Juniper NETWORKS EX4100 Day One Ethernet Switches User Guide

**Juniper NETWORKS EX4100 Day One Ethernet Switches

**

Step 1: Begin

In this guide, we provide a simple, three-step path, to quickly get you up and running with the Juniper Support Insight (JSI) solution. We’ve simplified and shortened the installation and configuration steps.

Meet Juniper Support Insights

Juniper® Support Insights (JSI) is a cloud-based support solution that gives IT and network operations teams operational insights into their networks. JSI aims to transform the customer support experience by providing Juniper and its customers with insights that help improve the network performance and uptime. JSI collects data from Junos OS-based devices on customer networks, correlates it with Juniper-specific knowledge (such as service contract status, and End of Life and End of Support states), and then curates that into actionable insights.

Virtual Lightweight Collector

The Virtual Lightweight Collector (vLWC) is a VMWare-ready data collection tool that gathers operational data from Juniper devices on customer networks. JSI uses this data to provide IT and network operations teams with actionable operational insights into the onboarded Juniper devices on customer networks. The vLWC uses your existing VMWare infrastructure to provide a virtualized solution while offering the capabilities of the LWC.

At a high level, getting started with the JSI solution involves the following steps:

1. Installing and configuring a Virtual Lightweight Collector (vLWC)
2. Onboarding a set of Junos devices to JSI to initiate data collection
3. Viewing notifications about device onboarding and data collection
4. Viewing operational dashboards and reports

NOTE: This Quick Start guide assumes that you have ordered the JSI-vLWC solution, which is available as part of Juniper Care support service, and that you have an active contract. If you have not ordered the solution, please contact your Juniper Account or Services teams. Accessing and using JSI is subject to the Juniper Master Procurement and License Agreement (MPLA). For general information on JSI, see Juniper Support Insights Datasheet.

Install and Configure the Virtual Lightweight Collector

In this guide, we show you how to install and configure the vLWC on a VMWare environment.

Before You Begin
To successfully install and deploy vLWC, you must meet the following requirements:

• For standalone host configurations:
  • VMWare vSphere Hypervisor (ESXi) (6.7.0 or later)
• For host configurations with vSphere:
  • VMWare vCenter Server (6.7.0 or later)
  • VMWare vSphere Hypervisor (ESXi) (6.7.0 or later)
• One of the following minimum hardware requirements:
  Configuration Type| Total Devices Supported| Number of vCPUs| Memory| Storage
  ---|---|---|---|---
  Small| Up to 10,000 devices| 6 CPUs| 16 GB RAM| 400 GB disk space
  Large| Up to 20,000 devices| 12 CPUs| 32 GB RAM| 400 GB disk space

WARNING: The vLWC can experience data collection issues if your system does not meet the minimum requirements. A lack of CPU and/or memory resources can cause the vLWC to go into a holding pattern and stop collecting data.

• Three VM network interfaces:
  Connectivity| Interface Name| Description
  ---|---|---
  Internal| int| Internal network to access the Junos devices being monitored by JSI. This network should not have access to the Internet.
  External| ext| External network with HTTP/HTTPS and DNS Internet connectivity to connect to Juniper Cloud directly or through an active proxy server.
  Management| cap| Connectivity to the management network host services:

  • Port 443/HTTPS for the Captive Portal web page
  • Port 22/SSH for the JSI shell

• The vLWC software that is provided as a single downloadable OVA file. To download, visit the vLWC request page on Juniper Support Portal at https://supportportal.juniper.net/s/vlwc-form, submit a form with the requested information, and receive a link over an email to download the vLWC software. Refer Download vLWC Software for more information.
  NOTE: The OVA file will be created specifically for your installation. It contains your serial number as an encrypted vApp property that will be used during the initial boot process of the VM.

• Support for VMXNET3 network adapters.

Here’s how to install vLWC using the vCenter Server:

1. Login to the vCenter Server using your username and password in the vSphere Client.

2. Click Menu > Hosts and Clusters to open the Hosts and Clusters page.
   The Hosts and Clusters page lists all your data centers and vSphere clusters on the left pane.

3. Right-click your data center and click Deploy OVF Template… from the Actions menu.
   The Deploy OVF Template page opens.

4. Depending on where your OVA file is available, select the URL option and provide the URL to the OVA file, or select the Local file option and click Choose Files to browse the local drive and upload the vLWC OVA image. Click Next.
   
   The Select a name and folder page opens.

5. Enter a unique name for the vLWC vApp. Select the data center where you want the vApp installed and click Next.
   The Select a compute resource page opens.
   The vLWC vApp name that you enter is for easy identification only, and has no effect on the vLWC. The default vLWC vApp name is the OVA file name.

6. Select the compute resource (a specific host or a cluster) where you want the vApp installed, and click Next.
   The Review details page opens.

7. Verify the details listed on this page to make sure everything looks correct with the product, version, vendor, downloaded vApp file size, and the storage capacity of the virtual disk. Once you have verified the details, click Next.
   The Select storage page opens.

8. Select the datastore you want to use for storing the virtual disk of the vLWC. Select Thick Provision Eager Zeroed as the virtual disk format. Select the VM storage policy and click Next.
   The Select networks page opens.

9. Select the VMWare network to attach to each network interface using the Destination Network drop-down for each of the source network. You can ignore the IP allocation settings as they are not used by the vLWC. Click Next.
   
   The Customize template page opens.

10. Specify the network settings for each vLWC interface over a series of 20 vApp properties. For each interface, select the correct address type. For static address, specify the necessary settings for that interface. You can use the same DNS server for all interfaces.
    Interface| Supported IP Address
    ---|---
    Internal| IPv4 or IPv6 address
    External| IPv4 address only
    Management| IPv4 address only

Once you have configured your network, click Next. The Ready to complete page opens.

11. Verify the configured settings for the vApp deployment and click Finish to start the deployment of the vLWC.
    

12. Wait for VMWare to deploy the vApp. You should see progress bars in the recent tasks section indicating the progress of the vApp deployment. This process can take approximately 30 minutes or more depending on the speed of your cluster, datastores, and your connection to the vSphere.
    NOTE:

    • If you encounter the error message “Failed to deploy OVF package. ThrowableProxy.cause The operation is not supported on the object. The operation failed due to The operation is not supported on the object.”, check if DRS is enabled for the cluster in which you are deploying the vApp.
    • If you encounter any other error when you click Finish, it is possible that you took too long to complete the steps above and the deployment process timed out. You can reattempt the deployment process if this happens and if you encounter an error for the second time, open a Juniper TAC case for assistance.

13. To start vLWC, you can right-click the newly created vApp and click Power On from the Actions menu.
    The vLWC is now installed and running in your environment. To confirm, you can view the summary page of the ggc-lnx VM located under the vLWC vApp entry. It should show an Ubuntu Linux (64-bit) VM running with VMWare Tools also running along with the IP addresses assigned to the VM in the IP addresses list.
    Once the vLWC vApp is installed, you can add or modify various vLWC settings through the Captive Portal web page (see “Configure Network Settings through Captive Portal” on page 8) or the JSI Shell (see “Configure Network Settings through JSI Shell”).

Configure Network Settings through Captive Portal

Here’s how to view network status and configure network settings using the vLWC Captive Portal web page:

1. Open a browser on your computer and enter the URL https://cap_interface_address in the address bar, where cap_interface_address can be the configured static IP address, or the IP address assigned by the DHCP server to the management (cap) interface.
   The JSI Data Collector login page appears.

2. Enter the vLWC serial number in the Serial Number field and click Submit to log in.
   On successful login, the JSI Data Collector page appears.
   The following image displays the JSI Data Collector page when the vLWC is not connected.
   
   NOTE: If the default DHCP configuration on the vLWC is successful, the Captive Portal web page shows the vLWC’s connection status as connected, and populates the fields in all the configurations sections appropriately.
   Click the Refresh icon under the External Network or Internal Network sections to refresh the current connection states for that section.
   The JSI Data Collector page displays configuration sections for the following:

   • External Network—Lets you configure external network port that connects the vLWC to the Juniper’s Cloud. Supports DHCP and static addressing. The External Network configuration is used to perform device provisioning.
   • Internal Networks—Lets you configure the internal network port that connects the vLWC to the Juniper devices on your network. Supports DHCP and static addressing.
   • Active Proxy—Lets you configure the active proxy IP address as well as the port number if your network infrastructure controls access to the Internet though an active proxy. You need not configure this element if you are not using an active proxy.

3. Click the Edit button under the element that needs to be updated.
   You need to modify the fields in:

   • The Internal Network and External Network sections if their connection states indicate that they are disconnected.

   • The Active Proxy section if you are using an active proxy. This section is collapsed by default if an active proxy is disabled or not configured. To configure, click Enable/disable to expand the Active Proxy section.
     If you choose to use an active proxy, ensure that it forwards all the traffic from the vLWC to the AWS cloud proxy (see Outbound Connectivity Requirements table in Internal and External Network Requirements for the AWS cloud proxy URL and ports). Juniper cloud services blocks all the inbound traffic coming through any path other than the AWS cloud proxy.
     NOTE:

   • You must use a different subnet for the IP address assigned to the internal network, external network, and the management (cap) interface. This applies to both DHCP and static configurations.

4. After modifying the fields, click Update to apply the changes and return to the homepage (the JSI Data Collector page).
   If you want to discard your changes, click Cancel.
   If the vLWC connects to the gateway and DNS successfully, the respective configuration element (internal or external network section) on the JSI Data Collector homepage shows the connection status as Gateway Connected and DNS Connected with green tick marks against them.
   The JSI Data Collector homepage displays the Connection Status as:

   • Juniper Cloud Connected if the external connectivity to the Juniper Cloud is established and the active proxy (if applicable) settings are correctly configured.
   • Cloud Provisioned if the device is connected to Juniper Cloud and has completed the Zero Touch Experience (ZTE) process. After the Cloud connection status becomes Juniper Cloud Connected, it takes about 10 minutes for the provision status to become Cloud Provisioned.
     The following image displays the JSI Data Collector page when the vLWC is connected successfully.
     
     If the vLWC does not connect to the cloud, click Download Light RSI to download the light RSI file, create a Tech Case in the Juniper Support Portal, and attach the downloaded RSI file to the case.
     In some cases, the Juniper support engineer might ask you to attach the Extensive RSI file to the case. To download it, click the Download Extensive RSI.

Configure Network Settings through JSI Shell

The JSI Shell is an SSH menu system for the vLWC. In addition to viewing the network status, you can use the JSI Shell to view and modify the network settings for the internal network, external network, optional active proxy and the management (cap) interface. See Configure Network Settings through JSI Shell for more information.

Step 2: Up and Running

Now that you’ve deployed the Virtual Lightweight Collector (vLWC), let’s get you up and running with Juniper Support Insights (JSI) on Juniper Support Portal!

Access Juniper Support Insights

To access Juniper Support Insights (JSI), you must register on the User Registration portal. You also require a user role (Admin or Standard) assigned. To get a user role assigned, contact Juniper Customer Care or your Juniper Services team.

JSI supports the following user roles:

• Standard—The Standard users can view the device onboarding details, operational dashboards, and reports.
• Admin— The Admin users can onboard devices, perform JSI management functions, view the operational dashboards and reports.

Here’s how to access JSI:

1. Log in to Juniper Support Portal (supportportal.juniper.net) by using your Juniper Support Portal credentials.
2. On the Insights menu, click:
   • Dashboards to view of a set of operational dashboards and reports.
   • Device Onboarding to perform device onboarding to initiate data collection.
   • Device Notifications to view notifications about device onboarding, data collection, and errors.
   • Collector to view the details of the vLWC associated with the account.
   • Remote Connectivity to view and manage Remote Connectivity Suite requests for a seamless device data collection process.
     

View the Virtual Lightweight Collector Connection Status

You can view the Virtual Lightweight Collector (vLWC) connection status on the following portals:

• Juniper Support Portal
• The vLWC Captive Portal web page and vLWC JSI Shell. The Captive Portal web page and JSI Shell provides a more detailed view, and has options that let you change the vLWC configuration settings and perform troubleshooting.

View the Connection Status on Juniper Support Portal

Here’s how to view the vLWC connection status on Juniper Support Portal:

1. On Juniper Support Portal, click Insights > Collector.
2. Check the summary table to see the Connection Status of the vLWC. The status should be shown as Connected.
   If the status is shown as Disconnected, check if the vLWC is installed and powered on.

View the Connection Status on the Captive Portal

See “Configure Network Settings through Captive Portal” on page 8 for more information.

View the Connection Status on the JSI Shell

See “Configure Network Settings through JSI Shell” on page 11 for more information.

Onboard Devices

You’ll need to onboard devices to initiate a periodic (daily) data transfer from the devices to the Juniper Cloud. Here’s how to onboard devices in a JSI setup that uses a vLWC:

NOTE: You must be an admin user to onboard a device.

Here’s how to onboard devices to JSI:

1. On Juniper Support Portal, click Insights > Device Onboarding.

2. Click New Device Group. The following image represents the device onboarding page with some sample data filled in.
   

3. In the Device Group section, enter the following details for the devices to be associated with the LWC:

   • Name—A name for the device group. A Device Group is a collection of devices with a set of common credentials and modes of connection. The operational dashboards and reports use the device groups to provide a segmented view of the data.
   • IP Address—IP addresses of the devices to be onboarded. You can provide a single IP address or a list of IP addresses. Alternatively, you can upload the IP addresses through a CSV file.
   • Collector Name—Automatically populated if you have only a single vLWC. If you have multiple vLWCs, select from the list of available vLWCs.
   • Site ID—Automatically populated if you have only a single Site ID. If you have multiple Site IDs, select from the list of available Site IDs.

4. In the Credentials section, create a set of new credentials or select from the existing device credentials.
   JSI supports SSH keys or usernames and passwords.

5. In the Connections section, define a connection mode. You can add a new connection or choose from the existing connections to connect the device to the vLWC. You can connect the devices directly or through a set of bastion hosts. You can specify a maximum of five bastion hosts.

6. After entering the data, click Submit to initiate device data collection for the device group.

View Notifications

Juniper Cloud notifies you about the device onboarding and data collection status. Notification could also contain information about errors that need to be addressed. You can receive notifications in your email, or view them on Juniper Support Portal.
Here’s how to view notifications on Juniper Support Portal:

1. Click Insights > Device Notifications.
2. Click a Notification ID to view the content of the notification.
   

View Operational Dashboards and Reports

The JSI operational dashboards and reports are dynamically updated based on a periodic (daily) device data collection, which is initiated when you onboard a device. The dashboards and reports provide a set of current, historic, and comparative data insights into the devices’ health, inventory, and lifecycle management. The insights include the following:

• Software and hardware systems inventory (chassis to component level detail covering serialized and non-serialized items).
• Physical and logical interface inventory.
• Configuration change based on commits.
• Core files, alarms, and Routing Engine health.
• End of Life (EOS) and End of Service (EOS) exposure.

Juniper manages these operational dashboards and reports.

Here’s how to view the dashboards and reports on Juniper Support Portal:

1. Click Insights > Dashboard.
   The Operational Daily Health Dashboard is displayed. This dashboard includes charts that summarize the KPIs associated with the account, based on the last collection date.
   

2. From the Reports menu on the left, select the dashboard or report you want to view.
   
   The reports typically consist of a set of filters, an aggregated summary view, and a detailed tabular view based on the data collected. A JSI report has the following features:

   • Interactive views—Organize the data in a meaningful way. For example, you can create a segmented view of the data, click through, and mouse-over for additional details.
   • Filters—Filter data based on your requirements. For example, you can view data specific to one or more device groups for a specific collection date and a comparison period.
   • Favorites—Tag reports as favorites for ease of access.
   • Email Subscription—Subscribe to a set of reports to receive them at a daily, weekly, or monthly frequency.
   • PDF, PTT, and Data formats—Export the reports as PDF or PTT files, or in data format. In data format, you can download the report fields and values for each report component (for example, chart or table) by using the Export Data option as shown below:
     

Prepare for a Remote Connectivity Suite Request

The JSI Remote Connectivity Suite (RCS) is a cloud-based solution that streamlines the support and troubleshooting process between Juniper support and customers by making the device data collection process seamless. Instead of iterative exchanges between Juniper support and the customer to obtain the right device data, RCS retrieves this in the background automatically. This timely access to essential device data facilitates swift troubleshooting of the issue.

At a high level, the RCS request process involves the following steps:

1. Submit a technical support case through the customer portal.

2. A Juniper support engineer will contact you about your technical support case. If necessary, the Juniper support engineer may propose an RCS request to retrieve device data.

3. Depending on the rules from the RCS settings (Ask Approval enabled), you may receive an email containing a link to authorize the RCS request.
   a. If you consent to share the device data, click the link in the email, and approve the request.

4. The RCS request will be scheduled for a specified time and the device data is securely relayed to Juniper support.

NOTE: You must have JSI administrator privileges to configure RCS device settings, and approve or deny RCS requests.

View RCS Requests

Here’s how to view RCS requests on Juniper Support Portal:

1. On Juniper Support Portal, click Insights > Remote Connectivity to open the Remote Connectivity Requests Lists page.
   The Remote Connectivity Requests Lists page lists all the RCS requests made. You can use the drop-down list on the top left corner of the page to customize your viewing preference.
   

2. Click the Log Request Id of an RCS request to open the Remote Connectivity Requests Detail page.
   From the Remote Connectivity Requests Detail page, you can view the RCS request details and perform the following tasks:

   • Modify the serial number.

   • Adjust the requested date and time (set to a future date/time).
     NOTE: If the time zone is not specified in your user profile, the default time zone is Pacific Time (PT).

   • Append notes.

   • Approve or deny the RCS request.
     

Configure RCS Device Settings

You can configure both RCS collection and core file collection preferences from the RCS settings page. Here’s how to configure the Remote Connectivity RSI Collection settings on Juniper Support Portal:

1. On Juniper Support Portal, click Insights > Remote Connectivity to open the Remote Connectivity Requests Lists page.

2. Click Settings on the top right corner of the page. The Remote Connectivity RSI Collection Settings page opens. This page enables you to set global collection permissions and create permission exceptions based on different criteria.
   

3. Global collection permissions are configured at an account level. For multiple JSI-connected accounts, you can select the account using the Account Name drop-down list on the top right corner of the page.

4. To configure global collection permission, click Edit in the Global Collection Permissions section and change permission to one of the following:

   • Ask Approval—An approval request is sent to the customer when Juniper support initiates an RCS request. This is the default setting when no permission is explicitly selected.

   • Always Allow—RCS requests initiated by Juniper support are automatically approved.

   • Always Deny—RCS requests initiated by Juniper support are automatically declined.
     NOTE: When you have the global collection permission, and one or more exceptions configured with conflicting permissions, the following order of precedence will apply:

   • Device list rules

   • Device group rules

   • Day and time rules

   • Global collection permission

5. To create exceptions based on specific day and time, click Add in the Date and Time Rules section. The Day and Time Rules Settings page opens.
   You can configure an exception based on days and duration, and click Save to save the exception and return to the Remote Connectivity RSI Collection Settings page.
   

6. NOTE: Before configuring collection rules for device groups, ensure that a device group already exists for the account.
   To create separate collection rules for specific device groups, click Add in the Device Group Rules section. The Device Group Rules Settings page opens.
   You can configure the collection rule for a specific device group, and click Save to save the rule and return to the Remote Connectivity RSI Collection Settings page.
   

7. To create separate collection rules for individual devices, click Add in the Device List Rules section. The Device List Rules Settings page opens.
   You can configure the collection rule for individual devices, and click Save to save the rule and return to the Remote Connectivity RSI Collection Settings page.
   

Step 3: Keep Going

Congratulations! Your JSI solution is now up and running. Here are some of the things you can do next.

What’s Next?

additional devices by following the procedure explained here: “Onboard Devices” on page 13
View the operational dashboards and reports.| See “View Operational Dashboards and Reports” on page 15
If you want to| Then
---|---
Manage your notifications and email subscriptions.| Log into the Juniper Support Portal, navigate to My Settings and select Insights to manage your notifications and email subscriptions.
Get help with JSI.| Check for solutions in the FAQs: Juniper Support Insights and the Lightweight Collector and Knowledge Base (KB) articles.

If FAQ or KB articles do not address your issues, contact Juniper Customer Care.

General Information

JSI Documentation page in the Juniper TechLibrary
Find more in-depth information about installing the Virtual Lightweight Collector (vLWC)| See the Virtual Lightweight Collector Deployment Guide.

Learn with Videos

Our video library continues to grow! We’ve created many, many videos that demonstrate how to do everything from install your hardware to configure advanced Junos OS network features. Here are some great video and training resources that will help you expand your knowledge of Junos OS.

Get short and concise tips and instructions that provide quick answers, clarity, and insight into specific features and functions of Juniper technologies| See Learning with Juniper on the Juniper Networks main YouTube page
View a list of the many free technical trainings we offer at Juniper| Visit the Getting Started page on the Juniper Learning Portal

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document.
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Copyright © 2023 Juniper Networks, Inc. All rights reserved.

References

• CEC Juniper Community
• supportportal.juniper.net/s/vlwc-form
• User Registration
• Juniper Support Insights (JSI) Documentation | Juniper Networks
• Configure the LWC Device | Juniper Networks
• FAQs: Juniper Support Insights | Juniper Support Insights | Juniper Networks
• Virtual Lightweight Collector Deployment Guide | Juniper Support Insights | Juniper Networks
• Before You Install | Juniper Support Insights | Juniper Networks
• Configure Network Settings through JSI Shell | Juniper Support Insights | Juniper Networks

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>