Let’s talk about dynamic port profile. Very, very excited to introduce this. So the port profiles which we talked several times before can be configured or can be used to, say, you have an AP or a camera or a printer and you want to assign that particular port or a series of ports to that devices. So you can create these port profiles and that can include the access VLAN or it could include the voice VLAN, or it could be a trunk port also with multiple VLANs allowed onto it. And then you can enable 802.1x, et cetera, on it.
But now what we have done is, we have taken this port profile to what we call as the dynamic port profile. With that, now depending on your LLDP information, which is coming from the device which is connected, it could be an AP or it could be a camera or any other devices, as long as they support LLDP, or depending on the radius username and password, which, if the device supports 802.1X authentication, we will now be able to detect what type of device is that and change that port to this dynamic port configurations and what we call as the colorless to colored ports, as well as once you disconnect the port from the system, we will convert that port back to a normal configuration which was there before it could be a restricted VLAN, et cetera.
So very, very excited to show this to you. You can do with the radius server and also you can do without a radius server. That’s important to understand. We just use the LLDP information, the system name and the chassis ID information, which is coming from a standard [inaudible]. So if you do a show LLDP, a neighbor information on your switch, you will be able to find either of this information, the system name or the chassis ID and do that configuration automatically. So the dynamic profile is enabled on the switch templates or even directly on the device itself or on what we call on the switch. So in order to enable dynamic profile, you can always go to organization and the switch templates. And inside the switch templates I have created a switch template called production-one. And in this scenario you have your radius configuration, NTP and CLI configurations, which is good.
Now you created the shared elements, you created this VLANs for example, 20, 30 and 40 for your camera network, corporate network and IOT network. But in addition to this, imagine that you created a VLAN called VLAN 99, which is what we call as a restricted VLAN, maybe a VLAN which cannot be routed anywhere. It can be routed only to the internet. They cannot reach any other part of the network. So you create this VLAN called say VLAN 99, and then you associate that VLAN 99 to a profile called restricted device profile. It could be a simple access profile and you say that it is mapped to VLAN 99 and you have port enabled on it, which is okay on it. But now this is the new thing which we have added where we are saying that you’re doing the dynamic port configuration. So if you look at the MAC address of a missed AP usually starts with the 5c:5b:35, you will be able to look into that MAC address and say that if I detect via LLDP, this MAC address, I will apply this profile of Mist AP onto that trunk, onto that port.
That means as soon as we detect a device with this MAC address, we will be able to… Or via LLDP, we will be able to convert that port automatically to a trunk port and basically apply that Mist AP profile. Similarly, I have created another one for a different set of APs. So I have this cool AP 12 on it and this particular 12 APs comes with a MAC address of d4:20:b0 for example. So I have created separate profile for the AP 12. So what I have done is similarly, if I detect via LLDP, these six octets of the MAC address and I will be able to say that I’ll apply. So similarly you can look into system name. This is basically the hostname type of information coming from the devices as well as radius username coming from the devices.
So if you enable 802.1x and on the switch port, you will be able to detect that and assign that to your input. So you create this dynamic profile and the final step, which you have to do is select the switches and in the switch configuration or on the port configuration. I have said that these sports ge-004104 and 101 for example, are all mapped to a dynamic configuration profile of restricted device, but they are configured with dynamic configuration. So as a result, what happens is if anybody connects to ge-101 in my setup, I will be able to do that dynamic configuration and convert that port to a Mist AP automatically. How we do that, so if you go to the switches in this scenario, I have this EX2300 virtual chassis and I have done the configurations where I’m looking at the network where the restricted VLAN of 99 is there, then the restricted network of VLAN 99.
And by default I’m saying that same information is available. But in this case you can see ge-001 is applied with a restricted device profile of 99, but we have enabled dynamic configuration on it. So as a result, if you go to switch insights, and I did this thing yesterday in order to prepare, you will see that as the port is coming up, as the port is coming up in this scenario on ge-001101, I assigned dynamic port profile and applied this new profile of Mist AP on it. So in this case, I have detected that, okay, looks like this is a Mist AP, it matches my MAC address, which I have selected via LLDP, that information is coming and I can change the port to ge-1/0/1 Mist AP profile. So if you go to the switch rendition, you will see that this particular port ge-101 is now applied with a Mist profile.
So initially it was configured with restricted and as I detected it as an AP, I changed that port to apply a profile of Mist AP. And the good thing is, if I disconnect this port, I will see that the port will go back to that restricted profile, which is a big thing for a lot of customers because they might be handling switches somewhere far away and they might not be around. And then we could be that somebody plugs in something into that network. But you can now say that if they plug in something which you don’t know about, they will be part of the restricted VLAN. But if it’s a valid device like a printer which supports LLDP or a camera or an AP now can convert that port into this dynamic port automatically.
So that’s I think a pretty cool feature. A lot of customers have been waiting for this. You don’t need a radius server that’s very important. You can do this via LLDP and I think we are the first one in the industry to introduce that with the LLDP, but you can always use a radius server and do the authentication of the devices on the radius server with that also is supported. So you have both options of doing either a radius server or using the LLDP information to add this, okay. So that’s the dynamic port profile which has been added in the last six weeks. And then finally, I want to quickly touch on the switches part of it and the topology. Very excited to show you this. So in my scenario, obviously I added a support for SRXs on it. So I have a beta tag enabled. So if you want to test out your SRXs, please let me or Jean know, we can enable the SRX tag or the VAN assurance tag onto your setup.
So if you have an SRX320 for example, in my scenario I added it. And as you can see this is added, it’s connected and I will be able to go to the gateway insights and look at all the details. So I’m going to look at if for last seven days, if there has been any events. Yeah, looks like similarly, we will be able to see if there is any events, anything being pushed from the devices, et cetera. And also from the SRXs, we will be able to see the top applications. So it will be running the app queue application inside the SRX and we will be able to see the top applications, what is running in your environment. Definitely the control plane, CPU, memory utilization, and the various ports.
You will be able to select which ports you want to monitor. In this case for me, ge-00 is the external ports, which is going out to the internet. And then my ge-001 is my internal ports and I don’t have any other ports connected to it. So there will be no data, but you can specifically select which port you’re looking into and show that information. If there are port errors, power drawn, and if you have form that IPSec traffic, we will be able to show those information. So slowly we are adding more features and functionalities for the SRX, but what we can do today is if the customer has an SRX, we will be able to detect that this is my SRX. And then behind the SRX, I have a EX2300-VC connected. And inside that VC, as you can see, I have three types of devices connected. I have two APs connected to it and another wired client connected.
So now you can show that with that AP, which of the clients connected to it. So now you have the full topology view for this particular site called primary site. In my scenario, you can change and go between multiple sites. So now you can show your SRX, you can show your EXs as well as the APs connected to it, and the different types of clients. If it’s a wireless client or a wired client in your network, you will be able to show this. So make sure you point this out when you are doing your demos to the customer that we have now full support for what we call as the topology view, depending on the site. So now if you want to go to any of the devices, you can jump in and look at say AP32 and jump in to that section.
Or you will be able to go in and look into your switches if you want to see the switch details. If you click on the switches, you’ll be able to jump to your switches and show all the details related. If you jump into any of the ports, you can show all the port details. Another point of which I showed out to you earlier was the uplink port. So in this case you will see that this is my uplink port, which is going to my SRX in this scenario. So I have configured this as a trunk port and you will see a notification saying that, okay, if it’s an up arrow, that means an uplink port, this is where it is connected to the uplink switches or any other devices in your network. And also you can look into all the details about that uplink port. If there’s any details coming up, you will see the changes, everything and the details about the port errors, bytes, et cetera, in your network.
So I think that’s something a lot of customers have been talking about, so that you can go in and look into what are the ports which are connected to your upstream switches and monitor, most importantly, if there is any STP changes happening or spanning tree changes happening, we will be able to show that. And as a result, if there is a spanning tree loop in your network, we will be able to show that.