Juniper EX4200 EX4200-48T-TAA データシート
製品コード
EX4200-48T-TAA
5
The EX4200 also provides a full complement of port security
features including DHCP (Dynamic Host Configuration Protocol)
snooping, DAI (dynamic ArP inspection) and MAC limiting (per
port and per VLAN) to defend against internal and external
spoofing, man-in-the-middle and denial-of-service (DoS) attacks.
features including DHCP (Dynamic Host Configuration Protocol)
snooping, DAI (dynamic ArP inspection) and MAC limiting (per
port and per VLAN) to defend against internal and external
spoofing, man-in-the-middle and denial-of-service (DoS) attacks.
MACsec on the EX4200
A MACsec software license enables the EX4200 to provide near
line-rate hardware-based encryption of user traffic on a dual-
speed 2x10GbE or 4x1GbE SFP+ MACsec uplink module.
line-rate hardware-based encryption of user traffic on a dual-
speed 2x10GbE or 4x1GbE SFP+ MACsec uplink module.
Defined by IEEE 802.1AE, MACsec provides secure, encrypted
communication at the link layer that is capable of identifying and
preventing threats from denial of service (DoS) and intrusion
attacks, as well as man-in-the-middle, masquerading, passive
wiretapping and playback attacks launched from behind the
firewall. When MACsec is deployed on switch ports, all traffic
is encrypted on the wire but traffic inside the switch is not. This
allows the switch to apply all network policies such as Quality of
Service (QoS), deep packet inspection and sFlow to each packet
without compromising the security of packets on the wire.
communication at the link layer that is capable of identifying and
preventing threats from denial of service (DoS) and intrusion
attacks, as well as man-in-the-middle, masquerading, passive
wiretapping and playback attacks launched from behind the
firewall. When MACsec is deployed on switch ports, all traffic
is encrypted on the wire but traffic inside the switch is not. This
allows the switch to apply all network policies such as Quality of
Service (QoS), deep packet inspection and sFlow to each packet
without compromising the security of packets on the wire.
Hop-by-hop encryption enables MACsec to secure communications
while maintaining network intelligence. In addition, Ethernet-based
WAN networks can use MACsec to provide link security over long-
haul connections. MACsec is transparent to Layer 3 and higher-
layer protocols and is not limited to IP traffic; it works with any type
of traffic carried over Ethernet links.
while maintaining network intelligence. In addition, Ethernet-based
WAN networks can use MACsec to provide link security over long-
haul connections. MACsec is transparent to Layer 3 and higher-
layer protocols and is not limited to IP traffic; it works with any type
of traffic carried over Ethernet links.
Simplified Management and Operations
When employing Virtual Chassis technology, the EX4200
dramatically simplifies network management. Up to 10
interconnected EX4200 switches can be managed as a single
device. Each Virtual Chassis group utilizes a single Junos OS image
file and a single configuration file, reducing the overall number
dramatically simplifies network management. Up to 10
interconnected EX4200 switches can be managed as a single
device. Each Virtual Chassis group utilizes a single Junos OS image
file and a single configuration file, reducing the overall number
of units to monitor and manage. When Junos OS is upgraded on
the master switch in a Virtual Chassis configuration, the software
is automatically upgraded on all other member switches at the
same time.
the master switch in a Virtual Chassis configuration, the software
is automatically upgraded on all other member switches at the
same time.
The EX4200 also includes port profiles that allow network
administrators to automatically configure ports with security, QoS
and other parameters based on the type of device connected to
the port. Six preconfigured profiles are available, including default,
desktop, desktop plus IP phone, wireless access point, routed uplink
and Layer 2 uplink. Users can select from the existing profiles or
create their own and apply them through the command line interface
(CLI), Junos Web interface or management system.
administrators to automatically configure ports with security, QoS
and other parameters based on the type of device connected to
the port. Six preconfigured profiles are available, including default,
desktop, desktop plus IP phone, wireless access point, routed uplink
and Layer 2 uplink. Users can select from the existing profiles or
create their own and apply them through the command line interface
(CLI), Junos Web interface or management system.
An EZ touchless provisioning feature allows a DHCP server to
push configuration details and software images to multiple
switches at bootup.
push configuration details and software images to multiple
switches at bootup.
Four system management options are available for the EX4200.
The standard Junos OS CLI management interface offers the same
granular capabilities and scripting parameters found in any device
powered by Junos OS. The EX4200 also includes the integrated
Junos Web management tool, an embedded device manager
that allows users to configure, monitor, troubleshoot and perform
system maintenance on individual switches via a browser-based
graphical interface.
The standard Junos OS CLI management interface offers the same
granular capabilities and scripting parameters found in any device
powered by Junos OS. The EX4200 also includes the integrated
Junos Web management tool, an embedded device manager
that allows users to configure, monitor, troubleshoot and perform
system maintenance on individual switches via a browser-based
graphical interface.
When managing a group of EX4200 switches, the Juniper
Networks Network and Security Manager (NSM) provides system-
level management across all Juniper switches in the network, from
a single console.
Networks Network and Security Manager (NSM) provides system-
level management across all Juniper switches in the network, from
a single console.
Finally, the EX4200 switch system, performance and fault data
can be exported to leading third-party management systems such
as HP OpenView, IBM Tivoli and Computer Associates Unicenter
software, to provide a complete, consolidated view of network
operations.
can be exported to leading third-party management systems such
as HP OpenView, IBM Tivoli and Computer Associates Unicenter
software, to provide a complete, consolidated view of network
operations.
EX4200
Virtual Chassis
Closet 2.1
Floor 2
Building 1
Closet 1.1
Floor 1
Building 1
EX4200
Virtual Chassis
Closet 3.1
10GbE MACsec Connections
10GbE MACsec Connections
Floor 3
Building 1
EX4550 Virtual Chassis
or EX4550/EX4200 Mixed Virtual Chassis
Floor 1
Building 2
10GbE MACsec
Connections
Figure 5: MACsec deployment with EX4200 and EX4550 switches.