Hi Sean,
I am unable to locate the configuration that you attached. Meanwhile please refer the below-
Hope this helps 
Please mark "Accepted Solution" if this helps you solve your query. Kudos are always appreciated!
↧
Re: dot1x authentication not updating when client moves between ports (EX3400)
↧
Re: dot1x authentication not updating when client moves between ports (EX3400)
Hello bdk,
Good day!
Can you please help me with the below.
1. Do you have any mac-move or mac-limiting configured on the device? With MAC move limiting, you limit the number of times a MAC address can move to a new interface within one second. When MAC move limiting is configured, MAC address movements are tracked by the switch
2. Do you have any arp aging timer configured? Sometimes a MAC address entry in the switch’s Ethernet switching table is not updated after the device with that MAC address has been moved from one interface to another on the switch. Set the MAC aging timer to the same value as the ARP timer and system vide ARP aging timer.
3. Which version of the EX3400 switch are you running?
↧
↧
Re: dot1x authentication not updating when client moves between ports (EX3400)
Hello:
This information might be helpful:
In the default behavior, DHCP maintains the existing client entry when it receives a new Discover or Solicit message that has a client ID that matches the existing client.
You can use the delete-binding-on-renegotiation statement to override the default behavior on DHCP local server or DHCP relay agent. In the override configuration, when DHCP is in a bound state and receives a Discover or Solicit message with a matching client entry, DHCP drops the message and does not process it. On a DHCP relay agent, the agent sends a Release message to the local server. DHCP cleans up the existing session and deletes the existing client entry, removing the binding. When a second Discover or Solicit message is received from the client, the message is processed and DHCP negotiation proceeds.
You can refer to the folowing documentation:
- https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/delete-binding-on-renegotiation-edit-dhcp.html
- https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dhcp-local-server-relay-overrides.html#id-dhcp-behavior-when-renegotiating-while-in-bound-state
Regards,
Please mark "Accepted Solution" if this helps you solve your query. Kudos are always appreciated!
↧
Re: dot1x authentication not updating when client moves between ports (EX3400)
Unable to attach the configs.. here they are in all their glory:
EX3300:
/* MDU Template Rev: $Id: MDU-ex3300.conf,v 1.13 2018/06/26 22:05:57 root Exp $ */
version 15.1R6.7;
groups {
MSD-MDU {
interfaces {<ge-*> {
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
}
protocols {
dot1x {
authenticator {
interface {<ge-*> {
supplicant multiple;
retries 3;
quiet-period 5;
mac-radius {
restrict;
flap-on-disconnect;
}
reauthentication 3600;
guest-vlan SUBSCRIBERS;
server-reject-vlan SUBSCRIBERS;
server-fail vlan-name SUBSCRIBERS;
}
}
}
}
}
}
MSD-MDU-MGMT {
interfaces {<ge-*> {
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}<xe-*> {
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
}
}
}
interfaces {
interface-range ge-Ports {
member-range ge-0/0/2 to ge-0/0/47;
apply-groups MSD-MDU;
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/0 {
disable;
}
ge-0/0/1 {
disable;
}
ge-0/0/2 {
}
ge-0/0/3 {
}
ge-0/0/4 {
}
ge-0/0/5 {
}
ge-0/0/6 {
}
ge-0/0/7 {
}
ge-0/0/8 {
}
ge-0/0/9 {
}
ge-0/0/10 {
}
ge-0/0/11 {
}
ge-0/0/12 {
}
ge-0/0/13 {
}
ge-0/0/14 {
}
ge-0/0/15 {
}
ge-0/0/16 {
}
ge-0/0/17 {
}
ge-0/0/18 {
}
ge-0/0/19 {
}
ge-0/0/20 {
}
ge-0/0/21 {
}
ge-0/0/22 {
}
ge-0/0/23 {
}
xe-0/1/0 {
apply-groups MSD-MDU-MGMT;
}
xe-0/1/1 {
apply-groups MSD-MDU-MGMT;
}
xe-0/1/2 {
apply-groups MSD-MDU-MGMT;
}
xe-0/1/3 {
apply-groups MSD-MDU-MGMT;
}
me0 {
description OPEN;
disable;
}
vlan {
unit 1997 {
family inet {
filter {
input SWITCH-PROTECT;
}
address xx.xx.xx.xx./zz;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop xx.xx.xx.yy;
}
}
protocols {
dot1x {
authenticator {
authentication-profile-name MDU_dot1x;
interface {
ge-Ports {
apply-groups MSD-MDU;
}
}
}
}
lldp {
port-id-subtype interface-name;
interface all;
}
lldp-med {
disable;
}
}
access {
radius-server {
x.x.x.1 secret "";
x.x.x.2 secret "";
}
profile MDU_dot1x {
authentication-order radius;
radius {
authentication-server [ x.x.x.1 x.x.x.2 ];
options {
nas-identifier js1.site.mdu;
vlan-nas-port-stacked-format;
}
}
}
}
vlans {
MGMTPRV {
description "Private Management VLAN - 1.2.3.4/24";
vlan-id 1998;
interface {
ge-0/0/0.0;
ge-0/0/1.0;
xe-0/1/0.0;
xe-0/1/1.0;
xe-0/1/2.0;
xe-0/1/3.0;
}
}
MGMTPUB {
description "Public Management VLAN - 5.6.7.8/24";
vlan-id 1997;
interface {
ge-0/0/0.0;
xe-0/1/0.0;
xe-0/1/1.0;
xe-0/1/2.0;
xe-0/1/3.0;
}
l3-interface vlan.1997;
}
SUBSCRIBERS {
description "General Service";
vlan-id 2000;
no-local-switching;
isolation-id 1999;
interface {
ge-0/0/0.0;
xe-0/1/0.0;
xe-0/1/1.0 {
pvlan-trunk;
}
xe-0/1/2.0 {
pvlan-trunk;
}
xe-0/1/3.0 {
pvlan-trunk;
}
}
}
UPLINK {
vlan-id 1996;
interface {
ge-0/0/0.0;
xe-0/1/0.0;
}
}
}
EX3400:
/* MDU EX3400 Template Rev: $Id: MDU-ex3400.conf,v 1.3 2020/02/28 20:36:13 root Exp $ */
version 18.2R3-S1.7;
groups {
MSD-MDU {
interfaces {<ge-*> {
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
interface-mode access;
}
}
}
}
protocols {
dot1x {
authenticator {
interface {<ge-*> {
supplicant multiple;
retries 3;
quiet-period 5;
mac-radius {
restrict;
flap-on-disconnect;
}
reauthentication 3600;
guest-vlan SUBSCRIBERS-PVLAN;
server-reject-vlan SUBSCRIBERS-PVLAN;
server-fail vlan-name SUBSCRIBERS-PVLAN;
}
}
}
}
}
}
MSD-MDU-MGMT {
interfaces {<ge-*> {
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
inter-switch-link;
}
}
}<xe-*> {
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
inter-switch-link;
}
}
}<*> {
unit 0 {
family ethernet-switching {
vlan {
members [ MGMTPRV MGMTPUB SUBSCRIBERS ];
}
}
}
}
}
}
MSD-MDU-MGMT-UPLINK {
interfaces {<ge-*> {
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
}
}
}<xe-*> {
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
}
}
}<*> {
unit 0 {
family ethernet-switching {
vlan {
members [ MGMTPRV MGMTPUB SUBSCRIBERS ];
}
}
}
}
}
}
}
system {
}
interfaces {
interface-range ge-Ports {
member-range ge-0/0/2 to ge-0/0/47;
apply-groups MSD-MDU;
mtu 9216;
ether-options {
no-flow-control;
}
unit 0 {
family ethernet-switching {
interface-mode access;
}
}
}
ge-0/0/0 {
disable;
}
ge-0/0/1 {
disable;
}
ge-0/0/2 {
}
ge-0/0/3 {
}
ge-0/0/4 {
}
ge-0/0/5 {
}
ge-0/0/6 {
}
ge-0/0/7 {
}
ge-0/0/8 {
}
ge-0/0/9 {
}
ge-0/0/10 {
}
ge-0/0/11 {
}
ge-0/0/12 {
}
ge-0/0/13 {
}
ge-0/0/14 {
}
ge-0/0/15 {
}
ge-0/0/16 {
}
ge-0/0/17 {
}
ge-0/0/18 {
}
ge-0/0/19 {
}
ge-0/0/20 {
}
ge-0/0/21 {
}
ge-0/0/22 {
}
ge-0/0/23 {
}
ge-0/0/24 {
}
ge-0/0/25 {
}
ge-0/0/26 {
description OPEN;
disable;
}
ge-0/0/27 {
description OPEN;
disable;
}
ge-0/0/28 {
description OPEN;
disable;
}
ge-0/0/29 {
description OPEN;
disable;
}
ge-0/0/30 {
description OPEN;
disable;
}
ge-0/0/31 {
description OPEN;
disable;
}
ge-0/0/32 {
description OPEN;
disable;
}
ge-0/0/33 {
description OPEN;
disable;
}
ge-0/0/34 {
description OPEN;
disable;
}
ge-0/0/35 {
description OPEN;
disable;
}
ge-0/0/36 {
description OPEN;
disable;
}
ge-0/0/37 {
description OPEN;
disable;
}
ge-0/0/38 {
description OPEN;
disable;
}
ge-0/0/39 {
description OPEN;
disable;
}
ge-0/0/40 {
description OPEN;
disable;
}
ge-0/0/41 {
description OPEN;
disable;
}
ge-0/0/42 {
description OPEN;
disable;
}
ge-0/0/43 {
description OPEN;
disable;
}
ge-0/0/44 {
description OPEN;
disable;
}
ge-0/0/45 {
description OPEN;
disable;
}
ge-0/0/46 {
description OPEN;
disable;
}
ge-0/0/47 {
description OPEN;
disable;
}
xe-0/2/0 {
apply-groups MSD-MDU-MGMT-UPLINK;
}
xe-0/2/1 {
apply-groups MSD-MDU-MGMT;
}
xe-0/2/2 {
apply-groups MSD-MDU-MGMT;
}
xe-0/2/3 {
apply-groups MSD-MDU-MGMT;
}
irb {
unit 1997 {
family inet {
filter {
input SWITCH-PROTECT;
}
address xx.xx.xx.xx/zz;
}
}
}
me0 {
description OPEN;
disable;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop xx.xx.xx.yy;
}
}
protocols {
dot1x {
authenticator {
authentication-profile-name MDU_dot1x;
interface {
ge-Ports {
apply-groups MSD-MDU;
}
}
}
}
lldp {
port-id-subtype interface-name;
interface all;
}
lldp-med {
interface all {
disable;
}
}
}
access {
radius-server {
x.x.x.1 secret "";
x.x.x.2 secret "";
}
profile MDU_dot1x {
authentication-order radius;
radius {
authentication-server [ x.x.x.1 x.x.x.2 ];
options {
nas-identifier js1.site.mdu;
vlan-nas-port-stacked-format;
}
}
}
}
vlans {
MGMTPRV {
description "Private Management VLAN - 1.2.3.4/24";
vlan-id 1998;
}
MGMTPUB {
description "Public Management VLAN";
vlan-id 1997;
l3-interface irb.1997;
}
SUBSCRIBERS {
description "General Service";
vlan-id 2000;
isolated-vlan SUBSCRIBERS-PVLAN;
}
SUBSCRIBERS-PVLAN {
vlan-id 1999;
private-vlan isolated;
}
}
↧
Bridge domain vs vlan
- What is the difference between a bridge domain and vlan? It seems for SP style bridging, we map interfaces to a bridge domain? What purpose does it serve? Also found in an MX book that A bridge domain and broadcast domain are synonymous in definition and can be used interchangeably with each other. But if multiple vlans can be mapped to a bridge domain, doesn't that contradict the earlier statement?
- Is it similar to subinterfaces concept in cisco with encapsulation dot1q for router on a stick scenario?
- Is assigning vlans and interfaces to corresponding bridge domains necessary for switching to function properly?
- show interfaces
xe-4/1/16 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 25 {
encapsulation vlan-bridge;
vlan-id 25;
}
unit 26 {
encapsulation vlan-bridge;
vlan-id 26;
}
unit 27 {
encapsulation vlan-bridge;
vlan-id 27;
family bridge {
filter {
input bridge_in;
}
}
}
} - If I have defined my vlans in the interface configs, what purpose does it serve to assign them to a BD as below:
- show bridge-domains
bd1 {
vlan-id 25;
interface xe-4/1/18.25;
interface xe-4/1/16.25;
}
bd2 {
vlan-id 26;
interface xe-4/1/18.26;
interface xe-4/1/16.26;
}
bd3 {
vlan-id 27;
interface xe-4/1/18.27;
interface xe-4/1/16.27;
}
↧
↧
Re: dot1x authentication not updating when client moves between ports (EX3400)
wrote: 1. Do you have any mac-move or mac-limiting configured on the device? With MAC move limiting, you limit the number of times a MAC address can move to a new interface within one second. When MAC move limiting is configured, MAC address movements are tracked by the switch
MAC move limiting is not configured and I believe it's disabled by default. This is a feature that we looked into to verify that it isn't enabled.
2. Do you have any arp aging timer configured? Sometimes a MAC address entry in the switch’s Ethernet switching table is not updated after the device with that MAC address has been moved from one interface to another on the switch. Set the MAC aging timer to the same value as the ARP timer and system vide ARP aging timer.
Our switches do not have a layer3 address within the same vlan as the wireless clients. The MAC Address Age timer defaults to 5 minutes and the lowest we can set it is 1 minute. The dot1x reauth happens every 60 minutes but once the MAC Address Age timer hits it's limit and the address gets aged out, the dot1x entry gets removed as well.
3. Which version of the EX3400 switch are you running?
OS: JUNOS 18.2R3-S1.7
H/W: EX3400-48P (650-059857)
↧
Bridge domain lab scenario
- I have a 2 router setup: Device1---xe-4/1/16---R0--xe-/4/1/18------xe-3/0/0--R1---xe-3/0/2---------Device2
- Will tagged packets from device1 reach device2 which would be in same vlan for e.g. vlan 27?
- If so, can someone explain life of the packet? How will it traverse? Can it traverse across routers even if no ip is assigned to router interfaces?
r0: show interfaces xe-4/1/16 { vlan-tagging; encapsulation flexible-ethernet-services; unit 25 { encapsulation vlan-bridge; vlan-id 25; } unit 26 { encapsulation vlan-bridge; vlan-id 26; } unit 27 { encapsulation vlan-bridge; vlan-id 27; family bridge { filter { input bridge_in; } } } } xe-4/1/18 { vlan-tagging; encapsulation flexible-ethernet-services; unit 25 { encapsulation vlan-bridge; vlan-id 25; } unit 26 { encapsulation vlan-bridge; vlan-id 26; } unit 27 { encapsulation vlan-bridge; vlan-id 27; } } show bridge-domains bd1 { vlan-id 25; interface xe-4/1/18.25; interface xe-4/1/16.25; } bd2 { vlan-id 26; interface xe-4/1/18.26; interface xe-4/1/16.26; } bd3 { vlan-id 27; interface xe-4/1/18.27; interface xe-4/1/16.27; }3.show interfaces xe-3/0/0 { vlan-tagging; encapsulation flexible-ethernet-services; unit 25 { encapsulation vlan-bridge; vlan-id 25; } unit 26 { encapsulation vlan-bridge; vlan-id 26; } unit 27 { encapsulation vlan-bridge; vlan-id 27; } } xe-3/0/2 { vlan-tagging; encapsulation flexible-ethernet-services; unit 25 { encapsulation vlan-bridge; vlan-id 25; } unit 26 { encapsulation vlan-bridge; vlan-id 26; } unit 27 { encapsulation vlan-bridge; vlan-id 27; } } show bridge-domains bd1 { vlan-id 25; interface xe-3/0/0.25; interface xe-3/0/2.25; } bd2 { vlan-id 26; interface xe-3/0/0.26; interface xe-3/0/2.26; } bd3 { vlan-id 27; interface xe-3/0/0.27; interface xe-3/0/2.27; }
↧
Re: dot1x authentication not updating when client moves between ports (EX3400)
wrote:
In the default behavior, DHCP maintains the existing client entry when it receives a new Discover or Solicit message that has a client ID that matches the existing client.
We are not using any DHCP server features of the EX switches, it's all being handled by a router on site. The DHCP Discover message isn't making it to the router as the switch is not tagging that traffic with any VLAN information as the switch doesn't appear to be doing any dot1x authentication while a dot1x session already exists on another port. Even a 'server-fail' puts the wireless client in the correct vlan.
↧
Re: Bridge domain lab scenario
- Will tagged packets from device1 reach device2 which would be in same vlan for e.g. vlan 27?-- Yes, since you have created a layer 2 domain with the help of routers R0 and R1. But there won't be any inter-vlan routing happening.
- If so, can someone explain life of the packet? How will it traverse? Can it traverse across routers even if no ip is assigned to router interfaces? -- Since you have created to a l2 network, the packet switching on l2 happens with the help of MAC address hence the routers don't refer IP header in the packet instead they refer only the ethernet header for packet delivery. The detination MAC address present in the ethernet header will be of Device2 and every transit router/device(l2 domain) will lookup in its MAC table for the outgoing interface for the concerned destination MAC address(device2).
↧
↧
Re: Bridge domain vs vlan
Hello Vinay,
I got another forum post where a community member has the exact query. Please check and let us know whether it helps.
https://forums.juniper.net/t5/SRX-Services-Gateway/Bridge-Domain-and-Vlan-in-SRX/td-p/219491
↧
Ex 4650
Hello,
Can any one help me with my inquiry.
Does EX 4650 come with empty ports ?
if yes can i use 24 port with 1G SFP copper
and other 24 port with 10 G SFP + fiber
How many power supply has this swith been shipped with ?
Thanks in advance ..
↧
Re: Ex 4650
Greetings, the EX4650 switch models are shipped with two power supplies preinstalled in the rear panel of the chassis.
can i use 24 port with 1G SFP copper
and other 24 port with 10 G SFP + fiber
Yes, it has forty-eight 25-Gigabit Ethernet ports that can operate at 1-Gbps, 10-Gbps, or 25-Gbps speed and support SFP, SFP+, or SFP28 transceivers, it all depends on the transceivers.
Here you can find lists the components shipped with EX4650 switch models and more:
EX4650 Switch Models
The EX4650 switch is available with 48 ports and supports AC and DC power supplies depending on the switch model. All models of the EX4650 ship with two power supplies and five fans installed by default. Table 2 lists the components shipped with EX4650 switch models.
Table 2: EX4650 Switch Models and Shipped Components
Switch Model | Ports | Power Supply | Airflow |
|---|---|---|---|
EX4650-48Y-AFO | 48 SFP28 8 QSFP28 | AC | Front-to-back—air intake to cool the chassis is through the vents on the front panel of the chassis, and hot air exhausts through the vents on the rear panel of the chassis. |
EX4650-48Y-AFI | 48 SFP28 8 QSFP28 | AC | Back-to-front—air intake to cool the chassis is through the vents on the rear panel of the chassis, and hot air exhausts through the vents on the front panel of the chassis. |
EX4650-48Y-DC-AFO | 48 SFP28 8 QSFP28 | DC | Front-to-back—air intake to cool the chassis is through the vents on the front panel of the chassis, and hot air exhausts through the vents on the rear panel of the chassis. |
EX4650-48Y-DC-AFI | 48 SFP28 8 QSFP28 | DC | Back-to-front—air intake to cool the chassis is through the vents on the rear panel of the chassis, and hot air exhausts through the vents on the front panel of the chassis. |
If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \/
Regards,
Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB
↧
Re: Ex 4650
Hi HDawood,
May i ask you to clarify what do you mean by empty ports ? according to the datasheet EX4650 offers 48 wire-speed 10GbE/25GbE small form-factor pluggable and pluggable plus transceiver (SFP/SFP+/SFP28) ports and 8 wire-speed 40GbE/100GbE quad SFP+ transceiver (QSFP+/QSP28) ports. Switch can support mixed 1GbE, 10GbE, 25GbE, 40GbE, and 100GbE environments.
Regaerding power supplies four models are available: two featuring AC power supplies with front-to-back or back-to-front airflow, and two featuring DC power supplies with front-to-back or back-to-front airflow. All models include dual power supplies.
https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000640-en.pdf
If this solves your problem, please mark this post as "Accepted Solution."
↧
↧
Re: Ex 4650
EX4650-18Y, like EX4600 is a fiber based switch. The 'Y' indicated 10/25 GE support. The EX4650 has 48 x 1/10/25 (SFP/SFP+/SFP28) GE ports and 8 40/100GE ports (QSFP+/QSFP28).
The EX4650 can support all 48 ports, with any form of optic, even 10GE-Base-T. The newer 10GE-Base-T optics from Juniper are smaller in width, so there are no longer any physical mechanical issues with using all 48 ports with these optics. The old restriction of max 24 of these 10GEBase-T optics is no longer true, and has not been true for quite some time.
You could find all this info by searching for EX4650-48Y datesheet. Link is below:
https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000640-en.pdf
↧
Re: Ex 4650
Hi HDawood,
Greetings,
The EX4650 line of Ethernet switches delivers high scale, high availability, and high performance for campus distribution deployments.
The EX4650 offers fixed 1GbE/10GbE/25GbE ports with 40GbE/100GbE uplinks that support advanced campus environments, allowing them to provide the onramp to multicloud, to deploy cutting edge cloud applications, and to embrace IoT technology. It is also flexible enough for use in enterprise on-premises top-of-rack and service provider aggregation deployments.
The Juniper Networks® EX4650 Ethernet Switch delivers 4 Tbps of Layer 2 and Layer 3 connectivity to networked devices such as secure routers, servers, and other switches.
Featuring 48 wire-speed 10GbE/25GbE small form-factor pluggable and pluggable plus transceiver (SFP/SFP+/SFP28) ports and 8 wire-speed 40GbE/100GbE quad SFP+ transceiver (QSFP+/QSP28) ports in a compact 1 U platform, the EX4650 provides the flexibility to support mixed 1GbE, 10GbE, 25GbE, 40GbE, and 100GbE environments.
Four models are available: two featuring AC power supplies with front-to-back or back-to-front airflow, and two featuring DC power supplies with front-to-back or back-to-front airflow. All models include dual power supplies.
Switching Capacity
2 Tbps (unidirectional)/4 Tbps (bidirectional)
Layer 2/Layer 3 throughput (maximum with 64 byte packets): 2976 Mpps (wire speed)
Weight
23.7 lb (10.75 kg)
Dimensions (HxWxD)
1.72 x 17.36 x 20.48 in (4.37 x 44.09 x 52.02 cm)
Switching mode: Cut-through and store-and-forward
Front-to-back (airflow out) for hot aisle deployment
Back-to-front (airflow in) for cold aisle deployment
Management and console port connections
Power Consumption
Max load 450 W; typical load 260 W; idle load 160 W
Interface Options
1GbE SFP: 48 (24 copper 1GbE)
10GbE SFP+: 48/80 (with breakout cable)
25GbE SFP28: 48/80 (with breakout cable)
40GbE QSFP+: 8
100GbE QSFP28: 8
Each QSFP+ port can be configured as a 4 x 10GbE interface or as a 40 Gbps port
Each QSFP28 port can be configured as a 4 x 25GbE interface or as a 100 Gbps port
1 USB 2.0 port
1 RS-232 console port
2 management ports: 2 x RJ-45 ports
Supported transceiver and direct attach cable (DAC)
SFP 1GbE optical and copper module
SFP+ 10GbE optical modules
SFP+ DAC cables: 1/3 m twinax copper and 1/3/5/7 m active twinax copper
SFP28 DAC cables: 1 m twinax copper
SFP28 optics: SR, LR
QSFP+ DAC cables: 1/3 m twinax copper
QSFP+ optics: SR4, LX4, ESR4, ER4, LR4
QSFP+ to SFP+ 10GbE direct attach breakout copper (1/3 m twinax copper cable)
QSFP28 to SFP28 25GbE direct attach breakout copper (1 m twinax copper cable)
QSFP28 optics: SR4, ER4, PSM4, CWDM4, LR4
Airflow
Redundant (N+1) and hot-pluggable fan modules for front-to-back and back-to-front airflow
Redundant variable-speed fans to reduce power draw
Power Supply and Fan Modules
Dual redundant (1+1) and hot-pluggable 650 W AC/DC power supplies
110-240 V single phase AC power
-44 to -72 V DC power supply
Redundant (4+1) and hot-pluggable fan modules for front-to-back or back-to-front airflow
For more details please go through the below document.
https://www.juniper.net/us/en/products-services/switching/ex-series/datasheets/1000640.page
Please mark "Accepted Solution" if this helps you solve your query. Kudos are always appreciated.
Thanks
Suraj
↧
Re: Ex 4650
Hi HDawood,
Greetings,
1. Does EX 4650 come with empty ports ?
Yes, it does come up with 56 empty ports (like below) 
2. If yes, can i use 24 port with 1G SFP copper and other 24 port with 10 G SFP + fiber.
Yes again, so the datasheets points out it has 48 x 10/25GbE and 8 x 40/100 options. You can use 24 ports with 1G copper SFP and 24 others with 16G SFP+.
3. How many power supply has this swith been shipped with ?
Two Power Supplies, there are 4 different models and all of them include dual power supplies.
Hope this helps.
Please mark "Accept as solution" if this answers your query.
Kudos are appreciated too!
Regards,
Sharat Ainapur
↧
Re: VxLan over Ipsec Internet Tunnel
Thanks, but do I need a minimum of MTU size?
↧
↧
Re: Ex 4650
Hi HDawood,
Yes, like most switches, EX4650 is shipped with empty ports. Featuring 48 wire-speed 10GbE/25GbE small form-factor pluggable and pluggable plus transceiver (SFP/SFP+/SFP28) ports and 8 wire-speed 40GbE/100GbE quad SFP+ transceiver (QSFP+/QSP28) ports in a compact 1 U platform, the EX4650 provides the flexibility to support mixed 1GbE, 10GbE, 25GbE, 40GbE, and 100GbE environments. It depends on what transceiver you plugin on the port.
Four models are available: two featuring AC power supplies, and two featuring DC power supplies. All models include dual power supplies. These are Dual redundant (1+1) and hot-pluggable 650 W AC/DC power supplies.
Hope this helps
Please mark "Accepted Solution" if this helps you solve your query. Kudos are always appreciated!
↧
Re: EX2300-C can't load 'kernel'
Thanks, Ecladeron fro sharing those valuable links. It works perfectly. Great tips indeed.
↧
EX4600 - pass through GVRP packets
Hi Folks!
I need to pass through GVRP packets through a EX4600 switch which doesn't support GVRP. The switch is connected between two other switches that support and use GVRP. The EX4600 is dropping the GVRP multicast packets by default
Any ideas?
↧