1. Documentation
  3. FAQ
  5. Wi-Fi FAQ
  7. Best Practices for switch port…

Best Practices for switch port configs

Modified on

Here are some recommended configurations for your switch ports to work seamlessly with the Mist APs:

  • On a trunk port, prune all the unwanted VLANs – only the required VLANs (based on WLANs) should be part of allowed VLANs. Since our APs do not save the configuration by default, APs should be able to get the IP address on the Native VLAN in order to get connected to the cloud and get configured
  • We do not recommend Port Security (MAC address limit), except in the case where all WLANs are tunneled.
  • Feel free to enable BPDU Guard as typically BPDUs are not bridged from wireless to wired on the AP unless it is a mesh base
    • (BPDUs are data messages that are exchanged across the switches within an extended LAN that uses a spanning tree protocol topology. BPDU packets contain information on ports, addresses, priorities and costs and ensure that the data ends up where it was intended to go.)

Here is an example config for a Juniper EX switch.  Config assumes a dedicated management VLAN, a staff VLAN, and a guest VLAN:

interfaces {
    ge-0/0/0 {
        native-vlan-id 100;
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ management staff guest ];
                }
            }
        }
    }
}

vlans {
    guest {
        vlan-id 667;
    }
    staff {
        vlan-id 200;
    }
    management {
        vlan-id 100;
        l3-interface irb.100;
    }
}

If you want to show how to set an IP on the management VLAN for the switch (10.10.100.50/24) to be accessible from other networks (gateway of 10.10.100.1), that would look like this:

interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ management staff guest ];
                }
                native-vlan-id 100;
            }
        }
    }
    vlan {
        unit 100 {
            family inet {
                address 10.10.100.50/24;
            }
        }
    }
}

routing-options {
    static {
        route 0.0.0.0/0 next-hop 10.10.100.1;
    }
}

vlans {
    guest {
        vlan-id 667;
    }
    staff {
        vlan-id 200;
    }
    management {
        vlan-id 100;
        l3-interface vlan.100;
    }

}

 



Note: For Juniper EX switches we recommend including your switch’s management address in the LLDP configuration:


The configuration above can also be done in the Set mode


set interfaces irb unit 400 family inet address 10.33.1.110/24

set routing-options static route 0.0.0.0/0 next-hop 10.33.1.1

set routing-options static route 0.0.0.0/0 no-resolve

set protocols lldp management-address 10.33.1.110

set protocols lldp port-id-subtype interface-name

set protocols lldp interface all

set protocols lldp-med interface all




In the above example – the VLAN 100 is used for management.


And the same is advertised over LLDP as well.