Spec Sheet

ManualsBrandsJuniper ManualsEthernet SwitchEX4300 Network Switch

Data SheetEX4300 Ethernet Switch

The UAC solution is composed of three main components:

Juniper Networks Junos Pulse as the endpoint client (also

available in an agent-less mode); the Junos Pulse Access Control

Service running on a blade in a MAG Series Junos Pulse Gateway

chassis or on a dedicated MAG Series appliance; and UAC

enforcement points. Working as an enforcement point with the

UAC solution, the EX4300 provides both standards-based 802.1X

port-level access control as well as L2-L4 policy enforcement

based on user identity, location, and/or device. A user’s identity,

device type, machine posture check, and location can be used

to determine whether access should be granted and for how

long. If access is granted, the switch assigns the user to a specific

VLAN based on authorization levels. The switch can also apply

QoS policies or mirror user traffic to a central location for logging,

monitoring, or threat detection by intrusion prevention systems.

Additionally, a captive portal redirection feature redirects URLs

from the EX4300 to the MAG Series gateway running Pulse Access

Control Service for user authentication and authorization, making

the UAC solution a “single source of truth” for user and device

authentication and for enforcing role-based security policies.

The EX4300 also provides a full complement of port security

features, including Dynamic Host Configuration Protocol (DHCP)

snooping, dynamic ARP inspection (DAI), IP Source Guard, and

media access control (MAC) limiting (per port and per VLAN)

to defend against internal and external spoofing, man-in-the-

middle and denial-of-service (DoS) attacks.

MACsec

EX4300 switches support IEEE 802.1ae MACsec, providing

support for link-layer data confidentiality, data integrity, and data

origin authentication. The MACsec feature enables the EX4300

to support 88 Gbps of near line-rate hardware-based traffic

encryption on all GbE and 10GbE ports, including the base unit

and optional uplink modules.

Defined by IEEE 802.1AE, MACsec provides secure, encrypted

communication at the link layer that is capable of identifying and

preventing threats from denial of service (DoS) and intrusion

attacks, as well as man-in-the-middle, masquerading, passive

wiretapping and playback attacks launched from behind the

firewall. When MACsec is deployed on switch ports, all traffic

is encrypted on the wire but traffic inside the switch is not. This

allows the switch to apply all network policies such as QoS,

deep packet inspection and sFlow to each packet without

compromising the security of packets on the wire.

Hop-by-hop encryption enables MACsec to secure

communications while maintaining network intelligence. In

addition, Ethernet-based WAN networks can use MACsec to

provide link security over longhaul connections. MACsec is

transparent to Layer 3 and higher-layer protocols and is not

limited to IP traffic; it works with any type of wired or wireless

traffic carried over Ethernet links.

Simpliﬁed Management and Operations

When employing Virtual Chassis technology, the EX4300

dramatically simplifies network management. Up to 10

interconnected EX4300 switches can be managed as a single

device. Each Virtual Chassis group utilizes a single Junos OS

image file and a single configuration file, reducing the overall

number of units to monitor and manage. When Junos OS is

upgraded on the master switch in a Virtual Chassis configuration,

the software is automatically upgraded on all other member

switches at the same time.

The EX4300 also includes port profiles that allow network

administrators to automatically configure ports with security,

QoS, and other parameters based on the type of device

connected to the port. Six preconfigured profiles are available,

including default, desktop, desktop plus IP phone, wireless access

point, routed uplink, and Layer 2 uplink. Users can select from

the existing profiles or create their own and apply them through

the command line interface (CLI), Junos Web interface, or

management system.

The EX4300 switches can be managed through Junos Space

Network Director*, a next-generation network management

solution that allows users to visualize, analyze and control the

entire enterprise network—data center and campus, physical and

virtual, and wired and wireless—through a single pane of glass.

It incorporates sophisticated analytics for real-time intelligence,

trended monitoring, and automation to increase agility as well as

faster rollout and activation of services.

For cloud deployments, Network Director provides a set of

REST APIs that enable on-demand and dynamic network

services by simplifying the consumption of services for multi-

tenant environments. With third-party cloud orchestration tool

integration, the Network Director API enables automation and

provisioning of Layer 2, Layer 3 and security services in the data

center without the need for manual operator intervention.

Finally, the EX4300 switch system, performance, and fault data

can be exported to leading third-party management systems such

as HP OpenView, IBM Tivoli, and Computer Associates Unicenter

soware to provide a complete, consolidated view of network

operations.

Warranty

For warranty information, please visit www.juniper.net/support/

warranty/.

*Roadmap