EX4100-H Line of Ethernet Switches Datasheet
Download DatasheetProduct Overview
The EX4100-H ruggedized line of Ethernet access switches is tailored for harsh indoor and outdoor environments where extended temperature, potential physical impact, and vibration conditions are common. Use cases include but are not limited to:
‑ EV charging stations
‑ Petrol/gas stations
‑ Industrial automation and manufacturing
‑ Remote surveillance
‑ Transportation
As part of the underlying infrastructure for Juniper Mist Wired Assurance, the EX4100-H is purpose-built for and managed by the cloud. Mist AI provides visibility into the experience of connected devices, enabling streamlined operations while delivering an experience-first approach to access layer switching.
Product description
The Juniper Networks® EX4100-H ruggedized line of Ethernet switches offers a fanless, secure, reliable, cloud-native portfolio delivering high-quality network services in extreme conditions, including freezing and scorching temperatures, with an extended operating temperature range for extreme indoor and outdoor applications. EX4100-H switches are ideal for use cases where extreme temperatures, potential physical impact, and vibrations are common.
EX4100-H switches combine the simplicity of the cloud, the power of Mist AI™, and a robust, high-performance hardware foundation to deliver a differentiated approach to access switching in the cloud, mobile, and IoT era. With Juniper® Mist™ Wired Assurance, you can effortlessly onboard, configure, and manage EX4100-H switches from the cloud. This simplifies operations and improves visibility and troubleshooting, ensuring optimal experiences for connected devices.
Key Features of EX4100-H Line Include:
- Cloud-native, AI-Native switches with Wired Assurance and Marvis VNA
- Fanless with an extended operating temperature range of -40°C to +75°C for harsh environments
- Ruggedized, compact form factor for easy installation in tight spaces
- Compliant to IP30 and supports a relative humidity range of 5% to 95%, ensuring non-condensing operation
- Meets many industrial certifications, making it suitable for use in a wide range of applications that need high tolerances for constant vibrations, shocks, and electromagnetic immunity
- Dry contact alarm: two alarms in and one alarm out to signal external sensors
- Dual redundant PSUs: two AC PSUs or two DC PSUs or one AC and one DC PSU
- Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) to the access layer
- Standards-based microsegmentation using group-based policies (GBPs)
- Switch-to-switch encryption using Media Access Control Security (MACsec) AES256
- IEEE 802.3bz Multigigabit
- IEEE 802.3bt Power over Ethernet Plus (PoE++)
- Flow-based telemetry to monitor traffic flows for anomaly detection and the ability to measure packet delays and report drop reasons
- Precision Time Protocol–Transparent Clock
- 10-member Virtual Chassis support
The EX4100-H Family Consists of the Following Models:
- The EX4100-H-12MP, offering 4 x 100MB/1GbE/2.5GbE and 8 x 10 MB/100 MB/1GbE PoE++ access ports, delivers up to 90 W per port with a total PoE budget of 360 W using two power supplies. A combination of two AC PSUs or two DC PSUs or one AC PSU and one DC PSU can be used at the same time. PSUs are external and include 2 x 1/10GbE SFP+ fixed uplink ports and 2 x 1/10GbE SFP+ ports to support Virtual Chassis connections that can be reconfigured for use as Ethernet ports for uplink connectivity.
Offering a full suite of Layer 2 and Layer 3 capabilities, the EX4100-H supports a wide array of deployments, including campus and branch. As scale requirements increase, Juniper’s Virtual Chassis technology allows you to seamlessly interconnect and manage up to 10 EX4100-H switches as a single device, delivering a scalable, pay-as-you-grow solution for expanding network environments.
EX4100-H switch offers feature parity with the EX4100 line of switches. They also include high availability (HA) features such as redundant, hot-swappable power supplies to ensure maximum uptime. In addition, the 12-port Multi-Gigabit Ethernet EX4100-H switch offers standards-based 802.3af/at/bt (PoE/PoE+/PoE++) for delivering up to 90W on any access port. You can configure EX4100-H switches to quickly provide PoE power to connected devices within seconds of startup, minimizing downtime and ensuring fast performance.
Architecture and Key Components
Cloud management with Juniper Mist Wired Assurance driven by Mist AI
EX4100-H switches can be quickly and easily onboarded (Day 0), provisioned (Day 1), and managed (Day 2+) from the cloud with Juniper Mist Wired Assurance, which brings AI-Native automation and insights that optimize experiences for end users and connected devices. The EX4100-H provides rich Junos® operating system telemetry data for Mist AI that helps achieve simpler operations, shorter mean time to repair (MTTR), and streamlined troubleshooting.
In addition to Juniper Mist Wired Assurance, Marvis Virtual Network Assistant lets you start building a self-driving network that simplifies network operations and streamlines troubleshooting via automatic fixes for Juniper Networks EX Series Switches or recommended actions for external systems.
Features and Benefits
Simplified operations with Juniper Mist Wired Assurance
- Day 0 operations: Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity
- Day 1 operations: Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles
- Day 2 operations: Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre-and post-connection metrics (see Figure 1)
Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). Perform software upgrades easily through Juniper Mist Cloud.
For more information, see Juniper Mist Wired Assurance.
Virtual Chassis Technology
Juniper’s Virtual Chassis technology allows multiple interconnected switches to operate as a single, logical unit, enabling users to manage all platforms as one virtual device. You can interconnect up to 10 EX4100-H switches as a Virtual Chassis using 2 x 10GbE SFP+ dedicated Virtual Chassis ports. Although configured as Virtual Chassis ports by default, the 2 x 10GbE SFP+ Virtual Chassis ports can also be configured as uplink ports.
Flow-based Telemetry
Flow-based telemetry enables flow-level analytics, allowing network administrators to monitor thousands of traffic flows on the EX4100-H without burdening the CPU. This improves network security by monitoring, baselining, and detecting flow anomalies. For example, if predefined flow thresholds are breached due to an attack, IP Flow Information Export (IPFIX) alerts can be sent to an external server to quickly identify the attack. Network administrators can also automate specific workflows, such as further examining the traffic or quarantining a port, to triage the issue. In addition to DOS attacks, flow-based telemetry on EX4100-H switches can measure packet delays at ingress, chip, and egress points, as well as report drop reasons.
EVPN-VXLAN Technology
Most traditional campus networks have a single-vendor, chassis-based architecture that worked well for smaller, static campuses with a few endpoints. However, this approach is too rigid to support the changing needs of modern campus networks. The EX4100-H supports EVPN-VXLAN, extending an end-to-end fabric from campus core to distribution to the access layer.
An EVPN-VXLAN fabric is a simple, programmable, highly scalable architecture built on open standards. This technology can be applied in both data centers and campuses for architectural consistency. A campus EVPN-VXLAN architecture uses a Layer 3 IP-based underlay network and an EVPN-VXLAN overlay network. A flexible overlay network based on a VXLAN overlay with an EVPN control plane efficiently provides Layer 2 and/or Layer 3 connectivity throughout the network. EVPN-VXLAN also offers a scalable way to build and interconnect multiple campus sites, delivering:
- Greater consistency and scalability across all network layers
- Multivendor deployment support
- Reduced flooding and learning
- Location-agnostic connectivity
- Consistent network segmentation
- Simplified management
Microsegmentation Using GBP
GBP leverages underlying VXLAN technology to provide location-agnostic endpoint access control. This allows network administrators to implement consistent security policies across the enterprise network domains. The EX4100-H supports a standards-based GBP solution, allowing different levels of access control for endpoints and applications, even within the same VLAN. IT teams can simplify their network configuration by using GBP, avoiding the need to configure large numbers of firewall filters on all their switches. GBP can block lateral threats by ensuring consistent application of security group policies throughout the network, regardless of the location of endpoints and/or users.
Campus Fabric Deployments
EVPN-VXLAN for campus core, distribution, and access
The main advantages of EVPN-VXLAN in campus networks are:
- Flexibility of consistent VLANs across the network: You can place endpoints anywhere in the network and remain connected to the same logical L2 network, enabling decoupling of a virtual topology from the physical topology.
- Microsegmentation: The EVPN-VXLAN-based architecture lets you deploy a common set of policies and services across campuses with support for L2 and L3 VPNs
- Scalability: With an EVPN control plane, enterprises can scale out easily by adding more core, aggregation, and access-layer devices as the business grows without having to redesign the network or perform a forklift upgrade. Using an L3 IP-based underlay coupled with an EVPN-VXLAN overlay, campus network operators can deploy much larger and more resilient networks than would otherwise be possible with traditional L2 Ethernet-based architectures
Juniper offers several validated EVPN-VXLAN campus fabrics that cater to a range of network size, scale, and segmentation requirements:
EVPN multihoming (on collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single layer, turning the traditional three-tier hierarchal network into a two-tier network. EVPN multihoming on a collapsed core eliminates the need for Spanning Tree Protocol (STP) across campus networks by providing link aggregation capabilities from the access layer to the core layer. This topology is best suited for small to medium distributed enterprise networks and allows for consistent VLANs across the network. This topology uses ESI (Ethernet Segment Identifier) LAG (Link Aggregation) and is a standards-based protocol.
Campus Fabric Core distribution: When EVPN VXLAN is configured across core and distribution layers, it becomes a campus Fabric Core Distribution architecture that can be configured in two modes: centrally or edge routed bridging overlay. This architecture provides an opportunity for an administrator to move toward campus-fabric IP Clos without a forklift upgrade of all access switches in the existing network while bringing in the advantages of moving to a campus fabric and providing an easy way to scale out the network.
Campus fabric IP Clos: When EVPN VXLAN is configured on all layers, including access, it is called the campus fabric IP Clos architecture. This model is also referred to as “end-to-end,” given that VXLAN tunnels are terminated at the access layer. Due to the availability of VXLAN at access, it provides us with the opportunity to bring policy enforcement to the access layer (closest to the source) using GBP. Standards-based GBP tags bring the unique option to segment traffic both at a micro and macro level. GBP tags are assigned dynamically to clients as part of Radius transaction by Mist Cloud NAC. This topology works for small to medium and large campus architectures that need macro and microsegmentation.
All three topologies are standards-based and interoperable with third-party vendors. The EX4100-H switches can be deployed in campus and branch access layer networks in the EVPN-VXLAN architectures shown in Figure 3.
Managing AI-driven Campus Fabric with Juniper Mist Cloud
Juniper Mist Wired Assurance brings cloud management and Mist AI to the campus fabric. It sets a new standard that moves away from traditional network management toward AI-Native operations while delivering better experiences to connected devices. Juniper Mist Cloud streamlines deployment and management of campus fabric architectures by allowing:
- Automated deployment and zero-touch provisioning (ZTP)
- Anomaly detection
- Root cause analysis
Chassis-Class Availability
EX4100-H switches deliver high availability through redundant power supplies, graceful Routing Engine switchover (GRES), and nonstop bridging and routing when deployed in a Virtual Chassis configuration. In a Virtual Chassis configuration, each EX4100-H switch is capable of functioning as a Routing Engine (RE). When two or more EX4100-H switches are interconnected, a single control plane is shared among all Virtual Chassis member switches. Junos OS automatically initiates an election process to assign a primary (active) and backup (hot-standby) RE. An integrated L2 and L3 GRES feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a primary RE failure.
When more than two switches are interconnected in a Virtual Chassis configuration, the remaining switch elements act as line cards and are available to assume the backup RE position should the designated primary RE fail. Primary, backup, and line card priority status can be assigned to dictate the order of ascension. This N+1 RE redundancy, coupled with the GRES, nonstop active routing (NSR), and nonstop bridging (NSB) capabilities of Junos OS, assures a smooth transfer of control plane functions following unexpected failures.
The EX4100-H implements the same slot/module/port numbering scheme as other Juniper chassis-based products when numbering Virtual Chassis ports, providing true chassis-like operations.
By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, simplifying overall system maintenance and management.
Individually, the EX4100-H offers several HA features that are typically associated with modular chassis-based switches. When combined with the field-proven Junos OS and L2/L3 failover capabilities, these features provide the EX4100-H with true carrier-class reliability.
- Redundant power supplies: The EX4100-H line of switches supports redundant, load-sharing, hot-swappable, and field-replaceable power supplies to maintain uninterrupted operations
- Fanless: The EX4100-H are ruggedized switches with no moving parts
- Nonstop bridging and nonstop active routing: NSB and NSR on the EX4100-H ensure that control plane protocols, states, and tables are synchronized between primary and standby REs to prevent protocol flaps or convergence issues following an RE failover
- Redundant trunk group (RTG): To avoid the complexities of STP without sacrificing network resiliency, the EX4100-H employs redundant trunk groups to provide the necessary port redundancy and simplify switch configuration
- Cross-member link aggregation: Cross-member link aggregation allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability
- IPv4 and IPv6 routing support: IPv4 and IPv6 Layer 3 routing (OSPF and BGP) is available with a Flex license, enabling highly resilient networks.
MACsec AES256
The EX4100-H switches support IEEE 802.1ae MACsec with AES-256-bit encryption to increase security of point-to-point traffic communications. MACsec provides encrypted communication at the link layer, enabling the identification and prevention of threats, such as denial of service (DoS) and other intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on ports, the traffic is encrypted on the wire, but the traffic inside the switch is not. This allows the switch to apply network policies such as quality of service (QoS) or deep packet inspection (DPI) to each packet without compromising the security of packets on the wire.
PoE/PoE+/PoE++ Power, perpetual and fast PoE
The EX4100-H delivers PoE to connected devices such as environmental sensors, Human Machine Interfaces (HMI), Programmable Logic Controllers (PLC), phones, surveillance cameras, IoT devices, and Wi-Fi access points, offering a PoE of up to 90W per port based on the IEEE 802.3bt PoE standard.
EX4100-H switches support perpetual PoE, which provides uninterrupted power to connected PoE powered devices (PDs) even when the EX4100-H switch is rebooting.
EX4100-H switches also support a fast PoE capability that delivers PoE power to connected endpoints during a switch power-up, even before the switch is fully operational. This is especially beneficial in situations where the endpoint only needs the power and is not necessarily dependent on network connectivity.
Dry-contact alarms
EX4100-H switches support a two-wire, two alarms in one alarm out dry-contact alarm configuration. Alarms provide essential alerts and monitoring capabilities that can be integrated with external sensors.
Grounding lugs
The EX4100-H switches and power supplies must be installed in a restricted-access location and ensure they are always properly grounded. Use Juniper supported grounding lugs or third-party grounding lugs as per the specifications of the grounding lug SKU.
Junos telemetry interface
The EX4100-H supports Junos telemetry interface (JTI), a modern telemetry streaming feature designed for switch health and performance monitoring. Sensor data can be streamed to a management system at configurable periodic intervals, enabling network administrators to monitor individual link and node utilization and troubleshoot issues such as network congestion in real time. JTI delivers the following features:
- Performance management by provisioning sensors to collect and stream data and analyze application and workload flow paths through the network
- Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts
- Troubleshooting and root cause analysis via high-frequency monitoring and correlation of overlay and underlay networks
Junos Operating System
EX4100-H switches run Junos OS, Juniper’s powerful and robust network operating system that powers all Juniper switches, routers, and firewalls. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code and employs a highly available modular architecture to prevent isolated failures from bringing down an entire system.
These attributes are fundamental to the core value of the software, enabling simultaneous updates of all Junos OS-powered solutions with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities are maintained and operate in the same way.
Flex Licensing
Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license.
The Flex Advanced and Flex Premium licenses for the EX Series platforms are class-based and determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports.
The EX4100-H switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos OS features, the Flex Advanced and Flex Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Flex Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer.
For a complete list of features supported by the Flex Standard, Advanced, and Premium tiers, or to learn about Junos OS EX Series licenses, please visit: https://www.juniper.net/documentation/us/en/software/license/juniper-licensing-user-guide/topics/concept/licenses-for-ex.html.
Enhanced Limited Lifetime Warranty
The EX4100-H includes an enhanced limited lifetime hardware warranty that provides return-to-factory switch replacement for as long as the original purchaser owns the product. The warranty includes lifetime software updates, advanced shipping of spares within one business day, and 24x7 Juniper Networks Technical Assistance Center (JTAC) support for 90 days after the purchase date. Power supplies are covered for five years. For complete details, please visit https://support.juniper.net/support/pdf/warranty/enhanced-limited-lifetime-warranty-ex-series.pdf.
Product Options
Available EX4100-H models are listed in Table 1.
Model/Product SKU | Access Port Configuration | PoE/PoE+/PoE++ Ports | PoE Budget 1 PSU/2 PSU | 10GbE Ports | Power Supply Rating |
EX4100-H-12MP | 4x100MB/1/2.5GbE + 8x10/100/1000BASE-T | 12 | 240 W/360W | 4 | 340 W AC |
EX4100-H-12MP-DC | 4x100MB/1/2.5GbE + 8x10/100/1000BASE-T | 12 | 240 W/360W | 4 | 340 W DC |
The EX4100-H also offers spare chassis options without power supplies, providing customers with the flexibility to stock SKUs (Table 2). See the Ordering Information section for additional details.
EX4100-H Line Specifications
Physical specifications backplane
- 40 Gbps Virtual Chassis interconnect to combine up to 10 units as a single logical device
Power options
Model Number | Description | Voltage Range |
JPSU-H-340W-E-AC | 340W External AC PSU for EX4100-H-12MP | 100V-240VAC |
JPSU-H-340W-E-DC | 340W External DC PSU for EX4100-H-12MP | 24VDC-60V DC |
- Power supplies dual load sharing hot-swappable internal and external redundant power supplies
- Maximum current inrush: 30 amps
- Minimum number of PSUs required for fully loaded chassis: one per switch
Dimensions (W x H x D)
Model Number | Dimension (W x H x D) In Inches | With PSU / Without PSU |
EX4100-H-12MP | 4.40” x 6” x 5.30” | Without PSU |
EX4100-H-12MP-DC | 4.40” x 6” x 5.30” | Without PSU |
System weight
- EX4100-H-12MP switch (with no PSU): 5.22 lb (2.37 kg)
- 340 W external AC power supply: 4.52 lb (2.05 kg)
- 340 W external DC power supply: 4.08 lb (1.85 kg)
Environmental ranges
Operating temperature:
- -40° to 60°C (-40° to 140°F) (sealed cabinet)
- -40° to 70°C (-40° to 158°F) (vented cabinet) 40 LFM
- -40° to 75°C (-40° to 167°F) (blower-equipped cabinet) 200 LFM
Altitude:
- Up to 15,000 feet (4572 m) with no temperature derating
Storage Temperature:
- -40° to 85°C (-40° to 185°F)
Humidity:
- Relative humidity of 5% to 95% noncondensing
Hardware specifications switching engine mode
- Store and forward
Memory
- DRAM: 4 GB with Error Correcting Code (ECC) on all models
- Storage: 8 GB on all models
CPU
- 1.7 GHz ARM CPU on all models
GbE port density per system
- EX4100-H-12MP: 16 (4 2.5GbE host ports + 8 1GbE host ports + 4 1GbE/10GbE ports)
Physical layer
- Time domain reflectometry (TDR) for detecting cable breaks and shorts: EX4100-H-12MP
- Auto medium-dependent interface/medium-dependent interface crossover (MDI/MDIX) support: EX4100-H-12MP
- Port speed downshift/setting maximum advertised speed on
- 10/100/1000BASE-T ports on EX4100-H-12MP
- 100/1000BASE-T/2.5GBASE-T on EX4100-H-12MP
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/gb/en/products.html.
EX4100-H power supply ratings
Model Number | Works with Switch | Power Supply Rating |
JPSU-H-340W-E-AC | EX4100-H-12MP | 340 W AC |
JPSU-H-340W-E-DC | EX4100-H-12MP | 340 W AC |
Packet switching capacities (maximum with 64 Byte Packets)
- EX4100-H-12MP: 58 Gbps (unidirectional)/116 Gbps (bidirectional), non-blocking
Software Specifications
Layer 2/Layer 3 throughput (Mpps) (maximum with 64 Byte Packets)
- EX4100-H-12MP 86 Mpps
Security
- Media Access Control (MAC) limiting (per port and per VLAN)
- Allowed MAC addresses: 64,000
- Dynamic Address Resolution Protocol (ARP) dynamic ARP inspection (DAI)
- IP source guard
- Local proxy ARP
- Static ARP support
- Dynamic Host Configuration Protocol (DHCP) snooping
- Captive portal
- Persistent MAC address configurations
- Distributed denial of service (DDoS) protection (CPU control path flooding protection)
Layer 2 switching
- Maximum MAC addresses per system: 64,000
- Jumbo frames: 9216 bytes
- Range of possible VLAN IDs: 1 to 4094
- Virtual Spanning Tree (VST) instances: 253
- Port-based VLAN
- Voice VLAN
- Physical port redundancy: Redundant trunk group (RTG)
- Compatible with Per-VLAN Spanning Tree Plus (PVST+)
- Routed VLAN interface (RVI)
- Uplink failure detection (UFD)
- ITU-T G.8032: Ethernet Ring Protection Switching
- IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
- LLDP-MED with VoIP integration
- Default VLAN and multiple VLAN range support
- MAC learning deactivate
- Persistent MAC learning (sticky MAC)
- MAC notification
- Private VLANs (PVLANs)
- Explicit congestion notification (ECN)
- Layer 2 protocol tunneling (L2PT)
- IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
- IEEE 802.1p: Class of service (CoS) prioritization
- IEEE 802.1Q: VLAN tagging
- IEEE 802.1X: Port Access Control
- IEEE 802.1ak: Multiple Registration Protocol
- IEEE 802.3: 10BASE-T
- IEEE 802.3u: 100BASE-T
- IEEE 802.3ab: 1000BASE-T
- IEEE 802.3z: 1000BASE-X
- IEEE 802.3bz: 2.5GBASE-T and 5GBASE-T
- IEEE 802.3ae: 10-Gigabit Ethernet
- IEEE 802.3by: 25-Gigabit Ethernet
- IEEE 802.3af: Power over Ethernet
- IEEE 802.3at: Power over Ethernet Plus
- IEEE 802.3bt: 90 W Power over Ethernet
- IEEE 802.3x: Pause Frames/Flow Control
- IEEE 802.3ah: Ethernet in the First Mile
Spanning Tree
- IEEE 802.1D: Spanning Tree Protocol
- IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
- Number of MST instances supported: 64
- Number of VLAN Spanning Tree Protocol (VSTP) instances supported: 253
- IEEE 802.1w: Rapid reconfiguration of Spanning Tree Protocol
Link Aggregation
- IEEE 802.3ad: Link Aggregation Control Protocol
- 802.3ad (LACP) support:
- Number of LAGs supported: 128
- Maximum number of ports per LAG: 8
- LAG load-sharing algorithm bridged or routed (unicast or multicast) traffic:
- IP: S/D IP
- TCP/UDP: S/D IP, S/D Port
- Non-IP: S/D MAC
- Tagged ports support in LAG
Layer 3 features: IPv4
- Maximum number of ARP entries: 32,000
- Maximum number of IPv4 unicast routes in hardware: 32,150 prefixes; 32,150 host routes
- Maximum number of IPv4 multicast routes in hardware: 16,100 multicast routes
- Routing protocols: RIPv1/v2, OSPF, BGP, IS-IS
- Static routing
- Routing policy
- Bidirectional Forwarding Detection (BFD)
- L3 redundancy: Virtual Router Redundancy Protocol (VRRP)
- VRF-Lite: 1000
Layer 3 features: IPv6
- Maximum number of neighbor discovery (ND) entries: 16,000
- Maximum number of IPv6 unicast routes in hardware: 16,200 prefixes; 16,050 host routes
- Maximum number of IPv6 multicast routes in hardware: 8,000 multicast routes
- Routing protocols: RIPng, OSPFv3, IPv6, IS-IS
- Static routing
Access Control Lists (ACLs) (Junos OS Firewall Filters)
- ACL entries (ACE) in hardware per system:
- Port-based ACL (PACL) ingress: 4092
- VLAN-based ACL (VACL) ingress: 4092
- Router-based ACL (RACL) ingress: 4092
- Port-based ACL (PACL) egress: 1022
- VLAN-based ACL (VACL) egress: 511
- Egress across RACL: 1022
- ACL counter for denied packets
- ACL counter for permitted packets
- Ability to add/remove/change ACL entries in middle of list (ACL editing)
- L2-L4 ACL
Access security
- 802.1X port-based
- 802.1X multiple supplicants
- 802.1X with VLAN assignment
- 802.1X with authentication bypass access (based on host MAC address)
- 802.1X with VoIP VLAN support
- 802.1X dynamic ACL based on RADIUS attributes
- 802.1X Supported Extensible Authentication Protocol (EAP) types: Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled TLS (TTLS), Protected Extensible Authenticated Protocol (PEAP)
- MAC authentication (RADIUS)
- Control plane DoS protection
- Radius functionality over IPv6 for authentication, authorization, and accounting (AAA)
- DHCPv6 snooping
- IPv6 neighbor discovery
- IPv6 source guard
- IPv6 router advertisement (RA) guard
- IPv6 Neighbor Discovery Inspection
- MACsec
High availability
- Redundant, hot-swappable power supplies
- GRES for Layer 2 hitless forwarding and Layer 3 protocols on RE failover
- Graceful protocol restart (OSPF, BGP)
- Layer 2 hitless forwarding on RE failover
- Nonstop bridging: LACP, xSTP
- Nonstop routing: PIM, OSPF v2 and v3, RIP v2, RIPng, BGP, BGPv6, IS-IS, IGMP v1, v2, v3
Quality of service
- L2 QoS
- L3 QoS
- Ingress policing: 1 rate 2 color
- Hardware queues per port: 12 (8 unicast + 4 multicast)
- Scheduling methods (egress): Strict priority (SP), weighted deficit round-robin (WDRR)
- 802.1p, DiffServ code point (DSCP)/IP precedence trust and marking
- L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP precedence, TCP/UDP port numbers, and more
- Congestion avoidance capabilities: Tail drop, weighted random early detection (WRED)
Multicast
- IGMP: v1, v2, v3
- IGMP snooping
- Multicast Listener Discovery (MLD) snooping
- Protocol Independent Multicast-Sparse Mode (PIM-SM), PIM Source-Specific Mode (PIM-SSM), PIM Dense Mode (PIM-DM)
Management and analytics platforms
- Juniper Mist Wired Assurance for campus
- Junos Space® Network Director for campus
- Junos Space Management Applications
Device management and operations
- Junos OS CLI
- Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
- Rescue configuration
- Configuration rollback
- Image rollback
- RMON (RFC2819) groups 1, 2, 3, 9
- Remote performance monitoring
- SNMP: v1, v2c, v3
- Network Time Protocol (NTP)
- DHCP server
- DHCP client and DHCP proxy
- DHCP relay and helper
- DHCP local server support
- RADIUS
- TACACS+
- SSHv2
- Secure copy
- HTTP/HTTPs
- Domain Name System (DNS) resolver
- System logging
- Temperature sensor
- Configuration backup via FTP/secure copy
Supported RFCs
- RFC 768 UDP
- RFC 783 TFTP
- RFC 791 IP
- RFC 792 ICMP
- RFC 793 TCP
- RFC 826 ARP
- RFC 854 Telnet client and server
- RFC 894 IP over Ethernet
- RFC 903 RARP
- RFC 906 TFTP Bootstrap
- RFC 951, 1542 BootP
- RFC 1027 Proxy ARP
- RFC 1058 RIP v1
- RFC 1112 IGMP v1
- RFC 1122 Host Requirements
- RFC 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments (TCP/IP transport only)
- RFC 1256 IPv4 ICMP Router Discovery (IRDP)
- RFC 1492 TACACS+RFC 1519 CIDR
- RFC 1587 OSPF NSSA Option
- RFC 1591 DNS
- RFC 1812 Requirements for IP Version 4 Routers
- RFC 1981 Path MTU Discovery for IPv6
- RFC 2030 SNTP, Simple Network Time Protocol
- RFC 2068 HTTP server
- RFC 2080 RIPng for IPv6
- RFC 2131 BOOTP/DHCP relay agent and DHCP server
- RFC 2138 RADIUS Authentication
- RFC 2139 RADIUS Accounting
- RFC 2154 OSPF w/Digital Signatures (password, MD-5)
- RFC 2236 IGMP v2
- RFC 2267 Network Ingress Filtering
- RFC 2328 OSPF v2 (edge-mode)
- RFC 2338 VRRP
- RFC 2362 PIM-SM (edge-mode)
- RFC 2370 OSPF Opaque LSA Option
- RFC 2453 RIP v2
- RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
- RFC 2461 Neighbor Discovery for IP Version 6 (IPv6)
- RFC 2463 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
- RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
- RFC 2474 DiffServ Precedence, including 12 queues/port
- RFC 2475 DiffServ Core and Edge Router Functions
- RFC 2526 Reserved IPv6 Subnet Anycast Addresses
- RFC 2597 DiffServ Assured Forwarding (AF)
- RFC 2598 DiffServ Expedited Forwarding (EF)
- RFC 2740 OSPF for IPv6
- RFC 2925 MIB for Remote Ping, Trace
- RFC 3176 sFlow
- RFC 3376 IGMP v3
- RFC 3484 Default Address Selection for Internet Protocol Version 6 (IPv6)
- RFC 3513 Internet Protocol Version 6 (IPv6) Addressing Architecture
- RFC 3569 draft-ietf-ssm-arch-06.txt PIM-SSM PIM Source Specific Multicast
- RFC 3579 RADIUS EAP support for 802.1x
- RFC 6614 RadSec
- RFC 3618 Multicast Source Discovery Protocol (MSDP)
- RFC 3623 OSPF Graceful Restart
- RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4291 IPv6 Addressing Architecture
- RFC 4443 ICMPv6 for the IPv6 Specification
- RFC 4541 IBMP and MLD snooping services
- RFC 4552 OSPFv3 Authentication
- RFC 4861 Neighbor Discovery for IPv6
- RFC 4862 IPv6 Stateless Address Autoconfiguration
- RFC 4915 MT-OSPF
- RFC 5095 Deprecation of Type 0 Routing Headers
- RFC 5176 Dynamic Authorization Extensions to RADIUS
- RFC 5798 VRRPv3 for IPv6
- Draft-ietf-bfd-base-05.txt Bidirectional Forwarding Detection
- Draft-ietf-idr-restart-10.txt Graceful Restart Mechanism
- Draft-ietf-isis-restart-02 Restart Signaling for IS-IS
- Draft-ietf-isis-wg-multi-topology-11 Multi Topology (MT) Routing in IS-IS for BGP
- Internet draft-ietf-isis-ipv6-06.txt, Routing IPv6 with IS-IS
- LLDP Media Endpoint Discovery (LLDP-MED), ANSI/TIA-1057, draft 08
- PIM-DM Draft IETF PIM Dense Mode draft-ietf-idmr-pimdm-05.txt, draft-ietf-pim-dm-new-v2-04.txt
Supported MIBs
- RFC 1155 SMI
- RFC 1157 SNMPv1
- RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs
- RFC 1493 Bridge MIB
- RFC 1643 Ethernet MIB
- RFC 1657 BGP-4 MIB
- RFC 1724 RIPv2 MIB
- RFC 1850 OSPFv2 MIB
- RFC 1905 RFC 1907 SNMP v2c, SMIv2 and Revised MIB-II
- RFC 2011 SNMPv2 for Internet Protocol using SMIv2
- RFC 2012 SNMPv2 for transmission control protocol using SMIv2
- RFC 2013 SNMPv2 for user datagram protocol suing SMIv2
- RFC 2096 IPv4 Forwarding Table MIB
- RFC 2287 System Application Packages MIB
- RFC 2570–2575 SNMPv3, user-based security, encryption, and authentication
- RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3
- RFC 2578 SNMP Structure of Management Information MIB
- RFC 2579 SNMP Textual Conventions for SMIv2
- RFC 2665 Ethernet-like interface MIB
- RFC 2787 VRRP MIB
- RFC 2819 RMON MIB
- RFC 2863 Interface Group MIB
- RFC 2863 Interface MIB
- RFC 2922 LLDP MIB
- RFC 2925 Ping/Traceroute MIB
- RFC 2932 IPv4 Multicast MIB
- RFC 3413 SNMP Application MIB
- RFC 3414 User-Based Security model for SNMPv3
- RFC 3415 View-Based Access Control Model for SNMP
- RFC 3621 PoE-MIB (PoE switches only)
- RFC 4188 STP and Extensions MIB
- RFC 4363 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and VLAN extensions
- RFC 5643 OSPF v3 MIB support
- Draft – blumenthal – aes – usm - 08
- Draft – reeder - snmpv3 – usm - 3desede -00
- Draft-ietf-bfd-mib-02.txt
- Draft-ietf-idmr-igmp-mib-13
- Draft-ietf-idmr-pim-mib-09
- Draft-ietf-idr-bgp4-mibv2-02.txt – Enhanced BGP-4 MIB
- Draft-ietf-isis-wg-mib-07
Troubleshooting
- Debugging: CLI via console, Telnet, or SSH
- Diagnostics: Show and debug command, statistics
- Traffic mirroring (port)
- Traffic mirroring (VLAN)
- IP tools: Extended ping and trace
- Juniper Networks commit and rollback
Traffic monitoring
- ACL-based mirroring
- Mirroring destination ports per system: 4
- LAG port monitoring
- Multiple destination ports monitored to 1 mirror (N:1)
- Maximum number of mirroring sessions: 4
- Mirroring to remote destination (over L2): 1 destination VLAN
Safety and compliance
Electromagnetic compatibility (EMC) requirements
- FCC 47 CFR Part 15
- ICES-003 / ICES-GEN
- BS EN 55032
- BS EN 55035
- EN 300 386 V1.6.1
- EN 300 386 V2.2.1
- BS EN 300 386
- EN 55032
- CISPR 32
- EN 55035
- CISPR 35
- IEC/EN 61000 Series
- IEC/EN 61000-3-2 – harmonic current emission
- IEC/EN 61000-3-3 – Voltage fluctuations and flicker
- AS/NZS CISPR 32
- VCCI-CISPR 32
- BSMI CNS 15936
- KS C 9835 (Old KN 35)
- KS C 9832 (Old KN 32)
- KS C 9610
- BS EN 61000 Series
- IEC 61000-6-1
- IEC 61000-6-3
- NEBS GR-1089-CORE, Issue 8
- British Telecommunications (BT) GS7
- Deutsche Telekom (DT) 1 TR 9
- IEEE1613 and IEEE 1613.1
- IEC 61850-3 with IEC 61000-6-5
- EN50121-4
- EN 61000-4-11
- Voltage Dips and interruptions
- EN 61000-4-11
- ElectroStatic Discharge (ESD)
- EN 61000-4-2 (air – 15kV, contact – 8kV)
- Radiated Immunity
- EN 61000-4-3 (10V/m UTP, 20V/m STP)
- Electromagnetic Fast Transients (EFT)/Burst
- EN 61000-4-4
- Surge
- EN 61000-4-5
- Conducted Immunity
- EN 61000-4-6
- Pulsed Magnetic field
- EN 61000-4-9
- Railway Application
- EN 50121-3-2/EN 50121-4/EN 50155/IEC 60571/EN 50155/IEC 61373
Environmental
Vibration
- IEC 60068-2-6 (sine) & IEC60068-2-64 (random)
Shock & Free Fall
- IEC 60068-2-27(shock) & IEC 60068-2-31(Free fall - packaged)
NEBS
- GR 63 issue 5
- GR 3108- Class 2 (salt fog only)
ETSI
- ETSI 300 019 - 2.1 Class 1.2 - Storage
- ETSI 300 019 - 2.2 Class 2.3 - Transport
- ETSI 300 019 - 2.3 Class T3.2 - Operational
Railway
- EN 50125-3 Rail (outside track-Vibration and humidity (sheltered, in building)
Traffic signaling
- NEMA TS2 2021
Humidity
- 5% to 95% non-condensing
Corrosion
- IEC 60068-2-52 (salt Mist)
- GR 3108- Class 2 (Salt Fog only)
Power Utility and substation
- IEEE 1613 - Environmental requirements for devices used in electrical power apparatus.
- IEC 61850-3 - Environmental Requirements for Power Utility.
- 60255-21-1- Class 1 (sine vibration)
- 60255-21-2 - Class 1 (Shock)
- 60255-21-3 - Class 1 (Seismic)
- IP 30 (IEC60529)
Safety requirements: Chassis and optics
- IEC 62368-1:2014 (All country deviations): 2nd Edition: CB Scheme
- IEC 62368-1:2018 (All country deviations): 3rd Edition: CB Scheme
- EN 62368-1:2014+A11:2017, EN IEC 62368-1:2020+A11:2020
- BS EN 62368-1:2014+A11:2017, BS EN IEC 62368-1:2020+A11:2020
- UL 62368-1:2019
- CSA C22.2 No. 62368-1:19
- UL 60950-1:2007
- CAN/CSA C22.2 No. 60950-1-07+ A1:2011+A2:2014
- UL 60950-1:2007
Energy efficiency
- AT&T TEER (ATIS-06000015.03.2013)
- ECR 3.0.1
- ETSI ES 203 136 V.1.1.1
- Verizon TEEER (VZ.TPR.9205)
Telco
- CLEI code
Ordering information
EX4100-H-12MP | Multigigabit 12 port, PoE++ (up to 90 W) switch with 4x100 MB/ 1GbE/2.5GbE + 8x10 MB/100 MB/1GbE, 4x10GbE uplinks, 2x10GbE stacking/uplink ports, MACsec AES256,1x JPSU-H-340W-E-AC included with Standard SW, optics sold separately. |
EX4100-H-12MP-DC | Multigigabit 12 port, PoE++ (up to 90 W) switch with 4x100 MB/ 1GbE/2.5GbE + 8x10 MB/100 MB/1GbE, 4x10GbE uplinks, 2x10GbE stacking/uplink ports, MACsec AES256,1x JPSU-H-340W-E-DC included with Standard SW, optics sold separately. |
Perpetual licenses | |
S-EX-A-C1-P | Software, EX Series Advanced license, Class 1 (12 ports), Perpetual license for EX4100-H 12-port switches |
S-EX-A-C1-P | Software, EX Series Advanced license, Class 1 (12 ports), Perpetual license for EX4100-H 12-port switches |
S-EX-MACSEC-C1-P | Software, EX Series MACsec license, Class 1 (12 ports), Perpetual license for EX4100-H 12-port switches |
S-EX4100-FBT-P | Software, EX Series Flow Based Telemetry License. Perpetual license for all EX4100 switches |
S-EX-P-C1-7 | Software, EX Series Advanced license, Class 1 (12 ports), Perpetual license for EX4100-H 12-port switches, 7 years |
Subscription licenses | |
S-EX-A-C1-1 | Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches, 1 year |
S-EX-A-C1-3 | Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches, 3 years |
S-EX-A-C1-5 | Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches, 5 years |
S-EX-A-C1-7 | Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches, 7 years |
S-EX-A-C1-1-COR | Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches with SVC CORE support, 1 year |
S-EX-A-C1-3-COR | Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches with SVC CORE support, 3 years |
S-EX-A-C1-5-COR | Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches with SVC CORE support, 5 years |
S-EX-P-C1-1-COR | Software, EX Series Premium license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches with SVC CORE support, 1 year |
S-EX-P-C1-3-COR | Software, EX Series Premium license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches with SVC CORE support, 3 years |
S-EX-P-C1-5-COR | Software, EX Series Premium license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches with SVC CORE support, 5 years |
S-EX-A-C1-1-ND | Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches with SVC NEXT DAY support, 1 year |
S-EX-A-C1-3-ND | Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches with SVC NEXT DAY support, 3 years |
S-EX-A-C1-5-ND | Software, EX Series Advanced license, Class 1 (12 ports), includes Juniper Mist Wired Assurance and VNA subscription for EX Series 12-port switches with SVC NEXT DAY support, 5 years |
Power supplies | |
JPSU-H-340W-E-AC | EX Series 340 W External AC power supply (power cord needs to be ordered separately) |
JPSU-H-340W-E-DC | EX Series 340 W External DC power supply (power cord needs to be ordered separately) |
Grounding lugs | |
JNP-GL-2H6-M5-RA | 6 AWG grounding lug, M5, right-angled. S-EX-A-C1-7, S-EX-P-C1-7, OR Use third party grounding lug, Panduit LCD6-14AF-L |
Mounting options | |
EX4100-H-12-DRK | Din Rail Mount Kit for EX4100-H-12MP |
EX4100-H-12-MMK | Magnet Mount Kit for EX4100-H-12MP |
EX4100-H-12-RMK | 2 post Rack Mount for EX4100-H-12MP |
EX4100-H-12-WMK | Wall Mount Kit for EX4100-H-12MP |
EX4100-H-12-RM-DRK | 2 post Rack Mount Kit with Din Rail for EX4100-H-12MP |
* Note for mounting kits: EX4100-H-MMK is not recommended to use near power substation utilities and near railway tracks. | |
Spare Chassis | |
EX4100-H-12MP-CHAS | Spare chassis, 4x100 MB/1GbE/2.5GbE + 8x10MB/100 MB/1GbE ports PoE++ (optics, power supplies, and fans sold separately) |
About Juniper Networks
Juniper Networks believes that connectivity is not the same as experiencing a great connection. Juniper's AI‑Native Networking Platform is built from the ground up to leverage AI to deliver the best and most secure user experiences from the edge to the data center and cloud. Additional information can be found at Juniper Networks (www.juniper.net) or connect with Juniper on X (Twitter), LinkedIn, and Facebook.
1000802 - 002 - EN DECEMBER 2024