Template-based Configuration with Device and Port Profile

A key feature of switch management through the Juniper Mist cloud is the ability to use configuration templates and a hierarchical model to group the switches and make bulk updates. Templates provide uniformity and convenience, while the hierarchy (Organization, Network, and Switch) provides both scale and granularity.

What templates, and the hierarchical model, means in practice is that you can create a template configuration and then apply those settings to all the devices in a given group. When a conflict occurs, for example when there are settings at both the Network and Organizational levels that apply to the same device, the more narrow settings (in this case, Network) override the broader settings defined at the Organization level

Individual switches, at the bottom of the hierarchy, can inherit all or part of the configuration defined at the Organization level, and again at the Network level. Of course, individual switches can also have their own unique configurations.

You can include individual CLI commands at any level of the hierarchy, which are then appended to all the switches in that group on an “AND” basis– that is, individual CLI settings are appended to the existing configuration (existing setting are not replaced).

Table 1: Hierarchical Templates

There is a lot of flexibility in how you can design template and use them at different levels of the hierarchy. To illustrate this, we’ll look at four use cases to show the interplay between configuration settings made at different levels of the hierarchy.

For each of the use cases below, start by clicking Organization > Switch Templates in the main Juniper Mist menu. If you don’t see that option, you need a network administrator account before you can proceed.

Case 1: Organization-Level Switch Settings

Enterprise A has multiple sites, all of which use the same VLANs and ports. However, at the switch level, different switch models are deployed, and the switches don’t all have the same exact port configurations or the same number of ports.

Template Solution

  • Start with an Organizational level switch template.
  • Configure the VLANs and ports (which will then be applied uniformly to all switches in each Network that is included in the Organization).
  • Use the Port Configuration Rules feature in the Organization template to create different port configuration rules for each of the different switch models found in the organization.
  • Assign the Organization template to all Sites. Any switches, now or in the future, that are added to one of the Sites will inherit the VLAN settings, and the port rules, as per the switch model.

Case 2: Network-Level Settings

Enterprise B has multiple sites, all of which use the same VLANs and ports and port configurations. However, one network has a RADIUS server that uses 802.1X authentication (and so is different from what is configured at the Org level).


Template Solution

  • Start with a network level switch template.
  • Because this Network uses a unique radius server (that is, one that is different than the one defined at the Organization level), we will over-ride that configuration with the setting specified here.

Case 3: Individual Switch Administration

Enterprise C has multiple sites, each of which is managed by a local IT team. In other words, each team wants to be able to configure the switches under their control, without inheriting any setting from the Network or ORG level hierarchies. As such, if a given switch has a specific VLAN or radius server (such as they can add it here.