Product Overview

The EX4100 line of Ethernet access switches offers secure, cloud-ready access for enterprise campus, branch, and data center networks in the AI era and optimized for the cloud. These platforms boost network performance and visibility, meeting the security demands of today—as well as for networks of the next decade.

As part of the underlying infrastructure for Juniper Mist Wired Assurance, the EX4100 line is purpose-built for, and managed by, the cloud. The switches leverage Mist AI to simplify operations and provide better visibility into the experience of connected devices, delivering a refreshing, experience-first approach to access layer switching.

 

ex4100-48p-frontwtop-low

Product Description

The Juniper Networks® EX4100 line of Ethernet Switches offers a secure, cloud-ready portfolio of access switches ideal for enterprise branch, campus, and data center networks. The EX4100 switches combine the simplicity of the cloud, the power of Mist AI, and a robust hardware foundation with best-in-class security and performance to deliver a differentiated approach to access switching in the cloud, mobile, and IoT era. With Juniper® Mist Wired Assurance, the EX4100 line of Switches can be effortlessly onboarded, configured, and managed from the cloud. This simplifies operations, improves visibility, and ensures a much better experience for connected devices.

Key features of the EX4100 include:

  • Cloud-ready, driven by Mist AI with Juniper Mist Wired Assurance and Marvis Virtual Network Assistant
  • Ethernet VPN–Virtual Extensible LAN (EVPN-VXLAN) to the access layer
  • Standards-based microsegmentation using group-based policies (GBPs)
  • Switch-to-switch encryption using Media Access Control Security (MACsec) AES256
  • IEEE 802.3bt Power over Ethernet Plus (PoE++)
  • Flow-based telemetry to monitor traffic flows for anomaly detection, ability to measure packet delays and report drop reasons
  • Precision Timing Protocol–Transparent Clock
  • 10-member Virtual Chassis support

Offering a full suite of Layer 2 and Layer 3 capabilities, the EX4100 enables multiple deployments, including campus, branch, and data center top-of-rack deployments. As scale requirements increase, Juniper’s Virtual Chassis technology allows up to 10 EX4100 switches to be seamlessly interconnected and managed as a single device, delivering a scalable, pay-as-you-grow solution for expanding network environments.

The EX4100 family of Ethernet switches consists of the following models:

  • The EX4100-48MP, which offers 16 x 100 MB/1GbE/2.5GbE and 32 x 10 MB/100 MB/1GbE Power over Ethernet (PoE++) access ports, delivering up to 90 W per PoE port with an overall total 1620 W of PoE power budget (using two power supplies)
  • The EX4100-24MP, which offers 8 x 100 MB/1GbE/2.5GbE/5GbE/10GbE and 16 x 10 MB/100 MB/1GbE PoE++ access ports, delivering up to 90 W per port with an overall total 1620 W of PoE power budget (using two power supplies)
  • The EX4100-24T, which offers 24 x 1GbE non-PoE access ports
  • The EX4100-24P, which offers 24 x 1GbE PoE+ access ports, delivering up to 30 W per port with an overall total 1440 W of PoE power budget (using two power supplies)
  • The EX4100-48T, which offers 48 x 1GbE non PoE-access ports
  • The EX4100-48P, which offers 48 x 1GbE PoE+ access ports, delivering up to 30 W per port with an overall total 1440 W of PoE power budget (using two power supplies)

Each EX4100 model offers 4 x 1/10GbE small form-factor pluggable plus transceiver (SFP+) fixed uplink ports. The EX4100 switches include 4 x 10GbE/25GbE SFP28 ports to support Virtual Chassis connections, which can be reconfigured for use as Ethernet ports for uplink connectivity. EX4100 switches also include high availability (HA) features such as redundant, hot-swappable power supplies and field-replaceable fans to ensure maximum uptime. In addition, -24 port and -48 port Multi-Gigabit Ethernet EX4100 switch models offer standards-based 802.3af/at/bt (PoE/PoE+/PoE++) for delivering up to 90 watts on any access port. The EX4100 switches can be configured to deliver fast PoE capability, which enables the switches to deliver PoE power to connected PoE devices within a few seconds of power being applied to the switches.

 

Architecture and Key Components

Cloud Management with Juniper Mist Wired Assurance Driven by Mist AI

EX4100 switches can be quickly and easily onboarded (Day 0), provisioned (Day 1), and managed (Day 2+) from the cloud with Juniper Mist Wired Assurance, which brings AI-powered automation and insights that optimize experiences for end users and connected devices. The EX4100 provides rich Junos® operating system telemetry data for Mist AI, which helps achieve simpler operations, shorter mean time to repair (MTTR), and streamlined troubleshooting. For more information, read the Juniper Mist Wired Assurance datasheet.

In addition to Juniper Mist Wired Assurance, Marvis Virtual Network Assistant—a key part of The Self-Driving Network™— makes the Mist AI engine interactive. A digital extension of the IT team, Marvis offers automatic fixes or recommended actions, allowing IT teams to streamline how they troubleshoot and manage their network operations.

 

EX4100 Virtual Chassis configuration interconnected via dedicated front-panel 25GbE ports

Figure 1: EX4100 Virtual Chassis configuration interconnected via dedicated front-panel 25GbE ports

EVPN-VXLAN Technology

Most traditional campus networks have a single-vendor, chassis-based architecture that worked well for smaller, static campuses with few endpoints. However, this approach is too rigid to support the changing needs of modern campus networks. The EX4100 supports EVPN-VXLAN, extending an end-to-end fabric from campus core to distribution to the access layer.

An EVPN-VXLAN fabric is a simple, programmable, highly scalable architecture built on open standards. This technology can be applied in both data centers and campuses for architectural consistency. A campus EVPN-VXLAN architecture uses a Layer 3 IP-based underlay network and an EVPN-VXLAN overlay network. A flexible overlay network based on a VXLAN overlay with an EVPN control plane efficiently provides Layer 2 and/or Layer 3 connectivity throughout the network. EVPN-VXLAN also offers a scalable way to build and interconnect multiple campus sites, delivering:

  • Greater consistency and scalability across all network layers
  • Multivendor deployment support
  • Reduced flooding and learning
  • Location-agnostic connectivity
  • Consistent network segmentation
  • Simplified management

 

Virtual Chassis Technology

Juniper’s Virtual Chassis technology allows multiple interconnected switches to operate as a single, logical unit, enabling users to manage all platforms as one virtual device. Up to 10 EX4100 switches can be interconnected as a Virtual Chassis using 4 x 25GbE SFP28 dedicated front-panel ports. Although configured as Virtual Chassis ports by default, the 4 x 25GbE SFP28 uplinks can also be configured as uplink ports. The EX4100 switches can form a Virtual Chassis with any other models within the EX4100 product line.

 

Microsegmentation Using Group-Based Policy

GBP leverages underlying VXLAN technology to provide location-agnostic endpoint access control. This allows network administrators to implement consistent security policies across the enterprise network domains. The EX4100 supports a standards-based GBP solution, allowing different levels of access control for endpoints and applications even within the same VLAN. Customers can simplify their network configuration by using GBP, avoiding the need to configure large numbers of firewall filters on all their switches. GBP can block lateral threats by ensuring consistent application of security group policies throughout the network, regardless of the location of endpoints and/or users.

 

Flow-Based Telemetry

Flow-based telemetry enables flow-level analytics, allowing network administrators to monitor thousands of traffic flows on the EX4100 without burdening the CPU. This improves network security by monitoring, baselining, and detecting flow anomalies. For example, if predefined flow thresholds are breached due to an attack, IP Flow Information Export (IPFIX) alerts can be sent to an external server to quickly identify the attack. Network administrators can also automate specific workflows, such as further examining the traffic or quarantining a port, to triage the issue. In addition to DOS attacks, Flow-Based Telemetry on EX4100 switches can measure packet delays at ingress, chip, and egress points, as well as report drop reasons.

 

Features and Benefits

Simplified Operations with Juniper Mist Wired Assurance

The EX4100 is fully cloud onboarded, provisioned, and managed by Juniper Mist Wired Assurance. The EX4100 is designed from the ground up to deliver the rich telemetry that enables AI for IT Operations (AIOps) with simplified operations from Day 0 to Day 2 and beyond. Juniper Mist Wired Assurance provides detailed switch insights for easier troubleshooting and improved time to resolution by offering the following features:

  • Day 0 operations—Onboard switches seamlessly by claiming a greenfield switch or adopting a brownfield switch with a single activation code for true plug-and-play simplicity.
  • Day 1 operations—Implement a template-based configuration model for bulk rollouts of traditional and campus fabric deployments, while retaining the flexibility and control required to apply custom site- or switch-specific attributes. Automate provisioning of ports via Dynamic Port Profiles.
  • Day 2 operations—Leverage the AI in Juniper Mist Wired Assurance to meet service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 1). Add the self-driving capabilities in Marvis Actions to detect loops, add missing VLANs, fix misconfigured ports, identify bad cables, isolate flapping ports, and discover persistently failing clients (see Figure 2). And perform software upgrades easily through Juniper Mist Cloud.

 

Juniper Mist Wired Assurance service-level expectations screen

Figure 2: Juniper Mist Wired Assurance service-level expectations screen

Marvis Actions for wired switches

Figure 3: Marvis Actions for wired switches

The complimentary addition of Marvis Virtual Network Assistant, driven by Mist AI, lets you start building a Self-Driving Network that simplifies network operations and streamlines troubleshooting via automatic fixes for Juniper Networks EX Series Switches or recommended actions for external systems.

For more information, see Juniper Mist Wired Assurance.

 

Campus Fabric Deployments

EVPN-VXLAN for Campus Core, Distribution, and Access

The main advantages of EVPN-VXLAN in campus networks are:

  • Flexibility of consistent VLANs across the network: Endpoints can be placed anywhere in the network and remain connected to the same logical L2 network, enabling a virtual topology to be decoupled from the physical topology.
  • Microsegmentation: The EVPN-VXLAN-based architecture lets you deploy a common set of policies and services across campuses with support for L2 and L3VPNs.
  • Scalability: With an EVPN control plane, enterprises can scale out easily by adding more core, aggregation, and access layer devices as the business grows without having to redesign the network or perform a forklift upgrade. Using an L3 IP-based underlay coupled with an EVPN-VXLAN overlay, campus network operators can deploy much larger and more resilient networks than would otherwise be possible with traditional L2 Ethernet-based architectures.

Juniper offers complete flexibility in choosing any of the following validated EVPN-VXLAN campus fabrics that cater to networks of different sizes, scale, and segmentation requirements:

EVPN multihoming (on collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single layer, turning the traditional three-tier hierarchal network into a two-tier network. EVPN Multihoming on a collapsed core eliminates the need for Spanning Tree Protocol (STP) across campus networks by providing link aggregation capabilities from the access layer to the core layer. This topology is best suited for small to medium distributed enterprise networks and allows for consistent VLANs across the network. This topology uses ESI (Ethernet Segment Identifier) LAG (Link Aggregation) and is a standards-based protocol.

Campus Fabric Core distribution: When EVPN VXLAN is configured across core and distribution layers, it becomes a campus Fabric Core Distribution architecture, which can be configured in two modes: centrally or edge routed bridging overlay. This architecture provides an opportunity for an administrator to move towards campus-fabric IP Clos without fork-lift upgrade of all access switches in the existing network, while bringing in the advantages of moving to a campus fabric and providing an easy way to scale out the network.

Campus Fabric IP Clos: When EVPN VXLAN is configured on all layers including access, it is called the campus fabric IP Clos architecture. This model is also referred to as “end-to-end,” given that VXLAN tunnels are terminated at the access layer. Due to the availability of VXLAN at access, it provides us with the opportunity to bring policy enforcement to the access layer (closest to the source) using Group Based Policy (GBP). Standards-based GBP tags bring the unique option to segment traffic both at a micro and macro level. GBP tags are assigned dynamically to clients as part of Radius transaction by Mist Cloud NAC. This topology works for small-medium and large campus architectures that need macro and micro segmentation.

 

Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architectures

Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architectures

All three topologies are standards-based and interoperable with third-party vendors.

The EX4100 switches can be deployed in campus and branch access layer networks in the EVPN-VXLAN architectures shown in Figure 4.

 

Managing AI-Driven Campus Fabric with the Juniper Mist Cloud

Juniper Mist Wired Assurance brings cloud management and Mist AI to the campus fabric. It sets a new standard that moves away from traditional network management towards AI-driven operations, while delivering better experiences to connected devices. Juniper Mist Cloud streamlines deployment and management of campus fabric architectures by allowing:

  • Automated deployment and zero-touch deployment (ZTD)
  • Anomaly detection
  • Root cause analysis

 

PN multihoming configuration via the Juniper Mist cloud

Figure 5: EVPN multihoming configuration via the Juniper Mist cloud

Chassis-Class Availability

The EX4100 switches deliver high availability through redundant power supplies and fans, graceful Routing Engine switchover (GRES), and nonstop bridging and routing when deployed in a Virtual Chassis configuration.

In a Virtual Chassis configuration, each EX4100 switch is capable of functioning as a Routing Engine (RE). When two or more EX4100 switches are interconnected, a single control plane is shared among all Virtual Chassis member switches. Junos OS automatically initiates an election process to assign a primary (active) and backup (hot-standby) RE. An integrated L2 and L3 GRES feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a primary RE failure.

When more than two switches are interconnected in a Virtual Chassis configuration, the remaining switch elements act as line cards and are available to assume the backup RE position should the designated primary RE fail. Primary, backup, and line card priority status can be assigned to dictate the order of ascension; this N+1 RE redundancy, coupled with the GRES, nonstop active routing (NSR), and nonstop bridging (NSB) capabilities of Junos OS, assures a smooth transfer of control plane functions following unexpected failures.

The EX4100 implements the same slot/module/port numbering scheme as other Juniper chassis-based products when numbering Virtual Chassis ports, providing true chassis-like operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, greatly simplifying overall system maintenance and management.

Individually, the EX4100 offers a number of HA features that are typically associated with modular chassis-based switches. When combined with the field-proven Junos OS and L2/L3 failover capabilities, these features provide the EX4100 with true carrier-class reliability.

  • Redundant power supplies: The EX4100 line of switches supports redundant, load-sharing, hot-swappable, and field-replaceable power supplies to maintain uninterrupted operations. Thanks to its compact footprint, the EX4100 requires significantly less power than chassis-based switches delivering equivalent port densities.
  • Hot-swappable fans: The EX4100 includes hot-swappable fans, providing sufficient cooling (for a short duration) even if one of the fans were to fail.
  • Nonstop bridging and nonstop active routing: NSB and NSR on the EX4100 ensure that control plane protocols, states, and tables are synchronized between primary and standby REs to prevent protocol flaps or convergence issues following an RE failover.
  • Redundant trunk group (RTG): To avoid the complexities of STP without sacrificing network resiliency, the EX4100 employs redundant trunk groups to provide the necessary port redundancy and simplify switch configuration.
  • Cross-member link aggregation: Cross-member link aggregation allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.
  • IPv4 and IPv6 routing support: IPv4 and IPv6 Layer 3 routing (OSPF and BGP) is available with a Flex license, enabling highly resilient networks.

 

MACsec AES256

The EX4100 switches support IEEE 802.1ae MACsec with AES-256-bit encryption to increase security of point-to-point traffic communications. MACsec provides encrypted communication at the link layer that is capable of identifying and preventing threats from denial of service (DoS) and other intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on ports, the traffic is encrypted on the wire, but the traffic inside the switch is not. This allows the switch to apply network policies such as quality of service (QoS) or deep packet inspection (DPI) to each packet without compromising the security of packets on the wire.

 

PoE/PoE+/PoE++ Power, Perpetual and Fast PoE

The EX4100 delivers PoE for supporting connected devices such as phones, surveillance cameras, IoT devices, and 802.11AX/Wi-Fi 6 access points, offering a PoE power budget of up to 1620W and supporting up to 90W per port based on the IEEE 802.3bt PoE standard.

EX4100 switches support perpetual PoE, which provides uninterrupted power to connected PoE powered devices (PDs) even when the EX4100 switch is rebooting.

The EX4100 switches also support a fast PoE capability that delivers PoE power to connected endpoints during a switch power-up, even before the switch is fully operational. This is especially beneficial in situations where the endpoint only needs the power and is not necessarily dependent on network connectivity.

 

Junos Telemetry Interface

The EX4100 supports Junos telemetry interface (JTI), a modern telemetry streaming feature designed for switch health and performance monitoring. Sensor data can be streamed to a management system at configurable periodic intervals, enabling network administrators to monitor individual link and node utilization as well as troubleshoot issues such as network congestion in real time. JTI delivers the following features:

  • Performance management by provisioning sensors to collect and stream data and analyze application and workload flow paths through the network
  • Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts
  • Troubleshooting and root cause analysis via high-frequency monitoring and correlation of overlay and underlay networks

 

Junos Operating System

The EX4100 switches run Junos OS, Juniper’s powerful and robust network operating system that powers all Juniper switches, routers, and firewalls. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code and employs a highly available modular architecture to prevent isolated failures from bringing down an entire system.

These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities are maintained and operate in the same way.

 

Flex Licensing

Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs. Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license.

The Flex Advanced and Flex Premium licenses for the EX Series platforms are class-based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 ports, and Class 3 (C3) switches have 32 or 48 ports.

The EX4100 switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos OS features, the Flex Advanced and Flex Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Flex Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer.

For a complete list of features supported by the Flex Standard, Advanced, and Premium tiers, or to learn about Junos OS EX Series licenses, please visit: https://www.juniper.net/documentation/us/en/software/license/licensing/topics/concept/ flex-licenses-for-ex.html.

 

Enhanced Limited Lifetime Warranty

The EX4100 includes an enhanced limited lifetime hardware warranty that provides return-to-factory switch replacement for as long as the original purchaser owns the product. The warranty includes lifetime software updates, advanced shipping of spares within one business day, and 24×7 Juniper Networks Technical Assistance Center (JTAC) support for 90 days after the purchase date. Power supplies and fan trays are covered for a period of five years. For complete details, please visit https://support.juniper.net/support/pdf/warranty/990240.pdf.

 

Product Options

Available EX4100 models are listed in Table 1.

Table 1. EX4100 Line of Ethernet Switches
Model/Product SKU Access Port Configuration PoE/PoE+Ports PoE++Ports PoE Budget 1 PSU/2 PSU 10GbE Ports 25GbE Ports Power Supply Rating Cooling
EX4100-24T 24-port
10/100/1000BASE-T
0 0 N/A 4 4 150 W AC AFO (front-to-back airflow)
EX4100-48T 48-port
10/100/1000BASE-T
0 0 N/A 4 4 150 W AC AFO (front-to-back airflow)
EX4100-48T-AFI 48-port
10/100/1000BASE-T
0 0 N/A 4 4 150 W AC AFI (back-to-front airflow)
EX4100-24T-DC 24-port
10/100/1000BASE-T
0 0 N/A 4 4 150 W DC AFO (front-to-back airflow)
EX4100-48T-DC 48-port
10/100/1000BASE-T
0 0 N/A 4 4 150 W DC AFO (front-to-back airflow)
EX4100-24P 24-port
10/100/1000BASE-T
24 0 740 W/1440 W 4 4 920 W AC AFO (front-to-back airflow)
EX4100-48P 48-port
10/100/1000BASE-T
48 0 740 W/1440 W 4 4 920 W AC AFO (front-to-back airflow)
EX4100-24MP 8x 100
MB/1GbE/2.5GbE/5GbE/10GbE + 16x 10 MB/100 MB/1GbE
0 24 740W/1620 W 12 4 920 W AC AFO (front-to-back airflow)
EX4100-48MP 16x 100 MB/1GbE/2.5GbE
+ 32x 10 MB/100 MB/1GbE
0 48 740 W/1620 W 4 4 920 W AC AFO (front-to-back airflow)

 

The EX4100 also offers spare chassis options without power supplies or fans, providing customers with the flexibility to stock SKUs (see Table 2). See the Ordering Information section for additional details.

 

Table 2. EX4100 Spare Chassis SKUs
Spare Chassis SKU Description JPSU-150-AC-AFO +
EX4100-FAN-AFO
JPSU-150-AC-AFI +
EX4100-FAN-AFI
JPSU-150-DC-AFO +
EX4100-FAN-AFO
JPSU-920-AC-AFO +
EX4100-FAN-AFO
EX4100-24T-CHAS Spare chassis, 24-port
10/100/1000BASE-T
Y X Y X
EX4100-48T-CHAS Spare chassis, 48-port
10/100/1000BASE-T
Y Y X X
EX4100-24P-CHAS Spare chassis, 24-port
10/100/1000BASE-T
X X X Y
EX4100-48T-CHAS Spare chassis, 48-port
10/100/1000BASE-T
X X Y X
EX4100-24MP-CHAS Spare chassis,
8×100 MB/1GbE/2.5GbE/5GbE/10GbE +
16×10 MB/100 MB/1GbE ports
X X X Y
EX4100-48MP-CHAS Spare chassis,
16×100 MB/1GbE/2.5GbE +
32×10 MB/100 MB/1GbE ports
X X X Y

Y = supported; X = not supported

EX4100 family

Figure 6: EX4100 line of Switches

EX4100 Line Specifications

Physical Specifications

Backplane

  • 200 Gbps Virtual Chassis interconnect to combine up to 10 units as a single logical device

 

Power Options

  • Power supplies: Autosensing; 100-120 V/200-240 V; 150 W, 920 W AC AFO, and 150 W AC AFI dual load sharing hot-swappable internal redundant power supplies
  • Maximum current inrush: 30 amps
  • DC power supply: 150 W DC AFO; input voltage range 48-60 V max; dual load-sharing hot-swappable internal redundant power supplies
  • Minimum number of PSUs required for fully loaded chassis: 1 per switch

 

Dimensions (W x H x D)

  • Base Unit: 17.36 x 1.72 x 13.78 in (44.1 x 4.37 x 35 cm)
  • With power supply installed: 17.36 x 1.72 x 15.05 in (44.1 x 4.37 x 38.24 cm)
  • Height: 1 U

 

System Weight

  • EX4100-24T switch (with no power supply or fan module): 9.72 lb (4.41 kg)
  • EX4100-24P switch (with no power supply or fan module): 10 lb (4.54 kg)
  • EX4100-48T switch (with no power supply or fan module): 10 lb (4.54 kg)
  • EX4100-48P switch (with no power supply or fan module): 10.27 lb (4.66 kg)
  • EX4100-24MP switch (with no power supply or fan module): 10.06 lb (4.57 kg)
  • EX4100-48MP switch (with no power supply or fan module): 10.41 lb (4.72 kg)
  • 150 W AC power supply: 1.43 lb (0.65 kg)
  • 150 W DC power supply: 1.43 lb (0.65 kg)
  • 920 W AC power supply: 1.87 lb (0.85 kg)
  • Fan module: 0.16 lb (0.07 kg)

 

Environmental Ranges

  • Operating temperature: 32° to 113° F (0° to 45° C)
  • Storage temperature: -40° to 158° F (-40° to 70° C)
  • Operating altitude: Up to 5000 ft at 40° C (1828.8 m)
  • Nonoperating altitude: Up to 16,000 ft (4877 m)
  • Relative humidity operating: 5% to 90% (noncondensing)
  • Relative humidity non-operating: 0% to 90% (noncondensing)

 

Cooling [CFM] – Total maximum airflow with two power supplies and fans

  • Field-replaceable fans: 2
  • EX4100-24MP : 60.9
  • EX4100-48MP : 61.7
  • EX4100-24T : 65.6
  • EX4100-24T-DC : 64.8
  • EX4100-24P : 61.6
  • EX4100-48T : 65.8
  • EX4100-48T-DC : 66.2
  • EX4100-48T-AFI : 61.8
  • EX4100-48P : 64.1

 

Hardware Specifications Switching Engine Mode

  • Store and forward

 

Memory

  • DRAM: 4 GB with Error Correcting Code (ECC) on all models
  • Storage: 8 GB on all models

 

CPU

  • 1.7 GHz ARM CPU on all models

 

GbE Port Density per System

  • EX4100-24P/24T: 32 (24 1GbE host ports + 4 10GbE/25GbE ports + 4 1GbE/10GbE ports)
  • EX4100-48P/48T: 56 (48 1GbE host ports + 4 10GbE/25GbE ports + 4 1GbE/10GbE ports)
  • EX4100-24MP: 32 (8 10GbE host ports + 16 1GbE host ports + 4 10GbE/25GbE ports + 4 1GbE/10GbE ports)
  • EX4100-48MP: 56 (16 2.5GbE host ports + 32 1GbE host ports + 4 10GbE/25GbE ports + 4 port 1GbE/10GbE ports)

 

Physical Layer

  • Time domain reflectometry (TDR) for detecting cable breaks and shorts: EX4100-24P/T and EX4100-48P/T, EX4100-24MP and EX4100-48MP
  • Auto medium-dependent interface/medium-dependent interface crossover (MDI/MDIX) support: EX4100-24P/T, EX4100-48P/T, EX4100-24MP and EX4100-48MP
  • Port speed downshift/setting maximum advertised speed on
    • 10/100/1000BASE-T ports on EX4100-24P/T and EX4100-48P/T
    • 100/1000BASE-T/2.5GBASE-T/5GBASE-T/10GBASE-T on EX4100-24MP
    • 100/1000BASE-T/2.5GBASE-T on EX4100-48MP

 

Packet Switching Capacities (Maximum with 64 Byte Packets)

  • EX4100-24P/24T: 164 Gbps (unidirectional)/328 Gbps (bidirectional)
  • EX4100-48P/48T: 188 Gbps (unidirectional)/376 Gbps (bidirectional)
  • EX4100-24MP: 236 Gbps (unidirectional)/472 Gbps (bidirectional)
  • EX4100-48MP: 212 Gbps (unidirectional)/424 Gbps (bidirectional)

 

Software Specifications

Layer 2/Layer 3 Throughput (Mpps) (Maximum with 64 Byte Packets)

  • EX4100-48P/T 279 Mpps
  • EX4100-24P/T 244 Mpps
  • EX4100-48MP 315 Mpps
  • EX4100-24MP 351 Mpps

 

Security

  • Media Access Control (MAC) limiting (per port and per VLAN)
  • Allowed MAC addresses: 64,000
  • Dynamic Address Resolution Protocol (ARP) dynamic ARP inspection (DAI)
  • IP source guard
  • Local proxy ARP
  • Static ARP support
  • Dynamic Host Configuration Protocol (DHCP) snooping
  • Captive portal
  • Persistent MAC address configurations
  • Distributed denial of service (DDoS) protection (CPU control path flooding protection)

 

Layer 2 Switching

  • Maximum MAC addresses per system: 64,000
  • Jumbo frames: 9216 bytes
  • Range of possible VLAN IDs: 1 to 4094
  • Virtual Spanning Tree (VST) instances: 253
  • Port-based VLAN
  • Voice VLAN
  • Physical port redundancy: Redundant trunk group (RTG)
  • Compatible with Per-VLAN Spanning Tree Plus (PVST+)
  • Routed VLAN interface (RVI)
  • Uplink failure detection (UFD)
  • ITU-T G.8032: Ethernet Ring Protection Switching
  • IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
  • LLDP-MED with VoIP integration
  • Default VLAN and multiple VLAN range support
  • MAC learning deactivate
  • Persistent MAC learning (sticky MAC)
  • MAC notification
  • Private VLANs (PVLANs)
  • Explicit congestion notification (ECN)
  • Layer 2 protocol tunneling (L2PT)
  • IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
  • IEEE 802.1p: Class of service (CoS) prioritization
  • IEEE 802.1Q: VLAN tagging
  • IEEE 802.1X: Port Access Control
  • IEEE 802.1ak: Multiple Registration Protocol
  • IEEE 802.3: 10BASE-T
  • IEEE 802.3u: 100BASE-T
  • IEEE 802.3ab: 1000BASE-T
  • IEEE 802.3z: 1000BASE-X
  • IEEE 802.3ae: 10-Gigabit Ethernet
  • IEEE 802.3by: 25-Gigabit Ethernet
  • IEEE 802.3af: Power over Ethernet
  • IEEE 802.3at: Power over Ethernet Plus
  • IEEE 802.3bt: 90 W Power over Ethernet
  • IEEE 802.3x: Pause Frames/Flow Control
    • IEEE 802.3ah: Ethernet in the First Mile

 

Spanning Tree

  • IEEE 802.1D: Spanning Tree Protocol
  • IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
  • Number of MST instances supported: 64
  • Number of VLAN Spanning Tree Protocol (VSTP) instances supported: 253
  • IEEE 802.1w: Rapid reconfiguration of Spanning Tree Protocol

 

Link Aggregation

  • IEEE 802.3ad: Link Aggregation Control Protocol
  • 802.3ad (LACP) support:
  • Number of LAGs supported: 128
    • Maximum number of ports per LAG: 8
  • LAG load-sharing algorithm bridged or routed (unicast or multicast) traffic:
    • IP: S/D IP
    • TCP/UDP: S/D IP, S/D Port
    • Non-IP: S/D MAC
    • Tagged ports support in LAG

 

Layer 3 Features: IPv4

  • Maximum number of ARP entries: 32,000
  • Maximum number of IPv4 unicast routes in hardware: 32,650 prefixes; 32,150 host routes
  • Maximum number of IPv4 multicast routes in hardware: 16,100 multicast routes
  • Routing protocols: RIPv1/v2, OSPF, BGP, IS-IS
  • Static routing
  • Routing policy
  • Bidirectional Forwarding Detection (BFD)
  • L3 redundancy: Virtual Router Redundancy Protocol (VRRP)
  • VRF-Lite

 

Layer 3 Features: IPv6

  • Maximum number of neighbor discovery (ND) entries: 16,000
  • Maximum number of IPv6 unicast routes in hardware: 16,200 prefixes; 16,050 host routes
  • Maximum number of IPv6 multicast routes in hardware: 8000 multicast routes
  • Routing protocols: RIPng, OSPFv3, IPv6, IS-IS
  • Static routing

 

Access Control Lists (ACLs) (Junos OS Firewall Filters)

  • ACL entries (ACE) in hardware per system:
    • Port-based ACL (PACL) ingress: 4092
    • VLAN-based ACL (VACL) ingress: 4092
    • Router-based ACL (RACL) ingress: 4092
    • Port-based ACL (PACL) egress: 1022
    • VLAN-based ACL (VACL) egress: 511
    • Egress across RACL: 1022
    • ACL counter for denied packets
  • ACL counter for permitted packets
  • Ability to add/remove/change ACL entries in middle of list (ACL editing)
  • L2-L4 ACL

 

Access Security

  • 802.1X port-based
  • 802.1X multiple supplicants
  • 802.1X with VLAN assignment
  • 802.1X with authentication bypass access (based on host MAC address)
  • 802.1X with VoIP VLAN support
  • 802.1X dynamic ACL based on RADIUS attributes
  • 802.1X Supported Extensible Authentication Protocol (EAP) types: Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled TLS (TTLS), Protected Extensible Authenticated Protocol (PEAP)
  • MAC authentication (RADIUS)
  • Control plane DoS protection
  • Radius functionality over IPv6 for authentication, authorization, and accounting (AAA)
  • DHCPv6 snooping
  • IPv6 neighbor discovery
  • IPv6 source guard
  • IPv6 router advertisement (RA) guard
  • IPv6 Neighbor Discovery Inspection
  • MACsec

 

High Availability

  • Redundant, hot-swappable power supplies
  • Redundant, field-replaceable, hot-swappable fans
  • GRES for Layer 2 hitless forwarding and Layer 3 protocols on RE failover
  • Graceful protocol restart (OSPF, BGP)
  • Layer 2 hitless forwarding on RE failover
  • Nonstop bridging: LACP, xSTP
  • Nonstop routing: PIM, OSPF v2 and v3, RIP v2, RIPng, BGP, BGPv6, IS-IS, IGMP v1, v2, v3

 

Quality of Service

  • L2 QoS
  • L3 QoS
  • Ingress policing: 1 rate 2 color
  • Hardware queues per port: 12 (8 unicast + 4 multicast)
  • Scheduling methods (egress): Strict priority (SP), weighted deficit round-robin (WDRR)
  • 802.1p, DiffServ code point (DSCP)/IP precedence trust and marking
  • L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP precedence, TCP/UDP port numbers, and more
  • Congestion avoidance capabilities: Tail drop, weighted random early detection (WRED)

 

Multicast

  • IGMP: v1, v2, v3
  • IGMP snooping
  • Multicast Listener Discovery (MLD) snooping
  • Protocol Independent Multicast-Sparse Mode (PIM-SM), PIM Source-Specific Mode (PIM-SSM), PIM Dense Mode (PIM-DM)

 

Management and Analytics Platforms

  • Juniper Mist Wired Assurance for campus
  • Junos Space® Network Director for campus
  • Junos Space Management Applications

 

Device Management and Operations

  • Junos OS CLI
  • Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
  • Rescue configuration
  • Configuration rollback
  • Image rollback
  • RMON (RFC2819) groups 1, 2, 3, 9
  • Remote performance monitoring
  • SNMP: v1, v2c, v3
  • Network Time Protocol (NTP)
  • DHCP server
  • DHCP client and DHCP proxy
  • DHCP relay and helper
  • DHCP local server support
  • RADIUS
  • TACACS+
  • SSHv2
  • Secure copy
  • HTTP/HTTPs
  • Domain Name System (DNS) resolver
  • System logging
  • Temperature sensor
  • Configuration backup via FTP/secure copy

 

Supported RFCs

  • RFC 768 UDP
  • RFC 783 TFTP
  • RFC 791 IP
  • RFC 792 ICMP
  • RFC 793 TCP
  • RFC 826 ARP
  • RFC 854 Telnet client and server
  • RFC 894 IP over Ethernet
  • RFC 903 RARP
  • RFC 906 TFTP Bootstrap
  • RFC 951, 1542 BootP
  • RFC 1027 Proxy ARP
  • RFC 1058 RIP v1
  • RFC 1112 IGMP v1
  • RFC 1122 Host Requirements
  • RFC 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments (TCP/IP transport only)
  • RFC 1256 IPv4 ICMP Router Discovery (IRDP)
  • RFC 1492 TACACS+RFC 1519 CIDR
  • RFC 1587 OSPF NSSA Option
  • RFC 1591 DNS
  • RFC 1812 Requirements for IP Version 4 Routers
  • RFC 1981 Path MTU Discovery for IPv6
  • RFC 2030 SNTP, Simple Network Time Protocol
  • RFC 2068 HTTP server
  • RFC 2080 RIPng for IPv6
  • RFC 2131 BOOTP/DHCP relay agent and DHCP server
  • RFC 2138 RADIUS Authentication
  • RFC 2139 RADIUS Accounting
  • RFC 2154 OSPF w/Digital Signatures (password, MD-5)
  • RFC 2236 IGMP v2
  • RFC 2267 Network Ingress Filtering
  • RFC 2328 OSPF v2 (edge-mode)
  • RFC 2338 VRRP
  • RFC 2362 PIM-SM (edge-mode)
  • RFC 2370 OSPF Opaque LSA Option
  • RFC 2453 RIP v2
  • RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
  • RFC 2461 Neighbor Discovery for IP Version 6 (IPv6)
  • RFC 2463 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
    • RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
    • RFC 2474 DiffServ Precedence, including 12 queues/port
    • RFC 2475 DiffServ Core and Edge Router Functions
    • RFC 2526 Reserved IPv6 Subnet Anycast Addresses
    • RFC 2597 DiffServ Assured Forwarding (AF)
    • RFC 2598 DiffServ Expedited Forwarding (EF)
    • RFC 2740 OSPF for IPv6
    • RFC 2925 MIB for Remote Ping, Trace
    • RFC 3176 sFlow
    • RFC 3376 IGMP v3
    • RFC 3484 Default Address Selection for Internet Protocol Version 6 (IPv6)
    • RFC 3513 Internet Protocol Version 6 (IPv6) Addressing Architecture
    • RFC 3569 draft-ietf-ssm-arch-06.txt PIM-SSM PIM Source Specific Multicast
    • RFC 3579 RADIUS EAP support for 802.1x
    • RFC 3618 Multicast Source Discovery Protocol (MSDP)
    • RFC 3623 OSPF Graceful Restart
    • RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
    • RFC 4291 IPv6 Addressing Architecture
    • RFC 4443 ICMPv6 for the IPv6 Specification
    • RFC 4541 IBMP and MLD snooping services
    • RFC 4552 OSPFv3 Authentication
    • RFC 4861 Neighbor Discovery for IPv6
    • RFC 4862 IPv6 Stateless Address Autoconfiguration
    • RFC 4915 MT-OSPF
    • RFC 5095 Deprecation of Type 0 Routing Headers
    • RFC 5176 Dynamic Authorization Extensions to RADIUS
    • RFC 5798 VRRPv3 for IPv6
    • Draft-ietf-bfd-base-05.txt Bidirectional Forwarding Detection
    • Draft-ietf-idr-restart-10.txt Graceful Restart Mechanism
    • Draft-ietf-isis-restart-02 Restart Signaling for IS-IS
    • Draft-ietf-isis-wg-multi-topology-11 Multi Topology (MT) Routing in IS-IS for BGP
    • Internet draft-ietf-isis-ipv6-06.txt, Routing IPv6 with IS-IS
    • LLDP Media Endpoint Discovery (LLDP-MED), ANSI/ TIA-1057, draft 08
    • PIM-DM Draft IETF PIM Dense Mode draft-ietf-idmr- pimdm-05.txt, draft-ietf-pim-dm-new-v2-04.txt

 

Supported MIBs

  • RFC 1155 SMI
  • RFC 1157 SNMPv1
  • RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs
  • RFC 1493 Bridge MIB
  • RFC 1643 Ethernet MIB
  • RFC 1657 BGP-4 MIB
  • RFC 1724 RIPv2 MIB
  • RFC 1850 OSPFv2 MIB
  • RFC 1905 RFC 1907 SNMP v2c, SMIv2 and Revised MIB-II
  • RFC 2011 SNMPv2 for Internet Protocol using SMIv2
  • RFC 2012 SNMPv2 for transmission control protocol using SMIv2
  • RFC 2013 SNMPv2 for user datagram protocol suing SMIv2
  • RFC 2096 IPv4 Forwarding Table MIB
  • RFC 2287 System Application Packages MIB
  • RFC 2570–2575 SNMPv3, user based security, encryption, and authentication
  • RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3
  • RFC 2578 SNMP Structure of Management Information MIB
  • RFC 2579 SNMP Textual Conventions for SMIv2
  • RFC 2665 Ethernet-like interface MIB
  • RFC 2787 VRRP MIB
  • RFC 2819 RMON MIB
  • RFC 2863 Interface Group MIB
  • RFC 2863 Interface MIB
  • RFC 2922 LLDP MIB
  • RFC 2925 Ping/Traceroute MIB
  • RFC 2932 IPv4 Multicast MIB
  • RFC 3413 SNMP Application MIB
  • RFC 3414 User-based Security model for SNMPv3
  • RFC 3415 View-based Access Control Model for SNMP
  • RFC 3621 PoE-MIB (PoE switches only)
  • RFC 4188 STP and Extensions MIB
  • RFC 4363 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and VLAN extensions
  • RFC 5643 OSPF v3 MIB support
  • Draft – blumenthal – aes – usm – 08
  • Draft – reeder – snmpv3 – usm – 3desede -00
  • Draft-ietf-bfd-mib-02.txt
  • Draft-ietf-idmr-igmp-mib-13
  • Draft-ietf-idmr-pim-mib-09
  • Draft-ietf-idr-bgp4-mibv2-02.txt – Enhanced BGP-4 MIB
  • Draft-ietf-isis-wg-mib-07

 

Troubleshooting

  • Debugging: CLI via console, Telnet, or SSH
  • Diagnostics: Show and debug command, statistics
  • Traffic mirroring (port)
  • Traffic mirroring (VLAN)
  • IP tools: Extended ping and trace
  • Juniper Networks commit and rollback

 

Traffic Monitoring

  • ACL-based mirroring
  • Mirroring destination ports per system: 4
    • LAG port monitoring
    • Multiple destination ports monitored to 1 mirror (N:1)
  • Maximum number of mirroring sessions: 4
  • Mirroring to remote destination (over L2): 1 destination VLAN

Safety and Compliance

Electromagnetic Compatibility (EMC) Requirements

  • FCC 47 CFR Part 15
  • ICES-003 / ICES-GEN
  • EN 300 386 V1.6.1
  • EN 300 386 V2.1.1
  • EN 55032
  • CISPR 32
  • EN 55024
  • CISPR 24
  • EN 55035
  • CISPR 35
  • IEC/EN 61000 Series
  • AS/NZS CISPR 32
  • VCCI-CISPR 32
  • BSMI CNS 13438
  • KN 32 and KN 35
  • KN 61000 Series
  • TEC/SD/DD/EMC-221/05/OCT-16
  • TCVN 7189
  • TCVN 7317

 

Safety Requirements Chassis and Optics

  • CAN/CSA-C22.2 No. 62368-1 and 60950-1
  • UL 62368-1 and 60950-1
  • IEC 62368-1 and 60950-1 (All country deviations): CB Scheme report
  • IEC 62368-3 for USB and PoE: CB Scheme report
  • CFR, Title 21, Chapter 1, Subchapter J, Part 1040
  • REDR c 1370 OR CAN/CSA-E 60825-1- Part 1
  • IEC 60825-1
  • IEC 60825-2

 

Energy Efficiency

  • AT&T TEER (ATIS-06000015.03.2013)
  • ECR 3.0.1
  • ETSI ES 203 136 V.1.1.1
  • Verizon TEEER (VZ.TPR.9205)

 

Environmental

  • Reduction of Hazardous Substances (ROHS) 6/6

 

Telco

  • CLEI code

Noise Specifications

  • Noise measurements based on operational tests taken from bystander position (front) and performed at 23° C in compliance with ISO 7779.

 

Juniper Networks Services and Support

Juniper Networks is the leader in performance-enabling services that are designed to accelerate,