Creating and Managing Port Profiles
Port profiles provide a way to provision multiple switch interfaces, including Ethernet interfaces on EX Series switches and Campus Switching ELS. In a Port profile, you can define a set of attributes to be shared by multiple interfaces. For example, you can create a Port profile for all access interfaces that connect to VoIP desk phones, configuring the appropriate class-of-service (CoS), authentication, and port security settings for these interfaces in the Port profile. You then assign the Port profile to those interfaces and deploy the resulting configuration on the interfaces.
Port profiles define only shared attributes. To enable you to configure specific attributes for an interface or a switch during the process of assigning a Port profile to an interface, the Create Port profile wizard provides two setup options: Quick Setup and Custom Setup. The Quick Setup option enables you to create initial configuration settings for a Port profile including selecting or create inline VLAN profile. The Custom Setup option enables you to configure all the advanced settings and create any inline sub-profiles. In Custom Setup option, apart from selecting the existing VLAN, CoS, and authentication sub-profiles, you can also create these sub-profiles.
Ports that are involved in EVPN-VXLAN is not configured through port profile. Else, it renders EVPN-VXLAN defunct.
If you switch from Quick Setup to Custom Setup, all the configuration settings are saved. However, if you switch from Custom Setup to Quick Setup, all the advanced settings done in the Custom Setup are lost.
To manage or create Port profiles: In Build mode, select Port from Profiles in the Tasks pane. The Manage Port Profile page appears.
This topic describes:
Managing Port Profiles
Use the Manage Port Profiles page to manage existing Port profiles and to create new ones. Port profiles enable the definition and application of a common set of attributes to interfaces.
From the Manage Port Profiles page, you can:
Create a new profile by clicking Add. For details, see Creating Port Profiles.
Modify an existing profile by selecting it and clicking Edit.
Associate a Port profile to specific interfaces by selecting it and clicking Assign.
During the assignment process, you can choose to configure interface-specific settings, such as IP address.
Change a Port profile’s current interface assignments by selecting it and clicking Edit Assignments. This opens the Edit assignments for profile-name page, which displays the assignment state and other details of the interfaces in a grid layout. After editing an assignment, and click Apply. The Edit Profile Assignment Job Details window opens, which reports the status of the interface assignment that you edited.
View information about a profile, including the interfaces it is associated with, by selecting the profile and clicking Details or by clicking the profile name, which opens the Profiles Details page. This page displays the profile details and the interface associations in a grid layout. It also has an option using which you can search profiles associated with a device and filter devices. Click Show Filters to filter an interface based on its IP address, serial number, type, or location or custom group.
Perform the search for the following:
A Port profile for a specific device by specifying the device details in the search field.
A port profile that is assigned to a specific port on a device. In this case, you must first enter the device details and then specify the port details in the search field to view the port profile.
Port profiles that are assigned to interfaces that are part of the same VLAN. When you specify the VLAN name in the search field, all the Port profiles that are part of the same VLAN are listed in the table.
Delete profiles by selecting the profiles and clicking Delete.
Tip:You cannot delete profiles that are in use—that is, assigned to objects or used by other profiles. To see the current assignments for a profile, click the profile name.
Clone a profile by selecting a profile and clicking Clone.
Network Director provides a set of default Port profiles: Desktop Port, Desktop and Phone Port, Server Port, Switched Downlink, Switched Uplink, and Custom Port. These profiles contain configuration appropriate for the named port role. You can manage these profiles the same way that you manage a user-created profile. For more information about these profiles, see Understanding Port Profiles.
Table 1 describes the information provided about Port profiles on the Manage Port Profiles page. This page lists all Port profiles defined for your network, regardless of your current selected scope in the network view.
Column |
Description |
---|---|
Profile Name |
Name given to the profile when the profile was created. Click the profile name to view profile details. A next to the profile name indicates that the profile is assigned to a port using an auto assignment policy. For more details on auto assignment policies, see Managing Auto Assignment Policies. |
Family Type |
One of the following:
|
Description |
Description of the Port profile that was entered when the profile was created. |
Port Family |
One of the following:
|
VLANs |
Name of the member VLANs configured or referenced for that Port profile. |
Assignment State |
One of the following states:
|
Creation Time |
Date and time when the profile was created. |
Last Updated Time |
Date and time when the profile was last modified. |
Assigned to Devices |
Number of devices to which the Port profile is assigned. Click on the link to view the profile details. |
Assigned to Port |
Number of ports to which the Port profile is assigned. Click on the link to view the profile details. |
Assigned to |
Number of port assignments and device associations for a profile. |
User Name |
The username of the user who created or modified the profile. |
All columns might not be currently displayed. To show or hide fields in the table, click the down arrow on the field header, select Columns, and select or clear the check box adjacent to the field that you want to show or hide.
Creating Port Profiles
To create a Port profile for EX Series switches, Campus Switching ELS, or Data Center Switching ELS:
Specifying Settings for an EX Switching Port Profile
Use the Create Port Profile page to define a common set of port attributes, which you can then apply to a group of interfaces. These directions address creating a Port profile for EX Series switches.
You can reference a VLAN profile, CoS profile, Ingress Filter profile, Egress Filter profile, and an Authentication profile in a Port profile. You can either create these profiles in their respective profile pages before you create Port profiles or you can create these profiles as in-line sub-profiles while configuring Port profiles. You can also enable power over Ethernet (PoE).
After you create a Port profile, you assign it to individual interfaces or to members of a port group. During this process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as the Access profile to use for all ports on the device. You can assign only one Port profile to an interface.
Table 2 describes the Quick Setup settings available in a Port profile. Table 3 describes the Custom Setup settings. The defaults for these options depend on the Service Type you select.
Field |
Action |
---|---|
Profile Name |
A default name that corresponds to the Service Type is displayed—when you change the Service Type, this default profile name changes. You can also change the name of profile, using up to 64 alphanumeric characters and no special characters other than the underscore. The name must be unique among Port profiles. |
Description |
A default description of the preconfigured service types appears by default. You can change the description of the Port profile, which appears on the Manage Port Profiles page. You can use up to 256 characters. |
Service Type |
Select one the preconfigured switching options, Desktop Port, Desktop Phone Port, Printer Port, Switched Uplink, Switched Downlink, or Server Port. To create your own switching or routing service type, select Custom. Tip:
No preconfigured routing Service Types are provided. You must create them using the Custom option. |
Desktop Port default service type has the following default settings:
|
|
Desktop Phone Port preconfigured service type has the following default settings:
|
|
Printer Port preconfigured service type has the following default settings:
|
|
Switched Uplink preconfigured service type has the following default settings:
|
|
Switched Downlink preconfigured service type has the following default settings:
|
|
Server Port preconfigured service type has the following default settings:
|
|
Family Type |
This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, indicate whether the interface operates as a Layer 2 (Switching) or a Layer 3 (Routing) interface. Tip:
All preconfigured Service Types are for switching. If you select Routing, you configure an IP address on a per-interface basis when you assign the profile to individual interfaces. Tip:
Service Type must be set to Custom to configure a routing interface. |
Port Mode |
This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, select the port mode for the EX Series switching interface, either Access, Trunk, or Tagged Access.
|
VLAN Options Available VLAN options depend on the Service Type selected. |
|
Member VLAN (available for Switched Uplink, Switched Downlink, Server Port) |
Click All if you want to assign an interface to all the VLANs. This option is enabled when Port Mode is Trunk or TaggedAccess. |
Member VLANs (available for Desktop Port, Desktop Phone Port, Switched Uplink, Switched Downlink, Server Port, , Custom Port) |
Select a VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. The VLAN is added to the Member VLANS list. Or Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK. |
Voice VLAN (available for Desktop Phone Port, Custom Port) |
Select a voice VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. The VLAN is added to the Member VLANS list. Or Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN Name and ID and click OK. |
Native VLAN (available for Switched Uplink, Switched Downlink) |
Select a native VLAN for the interface by clicking Select, selecting one of the listed VLANs, and then clicking OK. The VLAN is added to the Member VLANs list. Or Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK. |
After providing the information in the fields listed in the preceding, click Done.
To use default Port Profile Custom Setup settings, click Done. To configure Custom Setup settings, click Custom Setup and then provide the information in Table 3 and then click Done.
Clicking Done in either case displays the dialog Do you want to assign Port Profile to Ports. Click Yes to create a profile assignment; else click No to navigate to the Manage Port Profile page and to create the Port assignment later on.
Field |
Action |
---|---|
Advanced Settings Expand Advanced Settings to configure link settings and port security. The Link Setting in Port profile is disabled by default. On enabling Link Settings, autonegotiation and flow control are enabled by default. |
|
Enable Auto Negotiation |
Autonegotiation of link speed and duplex mode is enabled by default; clear to disable autonegotiation. If you disable autonegotiation, you must set link speed and link mode. You cannot disable autonegotiation if a link speed of 1 Gbps is configured. This configuration might be accepted, but autonegotiation is not disabled. Note:
This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Enable Flow Control |
Select to enable flow control on the interface, which permits the switch suspend packet transmission for a set period of time in response to a PAUSE frame sent by a congested switch. Flow control applies only to links operating at 1 Gbps, full-duplex mode. |
MTU |
Using the arrows, indicate the maximum transmission unit (MTU), which is the maximum size of Ethernet frames sent by the interface. To calculate the MTU, add 14 bytes overhead to the maximum payload you want sent. Range: 256 through 9216 bytes |
Speed |
Select the link speed. If you select a link speed when autonegotiation is enabled, autonegotiation remains enabled and the interface advertises the link speed that you specify as its maximum link speed. Note:
This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Link Mode |
Select the duplex mode, either Automatic, Full Duplex, or Half Duplex. Select Automatic to enable autonegotiation when autonegotiation is disabled. Note:
This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. You cannot select Half Duplex with link speed set to Autonegotiation or 1 Gbps. |
Storm Control Settings Enabling storm control on a switching device monitors traffic levels and drops broadcast, multicast, and unknown unicast packets when a specified traffic level—called the storm control level or storm control bandwidth—is exceeded, thus preventing packets from proliferating and degrading the LAN. You can customize the storm control level for a specific interface by explicitly configuring either bandwidth or level. Note:
You cannot configure both bandwidth and level for the same interface. |
Unit
Value Configures the traffic storm control threshold level value as a percentage of bandwidth or bandwidth in kilobits per second depending upon the specified unit. No broadcast Select this option to enable storm control for no broadcast traffic on a specific interface or on all interfaces. No unknown broadcast Select this option to enable storm control for no unknown broadcast traffic on a specific interface or on all interfaces. No multicast Select this option to enable storm control for no multicast traffic on a specific interface or on all interfaces. |
Power over Ethernet
(PoE) You can enable PoE and display the configuration options by enabling Configure Power over Ethernet. |
|
Configure Power over Ethernet |
Enable to configure PoE settings. If you do not enable this option, Network Director does not send any PoE configuration commands to the device when the profile is deployed on the device. For example, if PoE is enabled on an interface, it remains enabled. On EX Series switches, the factory-default configuration enables PoE on all interfaces that support PoE. If you enable this option, the PoE settings in this profile is deployed on the interfaces that support PoE. If you assign this Port profile to interfaces that do not support PoE, the profile is deployed successfully on those interfaces, but the PoE settings do not take effect. |
Maximum Power (W) |
Use the arrows to adjust the maximum PoE power in watts allocated to a PoE port. The powered device cannot draw more power than the wattage specified. If it does so, PoE power to the port is shut down. Maximum power for PoE is 15.4W, Extended PoE is 18.6W and PoE+ is 30W. The Maximum Power setting has no effect when the PoE management mode for a switch or line card is class mode, which is the default mode. In class mode, the power allocated to a PoE port is determined either by LLDP negotiation with the powered device or by the PoE class of the powered device if LLDP is not supported. You must set the PoE power management mode for the switch or line card to static mode for the Maximum Power setting to take effect. Do this in the Device Common Settings profile. If you specify a maximum wattage that is greater than the maximum wattage that can be supplied by the port, your configuration is accepted when the Port profile is deployed on the port. However, the maximum wattage is set to the port’s maximum supported wattage. The maximum supported wattages for PoE ports are:
Default: 15.4W |
Priority |
Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by the port number—ports with a lower port number have a higher power priority. Default: low priority |
Disable PoE |
Select to disable PoE on the interfaces using this Port profile. |
Port Security
(Switching Interfaces Only) Select to enable port security (default); clear to disable port security. When port security is enabled, you can configure port security options such as learned MAC address limits on an interface. When port security is disabled, no port security is applied to the interface, including the default port security options. |
|
Trust DHCP |
Select to permit messages from a DHCP server to be received on the interface—this is the default. Clear to block all messages from a DHCP server from being received on the interface. Tip:
For this port security feature to work, DHCP snooping must be enabled on the VLAN the interface belongs to. You can enable DHCP snooping on the VLAN in the VLAN profile. For directions, see Creating and Managing VLAN Profiles. |
MAC Limit |
Type the number of MAC address that can be dynamically learned on the interface. Range: 1 through 163,839 Default: For Desktop Ports, 1. For Desktop Phone Ports, 2. For all others, none. |
MAC Limit Action |
Select the action to be taken if the MAC address limit is exceeded:
|
Allowed MAC List |
Indicate the MAC addresses of devices that are allowed access to the interface in the Allowed MAC List. Any device whose MAC address does not match an address in the list is not allowed access to the interface. A list with no entries means that a client with any MAC address is permitted to access the interface. To enter a MAC address, click Add and then type the MAC addresses in the field provided. Enter MAC addresses as two-character hexadecimal numbers separated by colons. Click Save to save the entry. Note:
Configuring an allowed MAC address list does not block the switch from receiving Layer 2 control packets—such as Link Layer Discovery Protocol (LLDP) packets—transmitted from MAC addresses that are not specified in the address list. Control packets do not undergo the MAC address check. However, the switch does not forward them to another destination. Default: No entries |
RSTP Settings In addition to enabling or disabling the Spanning Tree Protocol (STP) as part of device profiles, this feature enables you to fine-tune STP by setting interfaces into edge, disable, or no-root-port states. |
Edge RSTP defines the concept of an edge port, which is a designated port that connects to non-STP-capable devices, such as PCs, servers, routers, or hubs that are not connected to other switches. Because edge ports connect directly to end stations, they cannot create network loops and can transition to the forwarding state immediately. You can manually configure edge ports, and a switch can also detect edge ports by noting the absence of communication from the end stations. Disable Disables the RSTP on interface. Note:
Configuring interfaces to one of these states is not mandatory for ELS switches. Hence, the option Disable is not applicable for ELS switches and therefore not supported. No Root Port Configures an interface to be a spanning-tree designated port. If the bridge receives superior STP bridge protocol data units (BPDUs) on a root-protected interface, that interface transitions to a root-prevented STP state (inconsistency state) and the interface is blocked. This blocking prevents a bridge from being elected the root bridge. When the bridge stops receiving superior STP BPDUs on the root-protected interface, interface traffic is no longer blocked. |
CoS Settings |
Click Select Cos Profile to choose from existing CoS profiles. The CoS configuration contained in the CoS profile is applied to the interfaces that the Port profile is assigned to when you deploy the configuration. Click OK. Some preconfigured Service Types have a default CoS profile—see the description for Service Types field for details. Or Click Configure CoS settings to configure CoS profile. See Creating and Managing Wired CoS Profiles for steps to configure a CoS profile. |
Authentication Settings (Desktop Port, Desktop Phone Port, Custom Port) |
Select the Authentication profile for the interface from a list of existing profiles by clicking Select, selecting one of the listed profiles, and then clicking OK. By assigning an Authentication profile to the Port profile, you can enable 802.1x and captive portal authentication on interfaces. If you do not specify an Authentication profile, the interface is an open port and no authentication is required to connect. Note:
You cannot configure 802.1x authentication on aggregated Ethernet interfaces. If you attempt to deploy a Port profile that contains an Authentication profile on an aggregated Ethernet interface, the deployment fails. Or Click Configure Authentication Settings to configure 802.1x and captive portal authentications. See Creating and Managing Authentication Profiles for steps to configure the authentication profile. |
Filter Settings (available for all Service Types, including Custom for routing) |
|
VRRP Settings (available when Service Type is Custom and Family Type is Routing) |
Select the VRRP profile for the interface from a list of existing profiles by clicking Select. Select one of the listed profiles, and then click OK. |
If you configured Custom Setup settings, click Done. Upon clicking Done displays the dialog Do you want to assign Port Profile to Ports?
. Click Yes to create a profile assignment else click No to create the profile and navigate to the Manage Port Profile page
to create the Port assignment later.
Specifying Settings for a Campus Switching ELS Port Profile
Use the Create Port Profile page to define a common set of port attributes in a Port profile. You can then apply the Port profile to interfaces on a group of Campus Switching ELS devices.
You can reference a VLAN profile, CoS profile, Ingress Filter profile, Egress Filter profile, and an Authentication profile in a Port profile. You can either create these profiles in their respective profile pages before you create Port profiles or you can create these profiles as in-line sub-profiles while configuring Port profiles. You can also enable power over Ethernet (PoE).
After you create a Port profile, you can assign it to individual interfaces or to members of a Port group. During this assignment process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as the Access profile to use for all ports on the device. You can assign only one Port profile to an interface.
Table 4 describes the Quick Setup settings available in a Port profile. Table 5 describes the Custom Setup settings. The defaults for these options depend on the Service Type you select.
Field |
Action |
---|---|
Profile Name |
Type the name of profile by using up to 64 alphanumeric characters and no special characters other than the underscore. The name must be unique among Port profiles. |
Description |
Type a description of the Port profile, which appears on the Manage Port Profiles page. You can use up to 256 characters. |
Service Type |
Select one the preconfigured options Desktop Port, Desktop Phone Port, Printer Port, Switched Uplink, Switched Downlink, or Server Port. To create your own service type, select Custom. |
Desktop Port service type has the following default settings:
|
|
Desktop Phone Port service type has the following default settings:
|
|
Printer Port preconfigured service type has the following default settings:
|
|
Switched Uplink service type has the following default settings:
|
|
Switched Downlink service type has the following default settings:
|
|
Server Port service type has the following default settings:
|
|
Port Family Options The available settings and defaults for these options depend on the Service Type you selected. |
|
Family Type: Switching or Routing |
This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, indicate whether the interface operates as a Layer 2 (Switching) or a Layer 3 (Routing) interface. Tip:
Service Type must be set to Custom to configure a routing interface. If you select routing, you configure an IP address on a per-interface basis when you assign the profile to individual interfaces. |
Port Mode for switching interfaces only |
This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, select the port mode for the interface, either Access, Trunk, or Tagged Access.
|
VLAN Options Available VLAN options depend on the Service Type selected. VLAN association is required for Campus Switching ELS. |
|
Member VLAN (Switched Uplink, Switched Downlink, Server Port) |
Click All if you want to assign an interface to all the VLANs. This option is enabled when Port Mode is Trunk or TaggedAccess. |
Member VLAN (all Service Types) |
This configuration is for one VLAN. Select a VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. Or Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK. |
Voice VLAN (Desktop Phone Port, Custom Port) |
This configuration is for one VLAN. Select a voice VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. Or Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK. |
Native VLAN (Switched Uplink, Switched Downlink) |
Select a native VLAN for the interface by clicking Select, selecting one of the listed VLANs, and then clicking OK. The VLAN is added to the Member VLANs list. Or Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK. |
Power over Ethernet (PoE) | |
Configure Power over Ethernet |
Enable to configure PoE settings. If you do not enable this option, Network Director does not send any PoE configuration commands to the device when the profile is deployed on the device. For example, if PoE is enabled on an interface, it remains enabled. If you enable this option, the PoE settings in this profile is deployed on the interfaces that support PoE. If you assign this Port profile to interfaces that do not support PoE, the profile can be deployed successfully on those interfaces, but the PoE settings do not take effect. Tip:
EX9200 switches do not support PoE. |
Maximum Power (W) |
Use the arrows to adjust the maximum PoE power allocated to a PoE port in watts. The powered device cannot draw more power than the wattage specified. If it does so, PoE power to the port is shut down. The Maximum Power setting has no effect when the PoE management mode for the switch or line card is class mode, which is the default mode. In class mode, the power allocated to a PoE port is determined either by LLDP negotiation with the powered device or by the PoE class of the powered device if LLDP is not supported. You must set the PoE power management mode for the switch or line card to static mode for the Maximum Power setting to take effect. You can do this in the Device Common Settings profile. If you specify a maximum wattage that is greater than the maximum wattage that can be supplied by the port, your configuration is accepted when the Port profile is deployed on the port. However, the maximum wattage is set to the port’s maximum supported wattage. The maximum supported wattages for PoE ports are:
Default: 15.4W |
Priority |
Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by port number—ports with a lower port number have a higher power priority. Default: low priority |
Disable PoE |
Select to disable PoE on the interface. |
After providing the information in the fields listed in Table 4, click Done.
To use default Port Profile Custom Setup settings, click Done. To configure Custom Setup settings, click Custom Setup and then provide the information in Table 5 and then click Done.
Clicking Done in either case displays the dialog Do you want to assign Port Profile to Ports. Click Yes to create a profile assignment; else click No to navigate to the Manage Port Profile page and to create the Port assignment later on.
Field |
Action |
---|---|
Advanced Settings Expand Advanced Settings to configure link settings and port security. The Link Setting in Port profile is disabled by default. On enabling Link Settings, autonegotiation and flow control are enabled by default. |
|
Enable Auto Negotiation |
Autonegotiation of link speed and duplex mode is enabled by default; clear to disable autonegotiation. If you disable autonegotiation, you must set link speed and link mode. You cannot disable autonegotiation if a link speed of 1 Gbps is configured. This configuration might be accepted, but autonegotiation will not be disabled. Note:
This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Enable Flow Control |
Select to enable flow control on the interface, which permits the switch suspend packet transmission for a set period of time in response to a PAUSE frame sent by a congested switch. Flow control applies only to links operating at 1 Gbps, full-duplex mode. |
MTU |
Using the arrows, indicate the maximum transmission unit (MTU), which is the maximum size of Ethernet frames sent by the interface. To calculate the MTU, add 14 bytes overhead to the maximum payload you want sent. Range: 256 through 9216 bytes |
Speed |
Select the link speed. If you select a link speed when autonegotiation is enabled, autonegotiation remains enabled and the interface will advertise the link speed that you specify as its maximum link speed. Note:
This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Link Mode |
Select the duplex mode, either Automatic, Full Duplex, or Half Duplex. Select Automatic to enable autonegotiation when autonegotiation is disabled. Note:
This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. You cannot select Half Duplex with link speed set to Autonegotiation or 1 Gbps. |
Storm Control Settings Enabling storm control on a switching device monitors traffic levels and drops broadcast, multicast, and unknown unicast packets when a specified traffic level—called the storm control level or storm control bandwidth—is exceeded, thus preventing packets from proliferating and degrading the LAN. You can customize the storm control level for a specific interface by explicitly configuring either bandwidth or level. Note:
You cannot configure both bandwidth and level for the same interface. |
Unit
Value Configures the traffic storm control threshold level value as a percentage of bandwidth or bandwidth in kilobits per second depending upon the specified unit. No broadcast Select this option to enable storm control for no broadcast traffic on a specific interface or on all interfaces. No unknown broadcast Select this option to enable storm control for no unknown broadcast traffic on a specific interface or on all interfaces. No multicast Select this option to enable storm control for no multicast traffic on a specific interface or on all interfaces. No registered multicast Select this option to enable storm control for no registered multicast traffic on a specific interface or on all interfaces. No unregistered multicast Select this option to enable storm control for no unregistered multicast traffic on a specific interface or on all interfaces. |
Power over Ethernet
(PoE) You can enable PoE and display the configuration options by enabling Configure Power over Ethernet. |
|
Configure Power over Ethernet |
Enable to configure PoE settings. If you do not enable this option, Network Director does not send any PoE configuration commands to the device when the profile is deployed on the device. For example, if PoE is enabled on an interface, it remains enabled. On EX Series switches, the factory-default configuration enables PoE on all interfaces that support PoE. If you enable this option, the PoE settings in this profile is deployed on the interfaces that support PoE. If you assign this Port profile to interfaces that do not support PoE, the profile is deployed successfully on those interfaces, but the PoE settings will not take effect. |
Maximum Power (W) |
Use the arrows to adjust the maximum PoE power in watts allocated to a PoE port. The powered device cannot draw more power than the wattage specified. If it does so, PoE power to the port is shut down. Maximum power for PoE is 15.4W, Extended PoE is 18.6W and PoE+ is 30W. The Maximum Power setting has no effect when the PoE management mode for a switch or line card is class mode, which is the default mode. In class mode, the power allocated to a PoE port is determined either by LLDP negotiation with the powered device or by the PoE class of the powered device if LLDP is not supported. You must set the PoE power management mode for the switch or line card to static mode for the Maximum Power setting to take effect. Do this in the Device Common Settings profile. If you specify a maximum wattage that is greater than the maximum wattage that can be supplied by the port, your configuration is accepted when the Port profile is deployed on the port. However, the maximum wattage is set to the port’s maximum supported wattage. The maximum supported wattages for PoE ports are:
Default: 15.4W |
Priority |
Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by the port number—ports with a lower port number have a higher power priority. Default: low priority |
Disable PoE |
Select to disable PoE on the interfaces using this Port profile. |
Port Security
(Switching Interfaces Only) Select to enable port security (default); clear to disable port security. When port security is enabled, you can configure port security options such as learned MAC address limits on an interface. When port security is disabled, no port security is applied to the interface, including the default port security options. |
|
Trust DHCP |
Select to permit messages from a DHCP server to be received on the interface—this is the default. Clear to block all messages from a DHCP server from being received on the interface. Tip:
For this port security feature to work, DHCP snooping must be enabled on the VLAN the interface belongs to. You can enable DHCP snooping on the VLAN in the VLAN profile. For directions, see Creating and Managing VLAN Profiles. |
MAC Limit |
Type the number of MAC address that can be dynamically learned on the interface. Range: 1 through 163839 Default: For Desktop Ports, 1. For Desktop Phone Ports, 2. For all others, none. |
MAC Limit Action |
Select the action to be taken if the MAC address limit is exceeded:
|
Allowed MAC List |
Indicate the MAC addresses of devices that are allowed access to the interface in the Allowed MAC List. Any device whose MAC address does not match an address in the list will not be allowed access to the interface. A list with no entries means that a client with any MAC address is permitted to access the interface. To enter a MAC address, click Add and then type the MAC addresses in the field provided. Enter MAC addresses as two-character hexadecimal numbers separated by colons. Click Save to save the entry. Note:
Configuring an allowed MAC address list does not block the switch from receiving Layer 2 control packets—such as Link Layer Discovery Protocol (LLDP) packets—transmitted from MAC addresses that are not specified in the address list. Control packets do not undergo the MAC address check. However, the switch does not forward them to another destination. Default: No entries |
RSTP Settings In addition to enabling or disabling the Spanning Tree Protocol (STP) as part of device profiles, this feature enables you to fine-tune STP by setting interfaces into edge, disable, or no-root-port states. |
Edge RSTP defines the concept of an edge port, which is a designated port that connects to non-STP-capable devices, such as PCs, servers, routers, or hubs that are not connected to other switches. Because edge ports connect directly to end stations, they cannot create network loops and can transition to the forwarding state immediately. You can manually configure edge ports, and a switch can also detect edge ports by noting the absence of communication from the end stations. Disable Disables the RSTP on interface. Note:
Configuring interfaces to one of these states is not mandatory for ELS switches. Hence, the option Disable is not applicable for ELS switches and therefore not supported. No Root Port Configures an interface to be a spanning-tree designated port. If the bridge receives superior STP bridge protocol data units (BPDUs) on a root-protected interface, that interface transitions to a root-prevented STP state (inconsistency state) and the interface is blocked. This blocking prevents a bridge from being elected the root bridge. When the bridge stops receiving superior STP BPDUs on the root-protected interface, interface traffic is no longer blocked. |
CoS Settings |
Click Select Cos Profile to choose from existing CoS profiles. The CoS configuration contained in the CoS profile is applied to the interfaces that the Port profile is assigned to when you deploy the configuration. Click OK. Some preconfigured Service Types have a default CoS profile—see Service Types for details. Or Click Configure CoS settings to configure CoS profile. See Creating and Managing Wired CoS Profiles for steps to configure a CoS profile. |
Authentication Settings (Desktop Port, Desktop Phone Port, Custom Port) |
Select the Authentication profile for the interface from a list of existing profiles by clicking Select, selecting one of the listed profiles, and then clicking OK. By assigning an Authentication profile to the Port profile, you can enable 802.1x and captive portal authentication on interfaces. If you do not specify an Authentication profile, the interface is an open port and no authentication is required to connect. Note:
You cannot configure 802.1x authentication on aggregated Ethernet interfaces. If you attempt to deploy a Port profile that contains an Authentication profile on an aggregated Ethernet interface, the deployment fails. Or Click Configure Authentication Settings to configure 802.1x and captive portal authentications. See Creating and Managing Authentication Profiles for steps to configure the Authentication profile. |
Filter Settings (available for all Service Types, including Custom for routing) |
|
VRRP Settings (available when Service Type is Custom and Family Type is Routing) |
Select the VRRP profile for the interface from a list of existing profiles by clicking Select. Select one of the listed profiles, and then click OK. |
Clicking Done displays the dialog Do you want to assign Port Profile to Ports. Click Yes to create a profile assignment else click No to navigate to the Manage Port Profile page and to create the Port assignment later.
Click Done to save the Port profile for Campus Switching ELS.
Specifying Settings for a Data Center Switching ELS Port Profile
Use the Create Port Profile page to define a common set of port attributes in a Port profile. You can create a new Port profile from scratch, or select an appropriate Service Type and use the default settings that Network Director has defined for that service type to create a Port profile. You can then apply the Port profile to interfaces on a group of Data Center Switching ELS devices.
You can reference a VLAN profile, CoS profile, Ingress Filter profile, Egress Filter profile, and an Authentication profile in a Port profile. You can either create these profiles in their respective profile pages before you create Port profiles or you can create these profiles as in-line sub-profiles while configuring Port profiles.
After you create a Port profile, you can assign it to individual interfaces or to members of a Port group. During this assignment process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as the Access profile to use for all ports on the device. You can assign only one Port profile to an interface.
Table 6 describes the Quick Setup settings available in a Port profile. Table 7 describes the Custom Setup settings. The defaults for these options depend on the Service Type you select.
Field |
Action |
---|---|
Profile Name |
Type the name of profile by using up to 64 alphanumeric characters and no special characters other than the underscore. The name must be unique among Port profiles. |
Description |
Type a description of the Port profile, which will appear on Manage Port Profiles page. You can use up to 256 characters. |
Service Type |
Select one the preconfigured options Desktop Port, Switched Uplink, Switched Downlink, Server Port, or FCoE Transit Port. To create your own service type, select Custom. |
Desktop Port service type has the following default settings:
|
|
Switched Uplink service type has the following default settings:
|
|
Switched Downlink service type has the following default settings:
|
|
Server Port service type has the following default settings:
|
|
FCoE Transit Port service type has the following default settings:
|
|
Family Type: Switching or RoutingThe available settings and defaults for these options depend on the Service Type you selected. |
This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, indicate whether the interface operates as a Layer 2 (Switching) or a Layer 3 (Routing) interface. Tip:
Service Type must be set to Custom to configure a routing interface. If you select routing, you configure an IP address on a per-interface basis when you assign the profile to individual interfaces. |
Port Mode for switching interfaces only |
This setting cannot be changed if any preconfigured Service Type was selected. If you selected the Custom Service Type, select the port mode for the interface, either Access or Trunk.
|
Port Type |
For Data Center ELS profiles, the port type is always Ethernet Port. |
VLAN Options Available VLAN options depend on the Service Type selected. |
|
Member VAN (available for Switched Uplink, Switched Downlink,Server Port,FCoE Transit Port, Custom) |
Click All if you want to assign an interface to all the VLANs. This option is enabled when Port Mode is Trunk. |
Member VLANs (available for Desktop Port, Desktop Phone Port, Switched Uplink, Switched Downlink, Server Port, Custom Port) |
Select a VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. The VLAN is added to the Member VLANS list. Or Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK. |
Voice VLAN (available for Desktop Phone Port, Custom Port) |
Select a voice VLAN for the interface by clicking Select, selecting one of the listed filters, and then clicking OK. The VLAN is added to the Member VLANS list. Or Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK. |
Native VLAN (available for Switched Uplink, Switched Downlink) |
Select a native VLAN for the interface by clicking Select, selecting one of the listed VLANs, and then clicking OK. The VLAN is added to the Member VLANs list. Or Configure a VLAN by clicking Configure VLAN Settings and clicking Create. Enter the VLAN name and ID and click OK. |
Member VLAN |
(Access ports only) Select a VLAN profile for the interface from a list of existing profiles by clicking Select. |
Member VLANs |
(Trunk ports only) Select a set of VLAN profiles for the interface from a list of existing profiles by using the Add and Remove functions. |
Native VLAN |
(Trunk ports only) Select a native VLAN profile for the interface from a list of existing profiles by clicking Select. |
DCBX Settings Data Center Bridging Capability Exchange protocol is a discovery and exchange protocol for conveying configuration and capabilities among network neighbors to ensure consistent configuration across the network. It is an extension of the Link Layer Data Protocol (LLDP, described in IEEE 802.1AB). The defaults for these settings depend on the Service Type you selected. |
|
DCBX Version |
Select one of the following versions of the Data Center Bridging Capability Exchange protocol:
|
Disable DCBX |
Select this option to turn off Data Center Bridging Capability Exchange protocol. |
Disable Priority Flow Control |
Select this option to turn off priority flow control. Priority-based flow control (PFC) is a link-level flow control mechanism defined by IEEE 802.1Qbb that enables independent flow control for each class of service (as defined in the 3-bit CoS field of the Ethernet header by IEEE 802.1Q tags) to ensure that no frame loss from congestion occurs in DCB networks. |
ETS No Auto Negotiation |
Select this option to turn off ETS autonegotiation. Enhanced transmission selection (ETS) is a mechanism that provides finer granularity of bandwidth management within a link. |
Recommendation TLV |
Select either Enable TLV or Disable TLV. The enhanced transmission selection (ETS) Recommendation TLV communicates the ETS settings that the switch wants the connected peer interface to use. If the peer interface is willing, the peer interface changes its configuration to match the configuration in the ETS Recommendation TLV. By default, the switch interfaces send the ETS Recommendation TLV to the peer. The settings communicated are the egress ETS settings defined by configuring hierarchical scheduling on the interface. |
After providing the information in the fields listed in Table 5, click Done.
To use default Port profile Custom Setup settings, click Done. To configure Custom Setup settings, click Custom Setup and then provide the information in Table 7 and then click Done.
Clicking Done in either case displays the dialog Do you want to assign Port Profile to Ports. Click Yes to create a profile assignment; else click No to navigate to the Manage Port Profile page and to create the Port assignment later on.
Field |
Action |
---|---|
Advanced Settings Expand Advanced Settings to configure link settings and port security. The Link Setting in Port profile is disabled by default. On enabling Link Settings, autonegotiation and flow control are enabled by default. |
|
Enable Auto Negotiation |
Autonegotiation of link speed and duplex mode is enabled by default; clear to disable autonegotiation. If you disable autonegotiation, you must set link speed and link mode. You cannot disable autonegotiation if a link speed of 1 Gbps is configured. This configuration might be accepted, but autonegotiation will not be disabled. Note:
This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Enable Flow Control |
Select to enable flow control on the interface, which permits the switch suspend packet transmission for a set period of time in response to a PAUSE frame sent by a congested switch. Flow control applies only to links operating at 1 Gbps, full-duplex mode. |
MTU |
Using the arrows, indicate the maximum transmission unit (MTU), which is the maximum size of Ethernet frames sent by the interface. To calculate the MTU, add 14 bytes overhead to the maximum payload you want sent. Range: 256 through 9216 bytes |
Speed |
Select the link speed. If you select a link speed when autonegotiation is enabled, autonegotiation remains enabled and the interface will advertise the link speed that you specify as its maximum link speed. Note:
This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. |
Link Mode |
Select the duplex mode, either Automatic, Full Duplex, or Half Duplex. Select Automatic to enable autonegotiation when autonegotiation is disabled. Note:
This setting is ignored when you assign a Port profile to an Aggregated Ethernet interface. You cannot select Half Duplex with link speed set to Autonegotiation or 1 Gbps. |
Storm Control Settings Enabling storm control on a switching device monitors traffic levels and drops broadcast, multicast, and unknown unicast packets when a specified traffic level—called the storm control level or storm control bandwidth—is exceeded, thus preventing packets from proliferating and degrading the LAN. You can customize the storm control level for a specific interface by explicitly configuring either bandwidth or level. Note:
You cannot configure both bandwidth and level for the same interface. |
Unit
Value Configures the traffic storm control threshold level value as a percentage of bandwidth or bandwidth in kilobits per second depending upon the specified unit. No broadcast Select this option to enable storm control for no broadcast traffic on a specific interface or on all interfaces. No unknown broadcast Select this option to enable storm control for no unknown broadcast traffic on a specific interface or on all interfaces. No multicast Select this option to enable storm control for no multicast traffic on a specific interface or on all interfaces. No registered multicast Select this option to enable storm control for no registered multicast traffic on a specific interface or on all interfaces. No unregistered multicast Select this option to enable storm control for no unregistered multicast traffic on a specific interface or on all interfaces. |
Power over Ethernet
(PoE) You can enable PoE and display the configuration options by enabling Configure Power over Ethernet. |
|
Configure Power over Ethernet |
Enable to configure PoE settings. If you do not enable this option, Network Director does not send any PoE configuration commands to the device when the profile is deployed on the device. For example, if PoE is enabled on an interface, it remains enabled. On EX Series switches, the factory-default configuration enables PoE on all interfaces that support PoE. If you enable this option, the PoE settings in this profile is deployed on the interfaces that support PoE. If you assign this Port profile to interfaces that do not support PoE, the profile is deployed successfully on those interfaces, but the PoE settings will not take effect. |
Maximum Power (W) |
Use the arrows to adjust the maximum PoE power in watts allocated to a PoE port. The powered device cannot draw more power than the wattage specified. If it does so, PoE power to the port is shut down. Maximum power for PoE is 15.4W, Extended PoE is 18.6W and PoE+ is 30W. The Maximum Power setting has no effect when the PoE management mode for a switch or line card is class mode, which is the default mode. In class mode, the power allocated to a PoE port is determined either by LLDP negotiation with the powered device or by the PoE class of the powered device if LLDP is not supported. You must set the PoE power management mode for the switch or line card to static mode for the Maximum Power setting to take effect. Do this in the Device Common Settings profile. If you specify a maximum wattage that is greater than the maximum wattage that can be supplied by the port, your configuration is accepted when the Port profile is deployed on the port. However, the maximum wattage is set to the port’s maximum supported wattage. The maximum supported wattages for PoE ports are:
Default: 15.4W |
Priority |
Select a power priority for the PoE port—either Low or High. If there is a shortage of PoE power on the switch, power to low priority ports is shut down before power to high priority ports. Within ports with the same assigned priority, power priority is determined by port number—ports with a lower port number have a higher power priority. Default: low priority |
Disable PoE |
Select to disable PoE on the interfaces using this Port profile. |
Port Security
(Switching Interfaces Only) Select to enable port security (default); clear to disable port security. When port security is enabled, you can configure port security options such as learned MAC address limits on an interface. When port security is disabled, no port security is applied to the interface, including the default port security options. |
|
Trust DHCP |
Select to permit messages from a DHCP server to be received on the interface—this is the default. Clear to block all messages from a DHCP server from being received on the interface. Tip:
For this port security feature to work, DHCP snooping must be enabled on the VLAN the interface belongs to. You can enable DHCP snooping on the VLAN in the VLAN profile. For directions, see Creating and Managing VLAN Profiles. |
FCoE Trusted |
Select to configure the interface to trust Fibre Channel over Ethernet (FCoE) traffic. If an interface is connected to another switch such as an FCoE forwarder (FCF) or a transit switch, you can configure the interface as trusted so that the interface forwards FCoE traffic from the switch to the FCoE devices without installing FIP snooping filters. |
MAC Limit |
Type the number of MAC address that can be dynamically learned on the interface. Range: 1 through 163839 Default: For Desktop Ports, 1. For Desktop Phone Ports, 2. For all others, none. |
MAC Limit Action |
Select the action to be taken if the MAC address limit is exceeded:
|
Allowed MAC List |
Indicate the MAC addresses of devices that are allowed access to the interface in the Allowed MAC List. Any device whose MAC address does not match an address in the list will not be allowed access to the interface. A list with no entries means that a client with any MAC address is permitted to access the interface. To enter a MAC address, click Add and then type the MAC addresses in the field provided. Enter MAC addresses as two-character hexadecimal numbers separated by colons. Click Save to save the entry. Note:
Configuring an allowed MAC address list does not block the switch from receiving Layer 2 control packets—such as Link Layer Discovery Protocol (LLDP) packets—transmitted from MAC addresses that are not specified in the address list. Control packets do not undergo the MAC address check. However, the switch does not forward them to another destination. Default: No entries |
RSTP Settings In addition to enabling or disabling the Spanning Tree Protocol (STP) as part of device profiles, this feature enables you to fine-tune STP by setting interfaces into edge, disable, or no-root-port states. |
Edge RSTP defines the concept of an edge port, which is a designated port that connects to non-STP-capable devices, such as PCs, servers, routers, or hubs that are not connected to other switches. Because edge ports connect directly to end stations, they cannot create network loops and can transition to the forwarding state immediately. You can manually configure edge ports, and a switch can also detect edge ports by noting the absence of communication from the end stations. Disable Disables the RSTP on interface. Note:
Configuring interfaces to one of these states is not mandatory for ELS switches. Hence, the option Disable is not applicable for ELS switches and therefore not supported. No Root Port Configures an interface to be a spanning-tree designated port. If the bridge receives superior STP bridge protocol data units (BPDUs) on a root-protected interface, that interface transitions to a root-prevented STP state (inconsistency state) and the interface is blocked. This blocking prevents a bridge from being elected the root bridge. When the bridge stops receiving superior STP BPDUs on the root-protected interface, interface traffic is no longer blocked. |
CoS Settings (All except Fibre Channel Type) |
Click Select Cos Profile to choose from existing CoS profiles. The CoS configuration contained in the CoS profile is applied to the interfaces that the Port profile is assigned to when you deploy the configuration. Select the type of port scheduling for the CoS profile. Port scheduling depends on the device model. When you select a port scheduling type, Network Director displays the devices that support the selected port scheduling type. Click OK. Some preconfigured Service Types have a default CoS profile—see Service Types for details. Or Click Configure CoS settings to configure CoS profile. Select the type of port scheduling for the CoS profile. Port scheduling depends on the device model. When you select a port scheduling type, Network Director displays the devices that support the selected port scheduling type. See Creating and Managing Wired CoS Profiles for steps to configure a CoS profile. |
Authentication Settings (Desktop Port, Desktop Phone Port, Custom Port) |
Select the Authentication profile for the interface from a list of existing profiles by clicking Select, selecting one of the listed profiles, and then clicking OK. By assigning an Authentication profile to the Port profile, you can enable 802.1x and captive portal authentication on interfaces. If you do not specify an Authentication profile, the interface is an open port and no authentication is required to connect. Note:
You cannot configure 802.1x authentication on aggregated Ethernet interfaces. If you attempt to deploy a Port profile that contains an Authentication profile on an aggregated Ethernet interface, the deployment fails. Or Click Configure Authentication Settings to configure 802.1x and captive portal authentications. See Creating and Managing Authentication Profiles for steps to configure the authentication profile. |
Filter Settings (available for all Service Types, including Custom for routing) |
|
VRRP Settings (available when Service Type is Custom and Family Type is Routing) |
Select the VRRP profile for the interface from a list of existing profiles by clicking Select. Select one of the listed profiles, and then click OK. |
Clicking Done displays the dialog Do you want to assign Port Profile to Ports. click Yes to create a profile assignment else click No to navigate to the Manage Port Profile page and to create the Port assignment later.
What to Do Next
After you create a Port profile, you can assign it to interfaces or members of port groups. During this process, you can also configure interface-specific attributes, such as IP address, and certain device-specific attributes, such as which Access profile to use for all ports on the device. For more information, see Assigning and Unassigning Port Profiles from Interfaces.