Overview:

The EX4400 line of Ethernet access switches offers secure, cloud-ready access for enterprise campus, branch, and data center networks for the AI era and optimized for the cloud. The platforms boost network performance and visibility, meeting the security demands of today as well as for networks of the next decade.

As part of the underlying infrastructure for Juniper Mist Wired Assurance, the EX4400 is purpose-built for, and managed by, the cloud. The switch leverages Mist AI to simplify operations and provide better visibility into the experience of connected devices, delivering a refreshing, user experience-first approach to access layer switching.

The Juniper Networks EX4400 line of Ethernet switches offers a secure, cloud-ready portfolio of access switches ideal for enterprise branch, campus, and data center networks. The EX4400 switches combine the simplicity of the cloud, the power of Mist AI™, and a robust hardware foundation with best-in-class security and performance to deliver a differentiated approach to access switching in the cloud, mobile, and IoT era. With Juniper Mist™ Wired Assurance, the EX4400 can be effortlessly onboarded, configured, and managed from the cloud. This simplifies operations, improves visibility, and ensures a much better experience for connected devices.

Key features of the EX4400 include:

  • Cloud-ready, driven by Mist AI with Juniper Mist Wired Assurance and Marvis Virtual Network Assistant
  • Ethernet VPN–Virtual Extensible LAN (EVPN-VXLAN) to the access layer
  • End-to-end encryption using Media Access Control Security (MACsec) AES256
  • IEEE 802.3bt Power over Ethernet (PoE++)
  • Standards-based microsegmentation using group-based policies (GBP)
  • Flow-based telemetry to monitor traffic flows for anomaly detection
  • 10-member Virtual Chassis support

Offering a full suite of Layer 2 and Layer 3 capabilities, the EX4400 enables a variety of deployments, including campus, branch, and data center top-of-rack deployments. As requirements grow, Juniper’s Virtual Chassis technology allows up to 10 EX4400 switches to be seamlessly interconnected and managed as a single device, delivering a scalable, pay-as-you-grow solution for expanding network environments.

The EX4400 line consists of SKUs:

  • The EX4400-48MP, which offers 12 x 100M/1/2.5/5/10GbE GbE and 36 x 100M/1/2.5GbE PoE access ports, delivering up to 90 W per PoE port with an overall total 2200 W of PoE power budget (using two power supplies)
  • The EX4400-24MP, which offers 24 x 100M/1/2.5/5/10GbE PoE access ports, delivering up to 90 W per port with an overall total 1800 W of PoE power budget (using two power supplies)
  • The EX4400-48F, which offers 12 x 10GbE SFP+ and 36 x 1GbE SFP fiber access ports
  • The EX4400-24T, which offers 24 x 1GbE non-PoE access ports
  • The EX4400-24P, which offers 24 x 1GbE PoE access ports, delivering up to 90 W per port with an overall total 1440W of PoE power budget (using two power supplies)
  • The EX4400-48T, which offers 48 x 1GbE non PoE-access ports
  • The EX4400-48P, which offers 48 x 1GbE PoE access ports, delivering up to 90 W per port with an overall total 1800W of PoE power budget (using two power supplies)

Each EX4400 model offers a choice of optional 4 x 1/10GbE SFP+ and a 4 x 10/25GbE SFP28 extension module. The EX4400 switches include two dedicated 100GbE ports to support virtual chassis connections, which can be reconfigured to be used as Ethernet ports for uplink connectivity. EX4400 switches also include high availability (HA) features such as redundant, hot-swappable power supplies and field-replaceable fans to ensure maximum uptime. In addition, PoE-enabled EX4400 switch models offer standards-based 802.3af/at/bt (PoE/PoE+/PoE++) for delivering up to 90 watts on any access port. The EX4400 switches can be configured to deliver fast PoE capability, which enables the switches to deliver PoE power to connected PoE devices within a few seconds of power being applied to the switches.

Architecture and Key Components:

Cloud Management with Juniper Mist Wired Assurance Driven by Mist AI

EX4400 switches can be quickly and easily onboarded (Day 0), provisioned (Day 1), and managed (Day 2+) from the cloud with Juniper Mist Wired Assurance, which brings AI-powered automation and insights that optimize experiences for endusers and connected devices. The EX4400 provides the rich Junos® operating system telemetry data for Mist AI, which helps achieve simpler operations, shorter mean time to repair (MTTR), and streamlined troubleshooting.

As a complementary service to Juniper Mist Wired Assurance, Marvis Virtual Network Assistant—a key part of The SelfDriving Network™—makes the Mist AI engine interactive. A digital extension of the IT team, Marvis offers automatic fixes or recommended actions, allowing IT teams to streamline how they troubleshoot and manage their network operations.

EVPN-VXLAN Technology

Most traditional campus networks have used a single-vendor, chassis-based architecture that worked well for smaller, static campuses with few endpoints. However, this approach is too rigid to support the scalability and changing needs of modern campus networks. The EX4400 supports EVPNVXLAN, extending an end-to-end fabric from campus core to distribution to the access layer.

An EVPN-VXLAN fabric is a simple, programmable, highly scalable architecture built on open standards. This technology can be applied in both data centers and campuses for architectural consistency. A campus EVPN-VXLAN architecture uses a Layer 3 IP-based underlay network and an EVPN-VXLAN overlay network. A flexible overlay network based on a VXLAN overlay with an EVPN control plane efficiently provides Layer 2 and/or Layer 3 connectivity throughout the network. EVPNVXLAN also offers a scalable way to build and interconnect multiple campus sites, delivering:

  • Greater consistency and scalability across all network layers
  • Multivendor deployment support
  • Reduced flooding and learning
  • Location-agnostic connectivity
  • Consistent network segmentation
  • Simplified management

Virtual Chassis Technology

Juniper’s Virtual Chassis technology allows multiple interconnected switches to operate as a single, logical unit, enabling users to manage all platforms as one virtual device. Up to 10 EX4400 switches can be interconnected as a Virtual Chassis using two dedicated 100GbE rear-panel ports. Although configured as Virtual Chassis ports by default, the 100GbE uplinks can also be channelized as 4 x 10GbE/25GbE Ethernet uplink ports. The EX4400 switches can form a Virtual Chassis with any other models within the EX4400 product line.


Figure 1: EX4400 Virtual Chassis configuration interconnected via dedicated rear-panel 100GbE ports

Microsegmentation Using Group-Based Policy

Group-based policies (GBP) leverage underlying VXLAN technology to provide location-agnostic endpoint access control. This allows network administrators to implement consistent security policies across the enterprise network domains. The EX4400 supports a standards-based GBP solution, allowing different levels of access control for endpoints and applications even within the same VLAN. Customers can simplify their network configuration by using GBP, avoiding the need to configure large numbers of firewall filters on all their switches. GBP can block lateral threats by ensuring consistent application of security group policies throughout the network, regardless of the location of endpoints and/or users.

Flow-Based Telemetry

Flow-based telemetry enables flow-level analytics, allowing network administrators to monitor thousands of traffic flows on the EX4400 without burdening the CPU. This improves network security by monitoring, baselining, and detecting flow anomalies. For example, if predefined flow thresholds are breached due to an attack, IP Flow Information Export (IPFIX) alerts can be sent to an external server so the attack can be quickly identified and remedial action initiated. Network administrators can automate specific workflows, such as further examining the traffic or quarantining a port, to triage the issue.

 

Features and Benefits:

Simplified Operations with Juniper Mist Wired Assurance

The EX4400 is fully cloud onboarded, provisioned, and managed by Juniper Mist Wired Assurance. The EX4400 is designed from the ground up to deliver the rich telemetry that enables AI for IT Operations (AIOps) with simplified operations from Day 0 to Day 2 and beyond. Juniper Mist Wired Assurance provides detailed switch insights for easier troubleshooting and improved time to resolution.

Seamless Onboarding with Simplified Configuration and Automation (Day 0/1)

  • Claim a greenfield switch or adopt a brownfield switch with a single activation code for true plug-and-play simplicity
  • Learn the connectivity status of the switch without logging into a console via the cloud LED
  • Implement a template-based configuration model for bulk rollouts while retaining the flexibility and control required to apply custom site- or switch-specific attributes
  • Provision device and port profiles manually or automatically (dynamic port profiles)
  • Automate troubleshooting, ticketing, and more with support for open APIs for third-party integrations

AI-Driven Operations (Day 2+)

  • Monitor and measure wired service-level expectations such as throughput, successful connects, and switch health with key pre- and post-connection metrics (see Figure 2)
  • Get insights into how switches are performing with devicelevel metrics such as CPU, memory utilization, and Virtual Chassis status
  • Leverage Marvis Actions for self-driving capabilities to detect Spanning Tree Protocol (STP) loops, add missing VLANs, fix misconfigured ports, or identify bad cables (see Figure 3)

Figure 2: Juniper Mist Wired Assurance service-level expectations screen
Figure 2: Juniper Mist Wired Assurance service-level expectations screen

Figure 3: Marvis Actions for wired switches
Figure 3: Marvis Actions for wired switches

Campus Fabric Deployments

EVPN-VXLAN for Campus Core, Distribution, and Access

The EX4400 switches can be deployed in campus and branch access layer networks or as top-of-rack switches in data center environments using 10GbE/25GbE uplinks to support technologies such as EVPN multihoming. Juniper’s campus fabrics support the following validated architectures:

  • EVPN multihoming (collapsed core or distribution): A collapsed core architecture combines the core and distribution layers into a single switch, turning the traditional three-tier hierarchal network into a two-tier network. This eliminates the need for STP across the campus network by providing multihoming capabilities from the access to the core layer.
  • Core/distribution: A pair of interconnected EX Series core or distribution switches provide L2 EVPN and L3 VXLAN gateway support. The IP Clos network between the distribution and core layers offers two modes: centrally or edge routed bridging overlay.
  • IP Clos: The IP Clos architecture pushes VXLAN Layer 2 gateway functionality to the access layer. This model is also referred to as “end-to-end,” given that VXLAN tunnels are terminated at the access layer where the EX4400 is deployed.

In all the above EVPN-VXLAN deployment modes, EX4400 switches can be used in standalone or Virtual Chassis configurations.

Chassis-Class Availability

The EX4400 switches deliver high availability through redundant power supplies and fans, graceful Routing Engine switchover (GRES), and nonstop bridging and routing when deployed in a Virtual Chassis configuration.

In a Virtual Chassis configuration, each EX4400 switch is capable of functioning as a Routing Engine. When two or more EX4400 switches are interconnected, a single control plane is shared among all Virtual Chassis member switches. Junos OS automatically initiates an election process to assign a master (active) and backup (hot-standby) RE. An integrated L2 and L3 GRES feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a primary RE failure.

When more than two switches are interconnected in a Virtual Chassis configuration, the remaining switch elements act as line cards and are available to assume the backup RE position should the designated master fail. Master, backup, and line card priority status can be assigned to dictate the order of ascension; this N+1 RE redundancy, coupled with the GRES, nonstop active routing (NSR), and nonstop bridging (NSB) capabilities of Junos OS, assures a smooth transfer of control plane functions following unexpected failures.

The EX4400 implements the same slot/module/port numbering schema as other Juniper Networks chassis-based products when numbering Virtual Chassis ports, providing true chassislike operations. By using a consistent operating system and a single configuration file, all switches in a Virtual Chassis configuration are treated as a single device, simplifying overall system maintenance and management.

Individually, the EX4400 offers a number of HA features that are typically associated with modular chassis-based switches. When combined with the field-proven Junos OS and L2/L3 failover capabilities, these features provide the EX4400 with true carrier-class reliability.

  • Redundant power supplies: The EX4400 line of Ethernet switches supports redundant, load-sharing, hot-swappable, and field-replaceable power supplies to maintain uninterrupted operations. Thanks to its compact footprint, the EX4400 requires significantly less power than chassisbased switches delivering equivalent port densities.
  • Hot-swappable fans: The EX4400 includes hot-swappable fans, providing sufficient cooling (for a short duration) even if one of the fans were to fail.
  • Nonstop bridging and nonstop active routing: NSB and NSR on the EX4400 ensure that control plane protocols, states, and tables are synchronized between primary and standby REs to prevent protocol flaps or convergence issues following a Routing Engine failover.
  • Redundant trunk group (RTG): To avoid the complexities of Spanning Tree Protocol (STP) without sacrificing network resiliency, the EX4400 employs redundant trunk groups to provide the necessary port redundancy and simplify switch configuration.
  • Cross-member link aggregation: Cross-member link aggregation allows redundant link aggregation connections between devices in a single Virtual Chassis configuration, providing an additional level of reliability and availability.
  • IPv4 and IPv6 routing support: IPv4 and IPv6 Layer 3 routing (OSPF and BGP) is available with an Enhanced license, enabling highly resilient networks.

Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architectures
Figure 4: Campus fabrics showing Virtual Chassis and EVPN-VXLAN-based architectures

MACsec AES256

The EX4400 switches support IEEE 802.1ae MACsec with AES256-bit encryption to increase security of point-to-point traffic communications. MACsec provides encrypted communication at the link layer that is capable of identifying and preventing threats from denial of service (DoS) and other intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on all ports, the traffic is encrypted on the wire, but the traffic inside the switch is not. This allows the switch to apply network policies such as quality of service (QoS) or deep packet inspection (DPI) to each packet without compromising the security of packets on the wire. On the EX4400 switches, the MACsec AES-256 encryption capability is supported on all user-facing interfaces as well as the 10/25Gbe extension modules.

PoE/PoE+/Poe++ Power and Fast PoE

The EX4400 delivers PoE for supporting connected devices such as phones, surveillance cameras, IoT devices, and 802.11AX/Wi-Fi 6 access points, offering a PoE power budget of up to 1800 W and supporting up to 90 W per port based on the IEEE 802.3bt PoE standard.

The EX4400 switches also support a fast PoE capability that delivers PoE power to connected endpoints during a switch reboot, even before the switch is fully operational. This is especially beneficial in situations where the endpoint only needs the power and is not necessarily dependent on network connectivity.

Junos Telemetry Interface

The EX4400 supports Junos telemetry interface (JTI), a modern telemetry streaming feature designed for switch health and performance monitoring. Sensor data can be streamed at configurable periodic intervals to a management system, enabling network administrators to monitor individual link and node utilization as well as troubleshoot issues such as network congestion in real time. JTI delivers the following features:

  • Performance management by provisioning sensors to collect and stream data and analyze application and workload flow paths through the network
  • Capacity planning and optimization by proactively detecting hotspots and monitoring latency and microbursts
  • Troubleshooting and root cause analysis via high-frequency monitoring and correlation of overlay and underlay networks

Junos Operating System

The EX4400 switches run Junos OS, Juniper’s powerful and robust network operating system that powers all Juniper switches, routers, and firewalls. By utilizing a common operating system, Juniper delivers a consistent implementation and operation of control plane features across all products. To maintain that consistency, Junos OS adheres to a highly disciplined development process that uses a single source code and employs a highly available modular architecture that prevents isolated failures from bringing down an entire system.

These attributes are fundamental to the core value of the software, enabling all Junos OS-powered products to be updated simultaneously with the same software release. All features are fully regression tested, making each new release a true superset of the previous version. Customers can deploy the software with complete confidence that all existing capabilities are maintained and operate in the same way.

Flex Licensing

Juniper Flex licensing offers a common, simple, and flexible licensing model for EX Series access switches, enabling customers to purchase features based on their network and business needs.

Flex licensing is offered in Standard, Advanced, and Premium tiers. Standard tier features are available with the Junos OS image that ships with EX Series switches. Additional features can be unlocked with the purchase of a Flex Advanced or Flex Premium license.

The Flex and Premium licenses for the EX Series platforms are class-based, determined by the number of access ports on the switch. Class 1 (C1) switches have 12 ports, Class 2 (C2) switches have 24 ports, and Class 3 (C3) switches have 32 or 48 ports.

The EX4400 switches support both subscription and perpetual Flex licenses. Subscription licenses are offered for three- and five-year terms. In addition to Junos OS features, the Flex Advanced and Premium subscription licenses include Juniper Mist Wired Assurance. Flex Advanced and Premium subscription licenses also allow portability across the same tier and class of switches, ensuring investment protection for the customer.

 

Product Options:

 

EX4400 Line of Ethernet Switches
Model: Access Port Configuration PoE++ Ports PoE++ Budget 1 PSU/2 PSU 10GbE Ports (max. with module) 25GbE Ports (max. with module) 100GbE ports Power Supply Rating Cooling
EX4400-48P 48-port 10/100/1000BASE-T 48 1290 W/ 1800 W 0 (4) 0 (4) 2 1600 W AC AFO (Front-toback airflow)
EX4400-24P 24-port 10/100/1000BASE-T 24 788 W/ 1440 W 0 (4) 0 (4) 2 1050 W AC AFO (Front-to-back airflow )
EX4400-48T 48-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W AC AFO (Front-to-back airflow )
EX4400-24T 24-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W AC AFO (Front-to-back airflow )
EX4400-48F 48-port 10/100/1000BASE-T 0 N/A 12 (16) 0 (4) 2 550 W AC AFO (Front-to-back airflow )
EX4400-24MP 24x-port 100M/1/2.5/5/10GbE 24 780 W/ 1800 W 24 (28) 0 (4) 2 1050 W AC AFO (Front-to- back airflow)
EX4400-48MP 48-port GbE (12x100M/1/2.5/5/10GbE + 36x100M/1/2.5GbE 48 1300 W/ 2200 W 12 (16) 0 (4) 2 1600 W AC AFO (Front-to- back airflow)
EX4400-48T-AFI 48-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W AC AFI (Back-to-front airflow)
EX4400-24T-AFI 24-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W AC AFI (Back-to-front airflow)
EX4400-48T-DC 48-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W DC AFO (Front-to-back airflow)
EX4400-48T-DC-AFI 48-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W DC AFI (Back-to-front airflow)
EX4400-24T-DC 24-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W DC AFO (Front-to-back airflow)
EX4400-24T-DC-AFI 24-port 10/100/1000BASE-T 0 N/A 0 (4) 0 (4) 2 550 W DC AFI (Back-to-front airflow)
EX4400-48F-AFI 12-port 1000/10000BASE-X + 36-port 100/1000BASE-X 0 N/A 12 (16) 0 (4) 2 550 W AC AFI (Back-to-front airflow)
EX4400-48F-DC-AFI 12-port 1000/10000BASE-X + 36-port 100/1000BASE-X 0 N/A 12 (16) 0 (4) 2 550 W DC AFI (Back-to-front airflow)
EX4400-48F-DC 12-port 1000/10000BASE-X + 36-port 100/1000BASE-X 0 N/A 12 (16) 0 (4) 2 550 W DC AFO (Front-to-back airflow)

EX4400 Spare Chassis SKUs

The EX4400 also offers spare chassis options without power supplies or fans, providing customers with the flexibility to stock SKUs. See the Ordering Information section for additional details.

EX4400 Spare Chassis SKUs
Spare Chassis SKU Description JPSU-550- C-AC-AFO + EX4400-FAN JPSU-550- C-AC-AFI + EX4400-FANAFI JPSU-550- C-DC-AFO + EX4400-FAN JPSU-550- C-DC-AFI + EX4400-FAN-AFI JPSU-1050- C-AC-AFO + EX4400-FAN JPSU-1600- C-AC-AFO + EX4400-FAN
EX4400-48P-S Spare chassis, 48-port 10/100/1000BASE-T X X X X X Y
EX4400-24P-S Spare chassis, 24-port 10/100/1000BASE-T X X X X Y X
EX4400-48T-S Spare chassis, 48-port 10/100/1000BASE-T Y Y Y Y X X
EX4400-24T-S Spare chassis, 24-port 10/100/1000BASE-T Y Y Y Y X X
EX4400-48F-S Spare chassis, 12-port 1000/10000BASE-X + 36-port 100/1000BASE-X Y Y Y Y X X
EX4400-24MP-S Spare chassis, 24x100M/ 1/2.5/5/10GbE ports Y X X X X X
EX4400-48MP-S Spare chassis, 12 x 100M/1/2.5/5/10GbE + 36x100M/1/2.5GbE ports X Y X X X X

Y = supported; X = not supported

Specifications:

 

Model: EX4400-24P
Physical Specifications
Backplane 400 Gbps Virtual Chassis interconnect to combine up to 10 units as a single logical device
Extension Module Options
  • EX4400-EM-4S, 4 port SFP+
  • EX4400-EM-4Y, 4 port SFP28
Dimensions (W x H x D)
  • With power supply installed: 17.39 x 1.72 x 16.93 in. (44.17 x 4.37 x 43 cm)
  • With power supply, extension module, and fan module: 17.39 x 1.72 x 17.26 in. (44.17 x 4.37 x 43.84 cm)
  • Height: 1 U
Weight
  • EX4400 switch (with no power supply or fan module): 13.01 lb (5.9 kg)
  • 550 W AC power supply: 1.76 lb (0.8 kg)
  • 550 W DC power supply: 1.65 lb (0.75 kg)
  • 1050 W AC power supply: 1.98 lb (0.9 kg)
  • 1600 W AC power supply: 2.0 lb (0.91 kg)
  • EX4400-EM-4S: 0.2 lb (0.09 kg)
  • EX4400-EM-4Y: 0.29 lb (0.13kg)
  • Fan module: 0.26 lb (0.12 kg)
Hardware Specifications
Switching Engine Model Store and forward
Memory
  • DRAM: 4 GB with Error Correcting Code (ECC) on all models
  • Storage: 20 GB on all models
CPU 2.2 GHz Quad-Core Intel x86 CPU
GbE port density per system
  • 30 (24 1GbE host ports + 2 100GbE ports + optional 4 port 1GbE/10GbE or 10/25GbE extension module)
  • 100GbE port density per system:
    • All models: 2
Physical Layer
  • Time domain reflectometry (TDR) for detecting cable breaks and shorts
  • Auto medium-dependent interface/medium-dependent interface crossover (MDI/MDIX) support
  • Port speed downshift/setting maximum advertised speed on 10/100/1000BASE-T ports
  • Digital optical monitoring for optical ports
Packet Switching Capacities (Maximum with 64 Byte Packets) 324 Gbps (unidirectional)/648 Gbps (bidirectional)
Power Options
Power Supply Rating Autosensing; 100-120 V/200-240 V; 550 W, 1050 W, 1600 W AC AFO and 550 W AC AFI dual load sharing hot-swappable internal redundant power supplies
Maximum Current Inrush 30 amps
DC power supply 550 W DC AFO and 550 W DC AFI; input voltage range 48-60 V max; dual load-sharing hotswappable internal redundant power supplies
Minimum number of PSUs required for fully loaded chassis 1 per switch
Environment
Operating Temperature 32° to 113° F (0º to 45º C)
Storage Temperature -40º to 158º F (-40º to 70º C)
Relative Humidity (Operating) 5% to 90% (noncondensing)
Relative Humidity (Non-Operating) 0% to 90% (noncondensing)
Altitude (Operating) Up to 6000 ft at 40° C (1828.8m)
Altitude (Non-Operating) Up to 16,000 ft (4,877 m)
Cooling
Field-replaceable fans 2
Total maximum airflow throughput with two power supplies 61 CFM
Safety and Compliance
Electromagnetic Compatibility (EMC) Requirements
  • FCC 47 CFR Part 15
  • ICES-003 / ICES-GEN
  • EN 300 386 V1.6.1
  • EN 300 386 V2.1.1
  • EN 55032
  • CISPR 32
  • EN 55024
  • CISPR 24
  • EN 55035
  • CISPR 35
  • IEC/EN 61000 Series
  • AS/NZS CISPR 32
  • VCCI-CISPR 32
  • BSMI CNS 13438
  • KN 32 and KN 35
  • KN 61000 Series
  • TEC/SD/DD/EMC-221/05/OCT-16
  • TCVN 7189
  • TCVN 7317
Safety Requirements Chassis and Optics
  • CAN/CSA-C22.2 No. 62368-1 and 60950-1
  • UL 62368-1 and 60950-1
  • IEC 62368-1 and 60950-1 (All country deviations): CB Scheme report
  • IEC 62368-3 for USB and PoE: CB Scheme report
  • CFR, Title 21, Chapter 1, Subchapter J, Part 1040
  • REDR c 1370 OR CAN/CSA-E 60825-1- Part 1
  • IEC 60825-1
  • IEC 60825-2
Energy Efficiency
  • AT&T TEER (ATIS-06000015.03.2013)
  • ECR 3.0.1
  • ETSI ES 203 136 V.1.1.1
  • Verizon TEEER (VZ.TPR.9205)
Environmental Reduction of Hazardous Substances (ROHS) 6/6
Telco CLEI code
Noise Specifications Noise measurements based on operational tests taken from bystander position (front) and performed at 23° C in compliance with ISO 7779

 

 

Additional Feature Specifications:

Security

  • MAC limiting (per port and per VLAN)
  • Allowed MAC addresses: 112,000
  • Dynamic Address Resolution Protocol (ARP) inspection (DAI)
  • IP source guard
  • Local proxy ARP
  • Static ARP support
  • Dynamic Host Configuration Protocol (DHCP) snooping
  • Captive portal
  • Persistent MAC address configurations
  • Distributed denial of service (DDoS) protection (CPU control path flooding protection)

Layer 2 Switching

  • Maximum MAC addresses per system: 112,000
  • Jumbo frames: 9,216 Bytes
  • Number of VLANs: 4,093
  • Range of possible VLAN IDs: 1 to 4094
  • Virtual Spanning Tree (VST) instances: 510
  • Port-based VLAN
  • Voice VLAN
  • Physical port redundancy: Redundant trunk group (RTG)
  • Compatible with Per-VLAN Spanning Tree Plus (PVST+)
  • Routed VLAN Interface (RVI)
  • Uplink Failure Detection (UFD)
  • ITU-T G.8032 Ethernet Ring Protection Switching
  • IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
  • LLDP-MED with VoIP integration
  • Default VLAN and multiple VLAN range support
  • MAC learning deactivate
  • Persistent MAC learning (sticky MAC)
  • MAC notification
  • Private VLANs (PVLANs)
  • Explicit congestion notification (ECN)
  • Layer 2 protocol tunneling (L2PT)
  • IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
  • IEEE 802.1p: CoS prioritization
  • IEEE 802.1Q: VLAN tagging
  • IEEE 802.1X: Port Access Control
  • IEEE 802.1ak: Multiple Registration Protocol
  • IEEE 802.3: 10BASE-T
  • IEEE 802.3u: 100BASE-T
  • IEEE 802.3ab: 1000BASE-T
  • IEEE 802.3z: 1000BASE-X
  • IEEE 802.3ae: 10-Gigabit Ethernet
  • IEEE 802.3by: 25-Gigabit Ethernett
  • IEEE 802.3af: Power over Ethernet
  • IEEE 802.3at: Power over Ethernet Plus
  • IEEE 802.3bt: 90 W Power over Ethernet
  • IEEE 802.3x: Pause Frames/Flow Control
  • IEEE 802.3ah: Ethernet in the First Mile

Spanning Tree

  • IEEE 802.1D: Spanning Tree Protocol
  • IEEE 802.1s: Multiple instances of Spanning Tree Protocol (MSTP)
  • Number of MST instances supported: 64
  • Number of VLAN Spanning Tree Protocol (VSTP) instances supported: 510
  • IEEE 802.1w: Rapid reconfiguration of Spanning Tree Protocol

Link Aggregation

  • IEEE 802.3ad: Link Aggregation Control Protocol
  • 802.3ad (LACP) support:
    • Number of LAGs supported: 128
    • Maximum number of ports per LAG: 16
  • LAG load-sharing algorithm bridged or routed (unicast or multicast) traffic:
    • IP: S/D IP
    • TCP/UDP: S/D IP, S/D Port
    • Non-IP: S/D MAC
  • Tagged ports support in LAG

Layer 3 Features: IPv4

  • Maximum number of ARP entries: 24,000
  • Maximum number of IPv4 unicast routes in hardware: 130,048 prefixes; 81,000 host routes
  • Maximum number of IPv4 multicast routes in hardware: 40,000 multicast routes
  • Routing protocols: RIPv1/v2, OSPF, BGP, IS-IS
  • Static routing
  • Routing policy
  • Bidirectional Forwarding Detection (BFD)
  • Layer 3 redundancy: Virtual Router Redundancy Protocol (VRRP)
  • VRF-Lite

Layer 3 Features: IPv6

  • Maximum number of Neighbor Discovery (ND) entries: 12,000
  • Maximum number of IPv6 unicast routes in hardware: 87,000 prefixes; 40,000 host routes
  • Maximum number of IPv6 multicast routes in hardware: 20,000 multicast routes
  • Routing protocols: RIPng, OSPFv3, IPv6, ISIS
  • Static routing

Access Control Lists (ACLs) (Junos OS Firewall Filters)

  • Port-based ACL (PACL): Ingress and egress
  • VLAN-based ACL (VACL): Ingress and egress
  • Router-based ACL (RACL): Ingress and egress
  • ACL entries (ACE) in hardware per system:
    • Port-based ACL (PACL) ingress: 2048
    • VLAN-based ACL (VACL) ingress: 2048
    • Router-based ACL (RACL) ingress: 2048
    • Egress shared across PACL and VACL: 512
    • Egress across RACL: 1024
    • ACL counter for denied packets
  • ACL counter for permitted packets
  • Ability to add/remove/change ACL entries in middle of list (ACL editing)
  • L2-L4 ACL

Access Security

  • 802.1X port-based
  • 802.1X multiple supplicants
  • 802.1X with VLAN assignment
  • 802.1X with authentication bypass access (based on host MAC address)
  • 802.1X with VoIP VLAN support
  • 802.1X dynamic ACL based on RADIUS attributes
  • 802.1X Supported Extensible Authentication Protocol (EAP types): Message Digest 5 (MD5), Transport Layer Security (TLS), Tunneled TLS (TTLS), Protected Extensible Authenticated Protocol (PEAP)
  • MAC authentication (RADIUS)
  • Control plane DoS protection
  • Radius functionality over IPv6 for authentication, authorization, and accounting (AAA)
  • DHCPv6 snooping
  • IPv6 neighbor discovery
  • IPv6 source guard
  • IPv6 RA guard
  • IPv6 Neighbor Discovery Inspection
  • Media Access Control security (MACsec)

High Availability

  • Redundant, hot-swappable power supplies
  • Redundant, field-replaceable, hot-swappable fans
  • Graceful Routing Engine switchover (GRES) for Layer 2 hitless forwarding and Layer 3 protocols on RE failover
  • Graceful protocol restart (OSPF, BGP)
  • Layer 2 hitless forwarding on RE failover
  • Non-Stop Bridging – LACP, xSTP
  • Non-Stop Routing – PIM, OSPF v2 and v3, RIP v2, RIPnG, BGP, BGPv6, ISIS, IGMP v1, v2, v3
  • Online insertion and removal (OIR) uplink module

Quality of Service

  • Layer 2 QoS
  • Layer 3 QoS
  • Ingress policing: 1 rate 2 color
  • Hardware queues per port: 12 (8 unicast + 4 multicast)
  • Scheduling methods (egress): Strict priority (SP), weighted deficit round robin (wDRR)
  • 802.1p, DiffCode (DSCP)/IP Precedence trust and marking
  • L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP Precedence, TCP/UDP port numbers, and more
  • Congestion avoidance capabilities: Tail drop, weighted random early detection (wRED)

Multicast

  • IGMP: v1, v2, v3
  • IGMP snooping
  • Multicast Listener Discovery (MLD) snooping
  • Protocol Independent Multicast-Sparse Mode (PIM-SM), PIM Source-Specific Mode (PIM-SSM), PIM Dense Mode (PIM-DM)

Traffic Monitoring

  • ACL-based mirroring
  • Mirroring destination ports per system: 1
    • LAG port monitoring
    • Multiple destination ports monitored to 1 mirror (N:1)
  • Maximum number of mirroring sessions: 4
  • Mirroring to remote destination (over L2): 1 destination VLAN

Services and Manageability

  • Juniper Mist Wired Assurance
  • Junos OS CLI
  • Junos Space Management Applications
  • Junos Space Network Director
  • Junos Space Service Now for automated fault detection, simplified trouble ticket management, and streamlined operations
  • Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
  • ASCII configuration
  • Rescue configuration
  • Configuration rollback
  • Image rollback
  • RMON (RFC2819) groups 1, 2, 3, 9
  • Remote performance monitoring
  • SNMP: v1, v2c, v3
  • Network Time Protocol (NTP)
  • DHCP server
  • DHCP client and DHCP proxy
  • DHCP relay and helper
  • DHCP local server support
  • RADIUS
  • TACACS+
  • SSHv2
  • Secure copy
  • HTTP/HTTPs
  • Domain Name System (DNS) resolver
  • System logging
  • Temperature sensor
  • Configuration backup via FTP/secure copy

Supported RFCs

  • RFC 768 UDP
  • RFC 783 TFTP
  • RFC 791 IP
  • RFC 792 ICMP
  • RFC 793 TCP
  • RFC 826 ARP
  • RFC 854 Telnet client and server
  • RFC 894 IP over Ethernet
  • RFC 903 RARP
  • RFC 906 TFTP Bootstrap
  • RFC 951, 1542 BootP
  • RFC 1027 Proxy ARP
  • RFC 1058 RIP v1
  • RFC 1112 IGMP v1
  • RFC 1122 Host Requirements
  • RFC 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments (TCP/IP transport only)
  • RFC 1256 IPv4 ICMP Router Discovery (IRDP)
  • RFC 1492 TACACS+RFC 1519 CIDR
  • RFC 1587 OSPF NSSA Option
  • RFC 1591 DNS
  • RFC 1812 Requirements for IP Version 4 Routers
  • RFC 1981 Path MTU Discovery for IPv6
  • RFC 2030 SNTP, Simple Network Time Protocol
  • RFC 2068 HTTP server
  • RFC 2080 RIPng for IPv6
  • RFC 2131 BOOTP/DHCP relay agent and DHCP server
  • RFC 2138 RADIUS Authentication
  • RFC 2139 RADIUS Accounting
  • RFC 2154 OSPF w/Digital Signatures (Password, MD-5)
  • RFC 2236 IGMP v2
  • RFC 2267 Network Ingress Filtering
  • RFC 2328 OSPF v2 (Edge-mode)
  • RFC 2338 VRRP
  • RFC 2362 PIM-SM (Edge-mode)
  • RFC 2370 OSPF Opaque LSA Option
  • RFC 2453 RIP v2
  • RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
  • RFC 2461 Neighbor Discovery for IP Version 6 (IPv6)
  • RFC 2463 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
  • RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
  • RFC 2474 DiffServ Precedence, including 12 queues/port
  • RFC 2475 DiffServ Core and Edge Router Functions
  • RFC 2526 Reserved IPv6 Subnet Anycast Addresses
  • RFC 2597 DiffServ Assured Forwarding (AF)
  • RFC 2598 DiffServ Expedited Forwarding (EF)
  • RFC 2740 OSPF for IPv6
  • RFC 2925 MIB for Remote Ping, Trace
  • RFC 3176 sFlow
  • RFC 3376 IGMP v3
  • RFC 3484 Default Address Selection for Internet Protocol Version 6 (IPv6)
  • RFC 3513 Internet Protocol Version 6 (IPv6) Addressing Architecture
  • RFC 3569 draft-ietf-ssm-arch-06.txt PIM-SSM PIM Source Specific Multicast
  • RFC 3579 RADIUS EAP support for 802.1x
  • RFC 3618 Multicast Source Discovery Protocol (MSDP)
  • RFC 3623 OSPF Graceful Restart
  • RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
  • RFC 4291 IP Version 6 Addressing Architecture
  • RFC 4443 ICMPv6 for the IPv6 Specification
  • RFC 4541 IBMP and MLD snooping services
  • RFC 4861 Neighbor Discovery for IPv6
  • RFC 4862 IPv6 Stateless Address Autoconfiguration
  • RFC 4915 MT-OSPF
  • RFC 5176 Dynamic Authorization Extensions to RADIUS
  • RFC 5798 VRRPv3 for IPv6
  • Draft-ietf-bfd-base-05.txt Bidirectional Forwarding Detection
  • Draft-ietf-idr-restart-10.txt Graceful Restart Mechanism
  • Draft-ietf-isis-restart-02 Restart Signaling for IS-IS
  • Draft-ietf-isis-wg-multi-topology-11 Multi Topology (MT) Routing in IS-IS for BGP
  • Internet draft-ietf-isis-ipv6-06.txt, Routing IPv6 with IS-IS
  • LLDP Media Endpoint Discovery (LLDP-MED), ANSI/TIA-1057, draft 08
  • PIM-DM Draft IETF PIM Dense Mode draft-ietf-idmr-pim-dm-05. txt, draft-ietf-pim-dm-new-v2-04.txt

Supported MIBs

  • RFC 1155 SMI
  • RFC 1157 SNMPv1
  • RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs
  • RFC 1493 Bridge MIB
  • RFC 1643 Ethernet MIB
  • RFC 1657 BGP-4 MIB
  • RFC 1724 RIPv2 MIB
  • RFC 1850 OSPFv2 MIB
  • RFC 1905 RFC 1907 SNMP v2c, SMIv2 and Revised MIB-II
  • RFC 2011 SNMPv2 for Internet Protocol using SMIv2
  • RFC 2012 SNMPv2 for transmission control protocol using SMIv2
  • RFC 2013 SNMPv2 for user datagram protocol suing SMIv2
  • RFC 2096 IPv4 Forwarding Table MIB
  • RFC 2287 System Application Packages MIB
  • RFC 2570 – 2575 SNMPv3, user based security, encryption, and authentication
  • RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3
  • RFC 2578 SNMP Structure of Management Information MIB
  • RFC 2579 SNMP Textual Conventions for SMIv2
  • RFC 2665 Ethernet-like interface MIB
  • RFC 2787 VRRP MIB
  • RFC 2819 RMON MIB
  • RFC 2863 Interface Group MIB
  • RFC 2863 Interface MIB
  • RFC 2922 LLDP MIB
  • RFC 2925 Ping/Traceroute MIB
  • RFC 2932 IPv4 Multicast MIB
  • RFC 3413 SNMP Application MIB
  • RFC 3414 User-based Security model for SNMPv3
  • RFC 3415 View-based Access Control Model for SNMP
  • RFC 3621 PoE-MIB (PoE switches only)
  • RFC 4188 STP and Extensions MIB
  • RFC 4363 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and VLAN extensions
  • RFC 5643 OSPF v3 MIB support
  • Draft – blumenthal – aes – usm – 08
  • Draft – reeder – snmpv3 – usm – 3desede -00
  • Draft-ietf-bfd-mib-02.txt
  • Draft-ietf-idmr-igmp-mib-13
  • Draft-ietf-idmr-pim-mib-09
  • Draft-ietf-idr-bgp4-mibv2-02.txt – Enhanced BGP-4 MIB
  • Draft-ietf-isis-wg-mib-07

Troubleshooting

  • Debugging: CLI via console, Telnet, or SSH
  • Diagnostics: Show and debug cmd, statistics
  • Traffic mirroring (port)
  • Traffic mirroring (VLAN)
  • IP tools: Extended ping and trace
  • Juniper Networks commit and rollback

Views:

 

Top Front View
Top Front View
Front View
Front View
Rear View
Rear View
Left Angle View
Left Angle View