wattage that can be supplied by the port, your configuration is accepted when the Port profile is deployed on the port. However, the maximum wattage is set to the port’s maximum supported wattage. The maximum supported wattages for PoE ports are:

  • 15.4W for ports that support IEEE 802.3af only

  • 18.6W for IEEE 802.3af ports on switches that support enhanced PoE

  • 30W for ports that support IEEE 802.3at

Default: 15.4W

Priority

Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by the port number—ports with a lower port number have a higher power priority.

Default: low priority

Disable PoE

Select to disable PoE on the interfaces using this Port profile.

Port Security (Switching Interfaces Only)

Select to enable port security (default); clear to disable port security.

When port security is enabled, you can configure port security options such as learned MAC address limits on an interface. When port security is disabled, no port security is applied to the interface, including the default port security options.

Trust DHCP

Select to permit messages from a DHCP server to be received on the interface—this is the default. Clear to block all messages from a DHCP server from being received on the interface.

Tip:

For this port security feature to work, DHCP snooping must be enabled on the VLAN the interface belongs to. You can enable DHCP snooping on the VLAN in the VLAN profile. For directions, see Creating and Managing VLAN Profiles.

MAC Limit

Type the number of MAC address that can be dynamically learned on the interface.

Range: 1 through 163,839

Default: For Desktop Ports, 1. For Desktop Phone Ports, 2. For all others, none.

MAC Limit Action

Select the action to be taken if the MAC address limit is exceeded:

  • Drop—Drop any packet with a previously unlearned MAC address and generate a system log entry, and SNMP trap, or an alarm. This is the default for a Desktop Port and Desktop Phone Ports.

  • Log—Accept packets with new MAC addresses and learn the addresses, but generate a system log entry, and SNMP trap, or an alarm.

  • Shutdown—Shut down the interface and generate a system log message, SNMP trap, or an alarm.

    If an interface is shut down because the MAC address limit has been exceeded, you must use the CLI command clear ethernet-switching port-error interface name to clear the error and bring the interface back into service.

    Tip:

    You can use the CLI to configure autorecovery on an interface that has been shut down by a MAC limit error.

  • None—No action. This selection effectively disables MAC address limiting on the interface. This is the default for Switched Uplink Ports, Switched Downlink Ports, and Server Ports.

Allowed MAC List

Indicate the MAC addresses of devices that are allowed access to the interface in the Allowed MAC List. Any device whose MAC address does not match an address in the list is not allowed access to the interface. A list with no entries means that a client with any MAC address is permitted to access the interface.

To enter a MAC address, click Add and then type the MAC addresses in the field provided. Enter MAC addresses as two-character hexadecimal numbers separated by colons. Click Save to save the entry.

Note:

Configuring an allowed MAC address list does not block the switch from receiving Layer 2 control packets—such as Link Layer Discovery Protocol (LLDP) packets—transmitted from MAC addresses that are not specified in the address list. Control packets do not undergo the MAC address check. However, the switch does not forward them to another destination.

Default: No entries

RSTP Settings

In addition to enabling or disabling the Spanning Tree Protocol (STP) as part of device profiles, this feature enables you to fine-tune STP by setting interfaces into edge, disable, or no-root-port states.

Edge

RSTP defines the concept of an edge port, which is a designated port that connects to non-STP-capable devices, such as PCs, servers, routers, or hubs that are not connected to other switches. Because edge ports connect directly to end stations, they cannot create network loops and can transition to the forwarding state immediately. You can manually configure edge ports, and a switch can also detect edge ports by noting the absence of communication from the end stations.

Disable

Disables the RSTP on interface.

Note:

Configuring interfaces to one of these states is not mandatory for ELS switches. Hence, the option Disable is not applicable for ELS switches and therefore not supported.

No Root Port

Configures an interface to be a spanning-tree designated port. If the bridge receives superior STP bridge protocol data units (BPDUs) on a root-protected interface, that interface transitions to a root-prevented STP state (inconsistency state) and the interface is blocked. This blocking prevents a bridge from being elected the root bridge. When the bridge stops receiving superior STP BPDUs on the root-protected interface, interface traffic is no longer blocked.

CoS Settings

Click Select Cos Profile to choose from existing CoS profiles. The CoS configuration contained in the CoS profile is applied to the interfaces that the Port profile is assigned to when you deploy the configuration. Click OK. Some preconfigured Service Types have a default CoS profile—see the description for Service Types field for details.

Or

Click Configure CoS settings to configure CoS profile. See Creating and Managing Wired CoS Profiles for steps to configure a CoS profile.

Authentication Settings (Desktop Port, Desktop Phone Port, Custom Port)

Select the Authentication profile for the interface from a list of existing profiles by clicking Select, selecting one of the listed profiles, and then clicking OK. By assigning an Authentication profile to the Port profile, you can enable 802.1x and captive portal authentication on interfaces.

If you do not specify an Authentication profile, the interface is an open port and no authentication is required to connect.

Note:

You cannot configure 802.1x authentication on aggregated Ethernet interfaces. If you attempt to deploy a Port profile that contains an Authentication profile on an aggregated Ethernet interface, the deployment fails.

Or

Click Configure Authentication Settings to configure 802.1x and captive portal authentications. See Creating and Managing Authentication Profiles for steps to configure the authentication profile.

Filter Settings (available for all Service Types, including Custom for routing)

  • Ingress Filter

    Select an Ingress Filter for the interface by clicking Select, selecting one of the listed filters, and then clicking OK.

  • Egress Filters

    Select an Egress Filter for the interface by clicking Select, selecting one of the listed filters, and then clicking OK.

VRRP Settings (available when Service Type is Custom and Family Type is Routing)

Select the VRRP profile for the interface from a list of existing profiles by clicking Select. Select one of the listed profiles, and then click OK.

If you configured Custom Setup settings, click Done. Upon clicking Done displays the dialog Do you want to assign Port Profile to Ports?. Click Yes to create a profile assignment else click No to create the profile and navigate to the Manage Port Profile page to create the Port assignment later.

Specifying Settings for a Campus Switching ELS Port Profile

Use the Create Port Profile page to define a common set of port attributes in a Port profile. You can then apply the Port profile to interfaces on a group of Campus Switching ELS devices.

Tip:

You can reference a VLAN profile, CoS profile, Ingress Filter profile, Egress Filter profile, and an Authentication profile in a Port profile. You can either create these profiles in their respective profile pages before you create Port profiles or you can create these profiles as in-line sub-profiles while configuring Port profiles. You can also enable power over Ethernet (PoE).

After you create a Port profile, you can assign it to individual interfaces or to members of a Port group. During this assignment process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as the Access profile to use for all ports on the device. You can assign only one Port profile to an interface.

Table 4 describes the Quick Setup settings available in a Port profile. Table 5 describes the Custom Setup settings. The defaults for these options depend on the Service Type you select.

Table 4: Port Profile Quick Setup Settings for Campus Switching ELS

Field

Action

Profile Name

Type the name of profile by using up to 64 alphanumeric characters and no special characters other than the underscore. The name must be unique among Port profiles.

Description

Type a description of the Port profile, which appears on the Manage Port Profiles page. You can use up to 256 characters.

Service Type

Select one the preconfigured options Desktop Port, Desktop Phone Port, Printer Port, Switched Uplink, Switched Downlink, or Server Port. To create your own service type, select Custom.

Desktop Port service type has the following default settings:

  • CoS Profile—juniper_CS_Hier_Ethernet_CoS for Hierarchical port scheduling; no default profile for Non-Hierarchical port scheduling

  • Family Type—switching

  • Port Mode—access

  • Power over Ethernet—disabled

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • Trust DHCP—disabled

  • MAC Limit—1

  • MAC Limit Action—drop

  • Allowed MAC List—no default provided

Desktop Phone Port service type has the following default settings:

  • CoS Profile—juniper_CoS_template for Non-Hierarchical port scheduling; juniper_CS_Hier_Ethernet_CoS for Hierarchical port scheduling

  • Family Type—switching

  • Port Mode—access

  • Power over Ethernet—disabled

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • Trust DHCP—disabled

  • MAC Limit—2

  • MAC Limit Action—drop

  • Allowed MAC List—no default provided

Printer Port preconfigured service type has the following default settings:

  • Family Type—switching

  • Port Mode—access

  • Power over Ethernet—no default provided

  • Auto Negotiation—enabled

  • Flow Control—enabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—no default provided

  • Trust DHCP—no default provided

  • MAC Limit—no default provided

  • MAC Limit Action—no default provided

  • Allowed MAC List—no default provided

Switched Uplink service type has the following default settings:

  • CoS Profile—juniper_CoS_template for Non-Hierarchical port scheduling; juniper_CS_Hier_Ethernet_CoS for Hierarchical port scheduling

  • Family Type—switching

  • Port Mode—trunk

  • Power over Ethernet—disabled

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • MAC Limit—no default provided

  • MAC Limit Action—no default provided

  • Allowed MAC List—no default provided

Switched Downlink service type has the following default settings:

  • CoS Profile—juniper_CoS_template for Non-Hierarchical port scheduling; juniper_CS_Hier_Ethernet_CoS for Hierarchical port scheduling

  • Family Type—switching

  • Port Mode—trunk

  • Power over Ethernet—disabled

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • MAC Limit—no default provided

  • MAC Limit Action—no default provided

  • Allowed MAC list—no default provided

Server Port service type has the following default settings:

  • CoS Profile—juniper_CoS_template for Non-Hierarchical port scheduling; juniper_CS_Hier_Ethernet_CoS for Hierarchical port scheduling

  • Family Type—switching

  • Port Mode—trunk

  • Power over Ethernet—disabled

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • MAC Limit—no default provided

  • MAC Limit Action—no default provided

  • Allowed MAC list—no default provided

 
Port Family Options

The available settings and defaults for these options depend on the Service Type you selected.

Family Type: Switching or

Routing

This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, indicate whether the interface operates as a Layer 2 (Switching) or a Layer 3 (Routing) interface.

Tip:

Service Type must be set to Custom to configure a routing interface.

If you select routing, you configure an IP address on a per-interface basis when you assign the profile to individual interfaces.

Port Mode for switching interfaces only

This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, select the port mode for the interface, either Access, Trunk, or Tagged Access.

  • Access—Use for interfaces that connect to an end device, such as a desktop computer, an IP telephone, a printer, or a security camera. The interface must belong to a single VLAN. Frames sent and received over the over the interface are untagged Ethernet frames.

  • Trunk—Use for interfaces that connect to a switch or router. Trunk interfaces can belong to more than one VLAN, enabling VLAN traffic to be multiplexed on a single physical interface. The Ethernet frames sent and received over the interface are tagged frames, in which IEEE 802.1Q tagging is used to segregate the traffic from each VLAN.

  • Tagged Access—Use for access interfaces where VLAN tagging is required, typically when the interface connects to a server running virtual machines using virtual Ethernet port aggregator (VEPA) technology. The traffic generated by the server can contain an aggregation of VLAN packets from different virtual machines on that server, requiring that packets be tagged.

VLAN Options

Available VLAN options depend on the Service Type selected. VLAN association is required for Campus Switching ELS.

Member VLAN

(Switched Uplink, Switched Downlink, Server Port)

Click All if you want to assign an interface to all the VLANs.

This option is enabled when Port Mode is Trunk or TaggedAccess.

Member VLAN

(all Service Types)

This configuration is for one VLAN. Select a VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK.

Or

Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK.

Voice VLAN

(Desktop Phone Port, Custom Port)

This configuration is for one VLAN. Select a voice VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK.

Or

Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK.

Native VLAN

(Switched Uplink, Switched Downlink)

Select a native VLAN for the interface by clicking Select, selecting one of the listed VLANs, and then clicking OK. The VLAN is added to the Member VLANs list.

Or

Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK.

Power over Ethernet (PoE)

Configure Power over Ethernet

Enable to configure PoE settings.

If you do not enable this option, Network Director does not send any PoE configuration commands to the device when the profile is deployed on the device. For example, if PoE is enabled on an interface, it remains enabled.

If you enable this option, the PoE settings in this profile is deployed on the interfaces that support PoE. If you assign this Port profile to interfaces that do not support PoE, the profile can be deployed successfully on those interfaces, but the PoE settings do not take effect.

Tip:

EX9200 switches do not support PoE.

Maximum Power (W)

Use the arrows to adjust the maximum PoE power allocated to a PoE port in watts. The powered device cannot draw more power than the wattage specified. If it does so, PoE power to the port is shut down.

The Maximum Power setting has no effect when the PoE management mode for the switch or line card is class mode, which is the default mode. In class mode, the power allocated to a PoE port is determined either by LLDP negotiation with the powered device or by the PoE class of the powered device if LLDP is not supported.

You must set the PoE power management mode for the switch or line card to static mode for the Maximum Power setting to take effect. You can do this in the Device Common Settings profile.

If you specify a maximum wattage that is greater than the maximum wattage that can be supplied by the port, your configuration is accepted when the Port profile is deployed on the port. However, the maximum wattage is set to the port’s maximum supported wattage. The maximum supported wattages for PoE ports are:

  • 15.4W for ports that support IEEE 802.3af only

  • 18.6W for IEEE 802.3af ports on switches that support enhanced PoE

  • 30W for ports that support IEEE 802.3at

Default: 15.4W

Priority

Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by port number—ports with a lower port number have a higher power priority.

Default: low priority

Disable PoE

Select to disable PoE on the interface.

After providing the information in the fields listed in Table 4, click Done.

To use default Port Profile Custom Setup settings, click Done. To configure Custom Setup settings, click Custom Setup and then provide the information in Table 5 and then click Done.

Clicking Done in either case displays the dialog Do you want to assign Port Profile to Ports. Click Yes to create a profile assignment; else click No to navigate to the Manage Port Profile page and to create the Port assignment later on.

Table 5: Port Profile Custom Setup Settings for Campus Switching ELS

Field

Action

Advanced Settings

Expand Advanced Settings to configure link settings and port security. The Link Setting in Port profile is disabled by default. On enabling Link Settings, autonegotiation and flow control are enabled by default.

Enable Auto Negotiation

Autonegotiation of link speed and duplex mode is enabled by default; clear to disable autonegotiation.

If you disable autonegotiation, you must set link speed and link mode.

You cannot disable autonegotiation if a link speed of 1 Gbps is configured. This configuration might be accepted, but autonegotiation will not be disabled.

Note:

This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface.

Enable Flow Control

Select to enable flow control on the interface, which permits the switch suspend packet transmission for a set period of time in response to a PAUSE frame sent by a congested switch.

Flow control applies only to links operating at 1 Gbps, full-duplex mode.

MTU

Using the arrows, indicate the maximum transmission unit (MTU), which is the maximum size of Ethernet frames sent by the interface. To calculate the MTU, add 14 bytes overhead to the maximum payload you want sent.

Range: 256 through 9216 bytes

Speed

Select the link speed.

If you select a link speed when autonegotiation is enabled, autonegotiation remains enabled and the interface will advertise the link speed that you specify as its maximum link speed.

Note:

This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface.

Link Mode

Select the duplex mode, either Automatic, Full Duplex, or Half Duplex. Select Automatic to enable autonegotiation when autonegotiation is disabled.

Note:

This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface.

You cannot select Half Duplex with link speed set to Autonegotiation or 1 Gbps.

Storm Control Settings

Enabling storm control on a switching device monitors traffic levels and drops broadcast, multicast, and unknown unicast packets when a specified traffic level—called the storm control level or storm control bandwidth—is exceeded, thus preventing packets from proliferating and degrading the LAN.

You can customize the storm control level for a specific interface by explicitly configuring either bandwidth or level.

Note:

You cannot configure both bandwidth and level for the same interface.

Unit

  • Percentage—Configures the storm control level as a percentage of the available bandwidth used by the combined applicable traffic streams that are subject to storm control on that interface.

    The level can be set from 0% to 100%, where 0% indicates that the entire traffic is being suppressed and 100% indicates no traffic is being suppressed, in other words there is no storm control.

    The default level is 80%.

  • Kbps—Configures the storm control level as the bandwidth in kilobits per second (Kbps) of the applicable traffic streams on that interface.

    Set the bandwidth from 100 through 10,000,000 in Kbps. When you configure storm control bandwidth, the value you configure is rounded off internally to the closest multiple of 64 Kbps, and the rounded-off value represents the bandwidth that is actually used. For example, if you configure a bandwidth limit of 150 Kbps, storm control uses a bandwidth limit of 128 Kbps.

Value

Configures the traffic storm control threshold level value as a percentage of bandwidth or bandwidth in kilobits per second depending upon the specified unit.

No broadcast

Select this option to enable storm control for no broadcast traffic on a specific interface or on all interfaces.

No unknown broadcast

Select this option to enable storm control for no unknown broadcast traffic on a specific interface or on all interfaces.

No multicast

Select this option to enable storm control for no multicast traffic on a specific interface or on all interfaces.

No registered multicast

Select this option to enable storm control for no registered multicast traffic on a specific interface or on all interfaces.

No unregistered multicast

Select this option to enable storm control for no unregistered multicast traffic on a specific interface or on all interfaces.

Power over Ethernet (PoE)

You can enable PoE and display the configuration options by enabling Configure Power over Ethernet.

Configure Power over Ethernet

Enable to configure PoE settings.

If you do not enable this option, Network Director does not send any PoE configuration commands to the device when the profile is deployed on the device. For example, if PoE is enabled on an interface, it remains enabled. On EX Series switches, the factory-default configuration enables PoE on all interfaces that support PoE.

If you enable this option, the PoE settings in this profile is deployed on the interfaces that support PoE. If you assign this Port profile to interfaces that do not support PoE, the profile is deployed successfully on those interfaces, but the PoE settings will not take effect.

Maximum Power (W)

Use the arrows to adjust the maximum PoE power in watts allocated to a PoE port. The powered device cannot draw more power than the wattage specified. If it does so, PoE power to the port is shut down. Maximum power for PoE is 15.4W, Extended PoE is 18.6W and PoE+ is 30W.

The Maximum Power setting has no effect when the PoE management mode for a switch or line card is class mode, which is the default mode. In class mode, the power allocated to a PoE port is determined either by LLDP negotiation with the powered device or by the PoE class of the powered device if LLDP is not supported.

You must set the PoE power management mode for the switch or line card to static mode for the Maximum Power setting to take effect. Do this in the Device Common Settings profile.

If you specify a maximum wattage that is greater than the maximum wattage that can be supplied by the port, your configuration is accepted when the Port profile is deployed on the port. However, the maximum wattage is set to the port’s maximum supported wattage. The maximum supported wattages for PoE ports are:

  • 15.4W for ports that support IEEE 802.3af only

  • 18.6W for IEEE 802.3af ports on switches that support enhanced PoE

  • 30W for ports that support IEEE 802.3at

Default: 15.4W

Priority

Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by the port number—ports with a lower port number have a higher power priority.

Default: low priority

Disable PoE

Select to disable PoE on the interfaces using this Port profile.

Port Security (Switching Interfaces Only)

Select to enable port security (default); clear to disable port security.

When port security is enabled, you can configure port security options such as learned MAC address limits on an interface. When port security is disabled, no port security is applied to the interface, including the default port security options.

Trust DHCP

Select to permit messages from a DHCP server to be received on the interface—this is the default. Clear to block all messages from a DHCP server from being received on the interface.

Tip:

For this port security feature to work, DHCP snooping must be enabled on the VLAN the interface belongs to. You can enable DHCP snooping on the VLAN in the VLAN profile. For directions, see Creating and Managing VLAN Profiles.

MAC Limit

Type the number of MAC address that can be dynamically learned on the interface.

Range: 1 through 163839

Default: For Desktop Ports, 1. For Desktop Phone Ports, 2. For all others, none.

MAC Limit Action

Select the action to be taken if the MAC address limit is exceeded:

  • Drop—Drop any packet with a previously unlearned MAC address and generate a system log entry, and SNMP trap, or an alarm. This is the default for a Desktop Port and Desktop Phone Ports.

  • Log—Accept packets with new MAC addresses and learn the addresses, but generate a system log entry, and SNMP trap, or an alarm.

  • Shutdown—Shut down the interface and generate a system log message, SNMP trap, or an alarm.

    If an interface is shut down because the MAC address limit has been exceeded, you must use the CLI command clear ethernet-switching port-error interface name to clear the error and bring the interface back into service.

    Tip:

    You can use the CLI to configure auto-recovery on an interface that has been shut down by a MAC limit error.

  • None—No action. This selection effectively disables MAC address limiting on the interface. This is the default for Switched Uplink Ports, Switched Downlink Ports, and Server Ports.

Allowed MAC List

Indicate the MAC addresses of devices that are allowed access to the interface in the Allowed MAC List. Any device whose MAC address does not match an address in the list will not be allowed access to the interface. A list with no entries means that a client with any MAC address is permitted to access the interface.

To enter a MAC address, click Add and then type the MAC addresses in the field provided. Enter MAC addresses as two-character hexadecimal numbers separated by colons. Click Save to save the entry.

Note:

Configuring an allowed MAC address list does not block the switch from receiving Layer 2 control packets—such as Link Layer Discovery Protocol (LLDP) packets—transmitted from MAC addresses that are not specified in the address list. Control packets do not undergo the MAC address check. However, the switch does not forward them to another destination.

Default: No entries

RSTP Settings

In addition to enabling or disabling the Spanning Tree Protocol (STP) as part of device profiles, this feature enables you to fine-tune STP by setting interfaces into edge, disable, or no-root-port states.

Edge

RSTP defines the concept of an edge port, which is a designated port that connects to non-STP-capable devices, such as PCs, servers, routers, or hubs that are not connected to other switches. Because edge ports connect directly to end stations, they cannot create network loops and can transition to the forwarding state immediately. You can manually configure edge ports, and a switch can also detect edge ports by noting the absence of communication from the end stations.

Disable

Disables the RSTP on interface.

Note:

Configuring interfaces to one of these states is not mandatory for ELS switches. Hence, the option Disable is not applicable for ELS switches and therefore not supported.

No Root Port

Configures an interface to be a spanning-tree designated port. If the bridge receives superior STP bridge protocol data units (BPDUs) on a root-protected interface, that interface transitions to a root-prevented STP state (inconsistency state) and the interface is blocked. This blocking prevents a bridge from being elected the root bridge. When the bridge stops receiving superior STP BPDUs on the root-protected interface, interface traffic is no longer blocked.

CoS Settings

Click Select Cos Profile to choose from existing CoS profiles. The CoS configuration contained in the CoS profile is applied to the interfaces that the Port profile is assigned to when you deploy the configuration. Click OK. Some preconfigured Service Types have a default CoS profile—see Service Types for details.

Or

Click Configure CoS settings to configure CoS profile. See Creating and Managing Wired CoS Profiles for steps to configure a CoS profile.

Authentication Settings (Desktop Port, Desktop Phone Port, Custom Port)

Select the Authentication profile for the interface from a list of existing profiles by clicking Select, selecting one of the listed profiles, and then clicking OK. By assigning an Authentication profile to the Port profile, you can enable 802.1x and captive portal authentication on interfaces.

If you do not specify an Authentication profile, the interface is an open port and no authentication is required to connect.

Note:

You cannot configure 802.1x authentication on aggregated Ethernet interfaces. If you attempt to deploy a Port profile that contains an Authentication profile on an aggregated Ethernet interface, the deployment fails.

Or

Click Configure Authentication Settings to configure 802.1x and captive portal authentications. See Creating and Managing Authentication Profiles for steps to configure the Authentication profile.

Filter Settings (available for all Service Types, including Custom for routing)

  • Ingress Filter

    Select an Ingress Filter for the interface by clicking Select, selecting one of the listed filters, and then clicking OK.

  • Egress Filters

    Select an Egress Filter for the interface by clicking Select, selecting one of the listed filters, and then clicking OK.

VRRP Settings (available when Service Type is Custom and Family Type is Routing)

Select the VRRP profile for the interface from a list of existing profiles by clicking Select. Select one of the listed profiles, and then click OK.

Clicking Done displays the dialog Do you want to assign Port Profile to Ports. Click Yes to create a profile assignment else click No to navigate to the Manage Port Profile page and to create the Port assignment later.

Click Done to save the Port profile for Campus Switching ELS.

Specifying Settings for a Data Center Switching ELS Port Profile

Use the Create Port Profile page to define a common set of port attributes in a Port profile. You can create a new Port profile from scratch, or select an appropriate Service Type and use the default settings that Network Director has defined for that service type to create a Port profile. You can then apply the Port profile to interfaces on a group of Data Center Switching ELS devices.

Tip:

You can reference a VLAN profile, CoS profile, Ingress Filter profile, Egress Filter profile, and an Authentication profile in a Port profile. You can either create these profiles in their respective profile pages before you create Port profiles or you can create these profiles as in-line sub-profiles while configuring Port profiles.

After you create a Port profile, you can assign it to individual interfaces or to members of a Port group. During this assignment process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as the Access profile to use for all ports on the device. You can assign only one Port profile to an interface.

Table 6 describes the Quick Setup settings available in a Port profile. Table 7 describes the Custom Setup settings. The defaults for these options depend on the Service Type you select.

Table 6: Port Profile Quick Setup Settings for Data Center Switching ELS

Field

Action

Profile Name

Type the name of profile by using up to 64 alphanumeric characters and no special characters other than the underscore. The name must be unique among Port profiles.

Description

Type a description of the Port profile, which will appear on Manage Port Profiles page. You can use up to 256 characters.

Service Type

Select one the preconfigured options Desktop Port, Switched Uplink, Switched Downlink, Server Port, or FCoE Transit Port. To create your own service type, select Custom.

Desktop Port service type has the following default settings:

  • CoS Profile—no default provided

  • Family Type—switching

  • Port Mode—access

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • Trust DHCP—disabled

  • MAC Limit—1

  • MAC Limit Action—drop

  • Allowed MAC List—no default provided

Switched Uplink service type has the following default settings:

  • CoS Profile—juniper_DC_Hier_Ethernet_CoS (for Hierarchical port scheduling), juniper_DC_NonHier_CoS_Fusion (for Non-Hierarchical (Fusion) port scheduling), and juniper_DC_Hier_Fusion_CoS (for Hierarchical (Fusion) port scheduling)

  • Family Type—switching

  • Port Mode—trunk

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • MAC Limit—no default provided

  • MAC Limit Action—no default provided

  • Allowed MAC List—no default provided

Switched Downlink service type has the following default settings:

  • CoS Profile—juniper_DC_Hier_Ethernet_CoS (for Hierarchical port scheduling), juniper_DC_NonHier_CoS_Fusion (for Non-Hierarchical (Fusion) port scheduling), and juniper_DC_Hier_Fusion_CoS (for Hierarchical (Fusion) port scheduling)

  • Family Type—switching

  • Port Mode—trunk

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • MAC Limit—no default provided

  • MAC Limit Action—no default provided

  • Allowed MAC list—no default provided

Server Port service type has the following default settings:

  • CoS Profile—juniper_DC_Hier_Ethernet_CoS (for Hierarchical port scheduling), juniper_DC_NonHier_CoS_Fusion (for Non-Hierarchical (Fusion) port scheduling), and juniper_DC_Hier_Fusion_CoS (for Hierarchical (Fusion) port scheduling)

  • Family Type—switching

  • Port Mode—trunk

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—no default provided

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • MAC Limit—no default provided

  • MAC Limit Action—no default provided

  • Allowed MAC list—no default provided

FCoE Transit Port service type has the following default settings:

  • Port Type—Ethernet Port

  • CoS Profile—juniper_DC_Hier_CoS (for Hierarchical port scheduling), juniper_DC_NonHier_CoS_ELS (for Non-Hierarchical port scheduling), juniper_DC_NonHier_CoS_Fusion (for Non-Hierarchical (Fusion) port scheduling), and juniper_DC_Hier_Fusion_CoS (for Hierarchical (Fusion) port scheduling)

  • Family Type—switching

  • Port Mode—trunk

  • Filters—no default provided

  • VLAN Options—no default provided

  • DCBX Version—Auto

  • Disable DCBX—disabled

  • Disable Priority Flow Control—disabled

  • ETS No Auto Negotiation—disabled

  • Recommendation TVL—no default provided

  • Auto Negotiation—disabled

  • Flow Control—disabled

  • Maximum Size—2500

  • Speed—no default provided

  • Link Mode—no default provided

  • Port Security—enabled

  • FCoE Trusted—enabled

  • MAC Limit—no default provided

  • MAC Limit Action—no default provided

  • Allowed MAC List—no default provided

Family Type: Switching or

Routing

The available settings and defaults for these options depend on the Service Type you selected.

This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, indicate whether the interface operates as a Layer 2 (Switching) or a Layer 3 (Routing) interface.

Tip:

Service Type must be set to Custom to configure a routing interface.

If you select routing, you configure an IP address on a per-interface basis when you assign the profile to individual interfaces.

Port Mode for switching interfaces only

This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, select the port mode for the interface, either Access or Trunk.

  • Access—Use for interfaces that connect to an end device, such as a desktop computer, an IP telephone, a printer, or a security camera. The interface must belong to a single VLAN. Frames sent and received over the over the interface are untagged Ethernet frames.

  • Trunk—Use for interfaces that connect to a switch or router. Trunk interfaces can belong to more than one VLAN, enabling VLAN traffic to be multiplexed on a single physical interface. The Ethernet frames sent and received over the interface are tagged frames, in which IEEE 802.1Q tagging is used to segregate the traffic from each VLAN.

Port Type

For Data Center ELS profiles, the port type is always Ethernet Port.

VLAN Options

Available VLAN options depend on the Service Type selected.

Member VAN (available for Switched Uplink, Switched Downlink,Server Port,FCoE Transit Port, Custom)

Click All if you want to assign an interface to all the VLANs.

This option is enabled when Port Mode is Trunk.

Member VLANs

(available for Desktop Port, Desktop Phone Port, Switched Uplink, Switched Downlink, Server Port, Custom Port)

Select a VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. The VLAN is added to the Member VLANS list.

Or

Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK.

Voice VLAN

(available for Desktop Phone Port, Custom Port)

Select a voice VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. The VLAN is added to the Member VLANS list.

Or

Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK.

Native VLAN (available for Switched Uplink, Switched Downlink)

Select a native VLAN for the interface by clicking Select, selecting one of the listed VLANs, and then clicking OK. The VLAN is added to the Member VLANs list.

Or

Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK.

Member VLAN

(Access ports only) Select a VLAN profile for the interface from a list of existing profiles by clicking Select.

Member VLANs

(Trunk ports only) Select a set of VLAN profiles for the interface from a list of existing profiles by using the Add and Remove functions.

Native VLAN

(Trunk ports only) Select a native VLAN profile for the interface from a list of existing profiles by clicking Select.

DCBX Settings

Data Center Bridging Capability Exchange protocol is a discovery and exchange protocol for conveying configuration and capabilities among network neighbors to ensure consistent configuration across the network. It is an extension of the Link Layer Data Protocol (LLDP, described in IEEE 802.1AB).

The defaults for these settings depend on the Service Type you selected.

DCBX Version

Select one of the following versions of the Data Center Bridging Capability Exchange protocol:

  • Auto–automatic configuration

  • DCBX v1.01—The Converged Enhanced Ethernet (CEE) version of DCBX. It has a subtype of 2 and an IEEE DCBX Organizationally Unique Identifier (OUI) of 0x001b21.

  • IEEE DCBX—The newest DCBX version. Different TLVs have different subtypes (for example, the subtype for the ETS configuration TLV is 9); the OUI is 0x0080c2.

Disable DCBX

Select this option to turn off Data Center Bridging Capability Exchange protocol.

Disable Priority Flow Control

Select this option to turn off priority flow control.

Priority-based flow control (PFC) is a link-level flow control mechanism defined by IEEE 802.1Qbb that enables independent flow control for each class of service (as defined in the 3-bit CoS field of the Ethernet header by IEEE 802.1Q tags) to ensure that no frame loss from congestion occurs in DCB networks.

ETS No Auto Negotiation

Select this option to turn off ETS autonegotiation.

Enhanced transmission selection (ETS) is a mechanism that provides finer granularity of bandwidth management within a link.

Recommendation TLV

Select either Enable TLV or Disable TLV.

The enhanced transmission selection (ETS) Recommendation TLV communicates the ETS settings that the switch wants the connected peer interface to use. If the peer interface is willing, the peer interface changes its configuration to match the configuration in the ETS Recommendation TLV. By default, the switch interfaces send the ETS Recommendation TLV to the peer. The settings communicated are the egress ETS settings defined by configuring hierarchical scheduling on the interface.

After providing the information in the fields listed in Table 5, click Done.

To use default Port profile Custom Setup settings, click Done. To configure Custom Setup settings, click Custom Setup and then provide the information in Table 7 and then click Done.

Clicking Done in either case displays the dialog Do you want to assign Port Profile to Ports. Click Yes to create a profile assignment; else click No to navigate to the Manage Port Profile page and to create the Port assignment later on.

Table 7: Port Profile Custom Setup Settings for Data Center Switching ELS

Field

Action

Advanced Settings

Expand Advanced Settings to configure link settings and port security. The Link Setting in Port profile is disabled by default. On enabling Link Settings, autonegotiation and flow control are enabled by default.

Enable Auto Negotiation

Autonegotiation of link speed and duplex mode is enabled by default; clear to disable autonegotiation.

If you disable autonegotiation, you must set link speed and link mode.

You cannot disable autonegotiation if a link speed of 1 Gbps is configured. This configuration might be accepted, but autonegotiation will not be disabled.

Note:

This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface.

Enable Flow Control

Select to enable flow control on the interface, which permits the switch suspend packet transmission for a set period of time in response to a PAUSE frame sent by a congested switch.

Flow control applies only to links operating at 1 Gbps, full-duplex mode.

MTU

Using the arrows, indicate the maximum transmission unit (MTU), which is the maximum size of Ethernet frames sent by the interface. To calculate the MTU, add 14 bytes overhead to the maximum payload you want sent.

Range: 256 through 9216 bytes

Speed

Select the link speed.

If you select a link speed when autonegotiation is enabled, autonegotiation remains enabled and the interface will advertise the link speed that you specify as its maximum link speed.

Note:

This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface.

Link Mode

Select the duplex mode, either Automatic, Full Duplex, or Half Duplex. Select Automatic to enable autonegotiation when autonegotiation is disabled.

Note:

This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface.

You cannot select Half Duplex with link speed set to Autonegotiation or 1 Gbps.

Storm Control Settings

Enabling storm control on a switching device monitors traffic levels and drops broadcast, multicast, and unknown unicast packets when a specified traffic level—called the storm control level or storm control bandwidth—is exceeded, thus preventing packets from proliferating and degrading the LAN.

You can customize the storm control level for a specific interface by explicitly configuring either bandwidth or level.

Note:

You cannot configure both bandwidth and level for the same interface.

Unit

  • Percentage—Configures the storm control level as a percentage of the available bandwidth used by the combined applicable traffic streams that are subject to storm control on that interface.

    The level can be set from 0% to 100%, where 0% indicates that the entire traffic is being suppressed and 100% indicates no traffic is being suppressed, in other words there is no storm control.

    The default level is 80%.

  • Kbps—Configures the storm control level as the bandwidth in kilobits per second (Kbps) of the applicable traffic streams on that interface.

    Set the bandwidth from 100 through 10,000,000 in Kbps. When you configure storm control bandwidth, the value you configure is rounded off internally to the closest multiple of 64 Kbps, and the rounded-off value represents the bandwidth that is actually used. For example, if you configure a bandwidth limit of 150 Kbps, storm control uses a bandwidth limit of 128 Kbps.

Value

Configures the traffic storm control threshold level value as a percentage of bandwidth or bandwidth in kilobits per second depending upon the specified unit.

No broadcast

Select this option to enable storm control for no broadcast traffic on a specific interface or on all interfaces.

No unknown broadcast

Select this option to enable storm control for no unknown broadcast traffic on a specific interface or on all interfaces.

No multicast

Select this option to enable storm control for no multicast traffic on a specific interface or on all interfaces.

No registered multicast

Select this option to enable storm control for no registered multicast traffic on a specific interface or on all interfaces.

No unregistered multicast

Select this option to enable storm control for no unregistered multicast traffic on a specific interface or on all interfaces.

Power over Ethernet (PoE)

You can enable PoE and display the configuration options by enabling Configure Power over Ethernet.

Configure Power over Ethernet

Enable to configure PoE settings.

If you do not enable this option, Network Director does not send any PoE configuration commands to the device when the profile is deployed on the device. For example, if PoE is enabled on an interface, it remains enabled. On EX Series switches, the factory-default configuration enables PoE on all interfaces that support PoE.

If you enable this option, the PoE settings in this profile is deployed on the interfaces that support PoE. If you assign this Port profile to interfaces that do not support PoE, the profile is deployed successfully on those interfaces, but the PoE settings will not take effect.

Maximum Power (W)

Use the arrows to adjust the maximum PoE power in watts allocated to a PoE port. The powered device cannot draw more power than the wattage specified. If it does so, PoE power to the port is shut down. Maximum power for PoE is 15.4W, Extended PoE is 18.6W and PoE+ is 30W.

The Maximum Power setting has no effect when the PoE management mode for a switch or line card is class mode, which is the default mode. In class mode, the power allocated to a PoE port is determined either by LLDP negotiation with the powered device or by the PoE class of the powered device if LLDP is not supported.

You must set the PoE power management mode for the switch or line card to static mode for the Maximum Power setting to take effect. Do this in the Device Common Settings profile.

If you specify a maximum wattage that is greater than the maximum wattage that can be supplied by the port, your configuration is accepted when the Port profile is deployed on the port. However, the maximum wattage is set to the port’s maximum supported wattage. The maximum supported wattages for PoE ports are:

  • 15.4W for ports that support IEEE 802.3af only

  • 18.6W for IEEE 802.3af ports on switches that support enhanced PoE

  • 30W for ports that support IEEE 802.3at

Default: 15.4W

Priority

Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by port number—ports with a lower port number have a higher power priority.

Default: low priority

Disable PoE

Select to disable PoE on the interfaces using this Port profile.

Port Security (Switching Interfaces Only)

Select to enable port security (default); clear to disable port security.

When port security is enabled, you can configure port security options such as learned MAC address limits on an interface. When port security is disabled, no port security is applied to the interface, including the default port security options.

Trust DHCP

Select to permit messages from a DHCP server to be received on the interface—this is the default. Clear to block all messages from a DHCP server from being received on the interface.

Tip:

For this port security feature to work, DHCP snooping must be enabled on the VLAN the interface belongs to. You can enable DHCP snooping on the VLAN in the VLAN profile. For directions, see Creating and Managing VLAN Profiles.

FCoE Trusted

Select to configure the interface to trust Fibre Channel over Ethernet (FCoE) traffic. If an interface is connected to another switch such as an FCoE forwarder (FCF) or a transit switch, you can configure the interface as trusted so that the interface forwards FCoE traffic from the switch to the FCoE devices without installing FIP snooping filters.

MAC Limit

Type the number of MAC address that can be dynamically learned on the interface.

Range: 1 through 163839

Default: For Desktop Ports, 1. For Desktop Phone Ports, 2. For all others, none.

MAC Limit Action

Select the action to be taken if the MAC address limit is exceeded:

  • Drop—Drop any packet with a previously unlearned MAC address and generate a system log entry, and SNMP trap, or an alarm. This is the default for a Desktop Port and Desktop Phone Ports.

  • Log—Accept packets with new MAC addresses and learn the addresses, but generate a system log entry, and SNMP trap, or an alarm.

  • Shutdown—Shut down the interface and generate a system log message, SNMP trap, or an alarm.

    If an interface is shut down because the MAC address limit has been exceeded, you must use the CLI command clear ethernet-switching port-error interface name to clear the error and bring the interface back into service.

    Tip:

    You can use the CLI to configure auto-recovery on an interface that has been shut down by a MAC limit error.

  • None—No action. This selection effectively disables MAC address limiting on the interface. This is the default for Switched Uplink Ports, Switched Downlink Ports, and Server Ports.

Allowed MAC List

Indicate the MAC addresses of devices that are allowed access to the interface in the Allowed MAC List. Any device whose MAC address does not match an address in the list will not be allowed access to the interface. A list with no entries means that a client with any MAC address is permitted to access the interface.

To enter a MAC address, click Add and then type the MAC addresses in the field provided. Enter MAC addresses as two-character hexadecimal numbers separated by colons. Click Save to save the entry.

Note:

Configuring an allowed MAC address list does not block the switch from receiving Layer 2 control packets—such as Link Layer Discovery Protocol (LLDP) packets—transmitted from MAC addresses that are not specified in the address list. Control packets do not undergo the MAC address check. However, the switch does not forward them to another destination.

Default: No entries

RSTP Settings

In addition to enabling or disabling the Spanning Tree Protocol (STP) as part of device profiles, this feature enables you to fine-tune STP by setting interfaces into edge, disable, or no-root-port states.

Edge

RSTP defines the concept of an edge port, which is a designated port that connects to non-STP-capable devices, such as PCs, servers, routers, or hubs that are not connected to other switches. Because edge ports connect directly to end stations, they cannot create network loops and can transition to the forwarding state immediately. You can manually configure edge ports, and a switch can also detect edge ports by noting the absence of communication from the end stations.

Disable

Disables the RSTP on interface.

Note:

Configuring interfaces to one of these states is not mandatory for ELS switches. Hence, the option Disable is not applicable for ELS switches and therefore not supported.

No Root Port

Configures an interface to be a spanning-tree designated port. If the bridge receives superior STP bridge protocol data units (BPDUs) on a root-protected interface, that interface transitions to a root-prevented STP state (inconsistency state) and the interface is blocked. This blocking prevents a bridge from being elected the root bridge. When the bridge stops receiving superior STP BPDUs on the root-protected interface, interface traffic is no longer blocked.

CoS Settings (All except Fibre Channel Type)

Click Select Cos Profile to choose from existing CoS profiles. The CoS configuration contained in the CoS profile is applied to the interfaces that the Port profile is assigned to when you deploy the configuration. Select the type of port scheduling for the CoS profile. Port scheduling depends on the device model. When you select a port scheduling type, Network Director displays the devices that support the selected port scheduling type. Click OK. Some preconfigured Service Types have a default CoS profile—see Service Types for details.

Or

Click Configure CoS settings to configure CoS profile. Select the type of port scheduling for the CoS profile. Port scheduling depends on the device model. When you select a port scheduling type, Network Director displays the devices that support the selected port scheduling type. See Creating and Managing Wired CoS Profiles for steps to configure a CoS profile.

Authentication Settings (Desktop Port, Desktop Phone Port, Custom Port)

Select the Authentication profile for the interface from a list of existing profiles by clicking Select, selecting one of the listed profiles, and then clicking OK. By assigning an Authentication profile to the Port profile, you can enable 802.1x and captive portal authentication on interfaces.

If you do not specify an Authentication profile, the interface is an open port and no authentication is required to connect.

Note:

You cannot configure 802.1x authentication on aggregated Ethernet interfaces. If you attempt to deploy a Port profile that contains an Authentication profile on an aggregated Ethernet interface, the deployment fails.

Or

Click Configure Authentication Settings to configure 802.1x and captive portal authentications. See Creating and Managing Authentication Profiles for steps to configure the authentication profile.

Filter Settings (available for all Service Types, including Custom for routing)

  • Ingress Filter

    Select an Ingress Filter for the interface by clicking Select, selecting one of the listed filters, and then clicking OK.

  • Egress Filters

    Select an Egress Filter for the interface by clicking Select, selecting one of the listed filters, and then clicking OK.

VRRP Settings (available when Service Type is Custom and Family Type is Routing)

Select the VRRP profile for the interface from a list of existing profiles by clicking Select. Select one of the listed profiles, and then click OK.

Clicking Done displays the dialog Do you want to assign Port Profile to Ports. click Yes to create a profile assignment else click No to navigate to the Manage Port Profile page and to create the Port assignment later.

What to Do Next

After you create a Port profile, you can assign it to interfaces or members of port groups. During this process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as which Access profile to use for all ports on the device. For more information, see Assigning and Unassigning Port Profiles from Interfaces.