EX4200 Ethernet
With Virtual Chassis
Product Overview
High-performance businesses
demand high-performance
networking solutions. These solutions
include a new class of secure,
scalable and always-on enterprise
switch that advances the economics
of networking by enabling businesses
to deploy innovative new technologies
that increase revenue and improve
productivity. The Juniper Networks
EX4200 line of Ethernet switches
with Virtual Chassis technology
combine the compact, pay-as-yougrow economics and low power and
cooling requirements of stackable
switches with the performance,
availability, operational ease and port
densities of chassis-based platforms
to meet the demands of today’s highperformance enterprises.
Product Description
The Juniper Networks® EX4200 line of Ethernet switches with Virtual Chassis technology
combine the high availability (HA) and carrier-class reliability of modular systems with the
economics and flexibility of stackable platforms, delivering a high-performance, scalable
solution for data center, campus and branch office environments.
Offering a full suite of Layer 2 and Layer 3 switching capabilities as part of the base
software, the EX4200 satisfies a variety of high-performance applications, including
branch, campus and data center access deployments as well as Gigabit Ethernet (GbE)
aggregation deployments. A single 24-port or 48-port switch can be deployed initially; as
requirements grow, Juniper Networks Virtual Chassis technology allows up to 10 EX4200
switches to be interconnected over a 128 gigabit-per-second (Gbps) backplane and
managed as a single device, delivering a scalable, pay-as-you-grow solution for expanding
network environments. Flexible Gigabit Ethernet (GbE) and 10-Gigabit Ethernet (10GbE)
uplink options enable high-speed connectivity to aggregation- or core-layer switches
which connect multiple floors or buildings.
All EX4200 switches include HA features such as redundant, hot-swappable internal
power supplies and field-replaceable, multi-blower fan trays to ensure maximum uptime.
In addition, the base EX4200 partial PoE switch models offer Class 3 Power over Ethernet
(PoE), delivering up to 18.6 watts on the first eight ports to support networked devices
such as telephones, video cameras and wireless LAN (WLAN) access points for lowdensity converged networks. Full PoE options delivering up to 18.6 watts on all 24 or 48
ports are also available, making them ideal for high-density IP telephony deployments.
Furthermore, PoE+ models deliver up to 30 watts of standards-based 802.3at PoE+ on
24 or 48 ports making them ideal for all PoE applications including campus deployments
with 802.11n wireless access points.
Juniper Networks Virtual Chassis
Technology: Chassis-like Switch Features
in a Stackable Form Factor
Virtual Chassis
• Redundant, internal hot-swappable power supplies
• Hot-swappable fan tray with redundant blowers
• Consistent modular Juniper Networks Junos® operating system
control plane feature implementation
Floor N
• Dual Route Engines with Graceful Routing Engine Switchover
EX4200 Virtual Chassis
EX4200 Virtual Chassis
• Single management interface
• Easy, centralized software upgrades
• Scales from 24 to 480 ports with up to 20 10GbE uplinks
• Limited lifetime switch hardware warranty
Each EX4200 switch includes an integrated application-specific
integrated circuit (ASIC)-based Packet Forwarding Engine, the
EX-PFE, while an integrated Routing Engine (RE) delivers all
control plane functionality. Based on field-proven Juniper
Networks technology, the Route Engine brings the same level
of carrier-class performance and reliability to the EX4200 line
of Ethernet switches that Juniper Networks routers bring to the
world’s largest service provider networks.
The EX4200 also leverages the same modular Juniper Networks
Junos OS as Juniper Networks router products, ensuring a
consistent implementation and operation of each control plane
feature across an entire Juniper Networks infrastructure.
Architecture and Key Components
The EX4200 switches are single rack-unit devices that deliver a
compact solution for crowded wiring closets and access switch
locations where space and power are at a premium. Each EX4200
supports optional front-panel uplink modules offering either four
GbE ports or two 10GbE ports for high-speed backbone or linkaggregation connections between wiring closets and upstream
aggregation switches. Uplink modules can be installed without
powering down the switch, enabling users to add high-speed
connectivity at any time or migrate from one uplink type to
the other to deliver the ultimate in flexible, high-performance
The EX4200 also features a front-panel LCD that offers a flexible
interface for performing device bring-up and configuration
rollbacks, reporting switch alarm and LED status, or restoring
the switch to its default settings. The LCD also displays a Virtual
Chassis member switch’s chassis “slot number” and Route Engine
status for rapid identification and problem resolution.
Dual rear-panel Virtual Chassis ports enable EX4200 switches to
be interconnected over the 128 Gbps virtual backplane. Switches
deployed in close proximity, such as wiring closets or top-ofrack data center applications, can be securely connected using a
Virtual Chassis cable and cable lock supplied by Juniper Networks.
In addition, a dedicated rear-panel RJ-45 port is available for outof-band management, while a rear-panel USB port can be used to
easily upload Junos OS and configuration files.
Floor 1
SRX Series
EX4200 Virtual Chassis
WAN Edge
Extend Virtual Private LANs
with MPLS
M Series
Core Layer
High Density.
wire-rate 10 Gbps
Virtual Chassis
Access Layer
EX4200 and EX4500 Virtual Chassis
Figure 1: The EX4200 Ethernet switch with Virtual Chassis
technology delivers a high-performance, scalable and highly reliable
solution for data center, branch and campus environments.
Virtual Chassis Technology
Up to 10 EX4200 switches can be interconnected using Virtual
Chassis technology to create a single logical device supporting up
to 480 10/100/1000BASE-T ports or 240 100/1000BASE-X ports,
plus an additional 40 GbE or 20 10GbE uplink ports. Additionally,
EX4200s can be interconnected in a Virtual Chassis configuration
that also includes EX4500s, creating a single logical switch
that offers a variety of port and density options for mixed server
In a Virtual Chassis configuration, all switches are monitored and
managed as a single device, enabling enterprises to separate
physical topology from logical groupings of endpoints and allowing
more efficient resource utilization. Highly resilient topologies can
also be created using the GbE or 10GbE uplink ports to extend
the Virtual Chassis configuration across long distances spanning
multiple wiring closets, floors or even buildings.
West Closet
East Closet
Floor N
Figure 2: Using Virtual Chassis technology, up to 10 EX4200
switches can be interconnected to create a single logical device
spanning multiple wiring closets, floors or even buildings.
Chassis-Class Availability
The EX4200 line of Ethernet switches deliver the same HA
functionality and support many of the same failover capabilities
as other Juniper chassis-based systems.
Each EX4200 switch is capable of functioning as a Route Engine.
When two or more EX4200 switches are interconnected, they
share a single control plane among all Virtual Chassis member
switches. When two EX4200 switches are interconnected, Junos
OS automatically initiates an election process to assign a master
(active) and backup (hot-standby) Route Engine. An integrated
Layer 2 and Layer 3 Graceful Route Engine Switchover (GRES)
feature maintains uninterrupted access to applications, services
and IP communications in the unlikely event of a primary RE failure.
Graceful Route
Engine Switchover
(GRES) for hitless
Backup RE
The EX4200 implements the same slot/module/port numbering
schema as other Juniper Networks chassis-based products when
numbering Virtual Chassis ports, providing true chassis-like
operations. By utilizing a consistent operating system and a single
configuration file, all switches in a Virtual Chassis configuration
are treated as a single device, simplifying overall system
maintenance and management.
Individually, the EX4200 offers a number of HA features that are
typically associated with modular chassis-based switches. When
combined with the field-proven Junos OS and L2/L3 failover
capabilities, these features provide the EX4200 with true carrierclass reliability.
• Redundant power supplies: The EX4200 line of Ethernet
switches support internal redundant, load-sharing, hot-swappable
and field-replaceable AC and DC power supplies to maintain
uninterrupted operations. Thanks to their compact footprint, the
EX4200 requires significantly less power than chassis-based
switches delivering equivalent port densities.
• Hot-swappable fan tray with multiple blowers: The EX4200
includes a hot-swappable, field-replaceable fan tray with three
blowers, providing sufficient cooling even if one of the blowers
were to fail.
Features and Benefits
Master RE
When more than two switches are interconnected in a Virtual
Chassis configuration, the remaining switch elements act as line
cards and are available to assume the backup RE position should the
designated master fail. Master, backup and line card priority status
can be assigned by the network operations team to dictate the
order of ascension; this N+1 RE redundancy, coupled with the GRES,
nonstop routing (NSR) and nonstop bridging (NSB) capabilities of
the Junos OS, assures a smooth transfer of control plane functions
following unexpected failures.
Figure 3: Support for Graceful Route Engine Switchover (GRES)
ensures a smooth and seamless transfer of control plane functions
following a master Route Engine failure.
• Redundant Trunk Group (RTG): To avoid the complexities of
the Spanning Tree Protocol (STP) without sacrificing network
resiliency, the EX4200 employs redundant trunk groups to provide
the necessary port redundancy and simplify switch configuration.
• Cross-member link aggregation: Cross-member link aggregation
allows redundant link aggregation connections between devices in
a single Virtual Chassis configuration, providing an additional level
of reliability and availability.
• Carrier-class hardware: The EX4200 leverages a purpose-built
packet forwarding engine ASIC, the EX-PFE, which integrates
much of the same intellectual property used in Juniper Networks
carrier routers. As a result, the EX4200 delivers the same
predictable, scalable functionality found in the world’s largest
• Non-Stop Bridging (NSB) and Non-Stop Routing (NSR): NSB
and NSR on the EX4200 ensure control plane protocols, states
and tables are synchronized between Master and Standby REs to
prevent protocol flaps or convergence issues following a Routing
Engine failover.
• Non-Stop Software Upgrade (NSSU): With NSSU, all members
of a Virtual Chassis system can be upgraded with a single
command. Mission-critical traffic can be configured as a link
aggregate across multiple Virtual Chassis switch members,
ensuring minimal disruption during the upgrade process.
• IPv4 and IPv6 routing support: IPv4 and IPv6 Layer 3 routing
(OSPF and PIM) is available in the base license, enabling highly
resilient networks.
Policy Manager
IC Series UAC Appliances
Steel-Belted Radius
UAC Agent
• Access granted
• VLAN assigned
• QoS policies applied
Firewall Enforcer
Protected Servers
Figure 4: The EX4200 works with the Juniper Networks UAC to enforce access control
down to the individual port level.
Carrier-Class Operating System
The EX4200 runs on Junos OS, the same operating system
software used by Juniper Networks routers to power the world’s
largest and most complex networks.
By utilizing a common operating system, Juniper delivers a
consistent implementation and operation of control-plane
features across all products. To maintain that consistency, Junos
OS adheres to a highly disciplined development process that
utilizes a single source code, follows a single quarterly release
train, and employs a highly available modular architecture that
prevents isolated failures from bringing an entire system down.
These attributes are fundamental to the core value of the
software, enabling all products powered by Junos OS to be
updated simultaneously with the same software release. All
features are fully regression-tested, making each new release a
true superset of the previous version; customers can deploy the
software with complete confidence that all existing capabilities
will be maintained and operate in the same way.
Converged Networks
The EX4200 line of Ethernet switches provide the highest levels
of availability for the most demanding converged data, voice
and video environments, delivering the most reliable platform for
unifying enterprise communications.
By providing Class 3 PoE with 15.4 watts on some or all ports to
power voice over IP (VoIP) telephones, closed-circuit security
cameras, wireless access points, and other IP-enabled devices, the
EX4200 delivers a future-proofed solution for converging disparate
networks onto a single IP infrastructure. Furthermore, any PoE port
can provide up to 18.6 watts to power wireless access points and
other PoE powered devices requiring more than Class 3, 15.4 watts
of PoE. EX4200 PoE+ switches also support 802.3at standardsbased PoE+ for powering networked devices like multiple radio
IEEE 802.11n wireless access points, and video phones that may
require more power than available with IEEE 802.3af.
LLDP-MED-based granular PoE management allows the EX4200
to negotiate PoE usage down to a fraction of a watt on powered
devices, enabling more efficient PoE utilization across the switch.
To ease deployment, the EX4200 supports the industrystandard Link Layer Discovery Protocol (LLDP) and LLDP-Media
Endpoint Discovery (LLDP-MED), which enable the switches to
automatically discover Ethernet-enabled devices, determine their
power requirements and assign virtual LAN (VLAN) parameters.
In addition, the EX4200 supports rich quality of service (QoS)
functionality for prioritizing data, voice and video traffic. The
switches support eight QoS queues on every port, enabling them to
maintain multi-level, end-to-end traffic prioritizations. The EX4200
also supports a wide range of policy options, including priority and
shaped deficit weighted round-robin (SDWRR) queuing.
The EX4200 line of Ethernet switches fully integrate with
the Juniper Networks Unified Access Control (UAC), which
consolidates all aspects of a user’s identity, device and location,
enabling administrators to enforce access control and security
down to the individual port or user levels.
Policy orchestration, enabled via Juniper UAC Enhancement
Protocol (JUEP), enables the EX4200 to construct dynamic
ACLs on a port-by-port basis by associating role/resource access
policies with authorization table entries. This allows the switch
to dynamically create thousands of ACLs or role-based access
policies in a scaled environment.
Additionally, a captive portal redirection feature redirects
URLs from the EX4200 to the Infranet Controller (IC) for user
authentication and authorization, making the IC a “single source
of truth” for user and device authentication and for enforcing rolebased security policies.
Working as an enforcement point within the UAC, the EX4200
provides both standards-based 802.1X port-level access
control as well as Layer 2–4 policy enforcement based on user
identity, location and/or device. A user’s identity, device type,
machine posture check and location can be used to determine
whether access should be granted and for how long. If access is
granted, the switch assigns the user to a specific VLAN based on
authorization levels. The switch can also apply QoS policies or
mirror user traffic to a central location for logging, monitoring or
threat detection by intrusion prevention systems.
The EX4200 also provides a full complement of port security
features including DHCP (Dynamic Host Configuration Protocol)
snooping, DAI (dynamic ARP inspection) and MAC limiting (per
port and per VLAN) to defend against internal and external
spoofing, man-in-the-middle and denial-of-service (DoS) attacks.
MACsec on the EX4200
A MACsec software license enables the EX4200 to provide near
line-rate hardware-based encryption of user traffic on a dualspeed 2x10GbE or 4x1GbE SFP+ MACsec uplink module.
Defined by IEEE 802.1AE, MACsec provides secure, encrypted
communication at the link layer that is capable of identifying and
preventing threats from denial of service (DoS) and intrusion
attacks, as well as man-in-the-middle, masquerading, passive
wiretapping and playback attacks launched from behind the
firewall. When MACsec is deployed on switch ports, all traffic
is encrypted on the wire but traffic inside the switch is not. This
allows the switch to apply all network policies such as Quality of
Service (QoS), deep packet inspection and sFlow to each packet
without compromising the security of packets on the wire.
Hop-by-hop encryption enables MACsec to secure communications
while maintaining network intelligence. In addition, Ethernet-based
WAN networks can use MACsec to provide link security over longhaul connections. MACsec is transparent to Layer 3 and higherlayer protocols and is not limited to IP traffic; it works with any type
of traffic carried over Ethernet links.
Simplified Management and Operations
When employing Virtual Chassis technology, the EX4200
dramatically simplifies network management. Up to 10
interconnected EX4200 switches can be managed as a single
device. Each Virtual Chassis group utilizes a single Junos OS image
file and a single configuration file, reducing the overall number
Building 1
Floor 2
Virtual Chassis
Closet 2.1
The EX4200 also includes port profiles that allow network
administrators to automatically configure ports with security, QoS
and other parameters based on the type of device connected to
the port. Six preconfigured profiles are available, including default,
desktop, desktop plus IP phone, wireless access point, routed uplink
and Layer 2 uplink. Users can select from the existing profiles or
create their own and apply them through the command line interface
(CLI), Junos Web interface or management system.
An EZ touchless provisioning feature allows a DHCP server to
push configuration details and software images to multiple
switches at bootup.
Four system management options are available for the EX4200.
The standard Junos OS CLI management interface offers the same
granular capabilities and scripting parameters found in any device
powered by Junos OS. The EX4200 also includes the integrated
Junos Web management tool, an embedded device manager
that allows users to configure, monitor, troubleshoot and perform
system maintenance on individual switches via a browser-based
graphical interface.
When managing a group of EX4200 switches, the Juniper
Networks Network and Security Manager (NSM) provides systemlevel management across all Juniper switches in the network, from
a single console.
Finally, the EX4200 switch system, performance and fault data
can be exported to leading third-party management systems such
as HP OpenView, IBM Tivoli and Computer Associates Unicenter
software, to provide a complete, consolidated view of network
Building 1
Floor 3
Virtual Chassis
Closet 3.1
10GbE MACsec
Building 1
of units to monitor and manage. When Junos OS is upgraded on
the master switch in a Virtual Chassis configuration, the software
is automatically upgraded on all other member switches at the
same time.
10GbE MACsec Connections
Floor 1
Building 2
Floor 1
EX4550 Virtual Chassis
or EX4550/EX4200 Mixed Virtual Chassis
Closet 1.1
10GbE MACsec Connections
Figure 5: MACsec deployment with EX4200 and EX4550 switches.
Limited Lifetime Warranty
Junos SDK
The EX4200 includes a limited lifetime hardware warranty that
provides return-to-factory switch replacement for as long as
the original purchaser owns the product. The warranty includes
lifetime software updates, advanced shipping of spares within
one business day, and 24x7 JTAC support for 90 days after the
purchase date. Power supplies and fan trays are covered for a
period of five years. For complete details please visit
Juniper offers a Junos Software Developer’s Kit (SDK) that
enables users to create, deploy and validate innovative custom
applications that run on top of the Junos operating system on
EX Series switches, confirming the company’s commitment to
software innovation through network programmability. Junos
SDK simplifies the development and reuse of components for
collaboration while the underlying Junos OS provides security,
robustness and resiliency, creating a widespread platform for
running network applications.
Product Options
Eight EX4200 switch models are available (see Table 1 below).
Table 1: EX4200 Line of Ethernet Switches
Access Port Configuration
PoE Ports*
POE Budget
Power Supply
24-port 10/100/1000BASE-T
8 PoE
1 RU
130 W
320 W AC
24-port 10/100/1000BASE-T
24 PoE+
1 RU
740 W
930 W AC
48-port 10/100/1000BASE-T
8 PoE
1 RU
130 W
320 W AC
48-port 10/100/1000BASE-T
48 PoE+
1 RU
740 W
930 W AC
24-port 100/1000BASE-X (SFP)
1 RU
320 W AC
24-port 10/100/1000BASE-T
1 RU
190 W DC
48-port 10/100/1000BASE-T
1 RU
190 W DC
24-port 100/1000BASE-X (SFP)
1 RU
190 W DC
* All PoE ports 802.3af-compliant @ 15.4W. All PoE+ ports on EX4200-24PX/48PX models 802.3at compliant @ 30 W subject to maximum PoE budget.
** NEBS certified
EX4200 Specifications
Physical Specifications
• Backplane: 128 Gbps Virtual Chassis interconnect to combine up
to 10 units as a single logical device
• Uplink module options:
-- 4-port GbE module with pluggable SFP optics
-- 2-port 10GbE module with pluggable XFP optics
-- Dual-mode 2-port 10GbE SFP+ / 4-port GbE SFP module with
pluggable SFP+/SFP optics
-- Dual-mode 2-port 10GbE SFP+ / 4-port GbE SFP module with
pluggable SFP+/SFP optics and MACsec support
Power Options
• Power supplies: Autosensing; 100-120 V / 200-240 V;
AC 320 W, 600 W and 930 W dual load-sharing hot-swappable
internal redundant power supplies
• Maximum current inrush: 50 amps
• DC power supply: 190 W DC, input voltage range 36 V - 72 V, dual
input feed, dual load-sharing hot-swappable internal redundant
power supplies
• Minimum number of PSUs required for fully loaded chassis:
1 per switch
Dimensions (W x H x D)
• 17.41 x 1.72 x 16.43 in (44.21 x 4.32 x 41.73 cm)
• 1 Desktop installation width noted above, rack-mount width is
17.5 in (44.5 cm)
• Height: 1 RU
• Depth with 320 W AC PSU and 190 W DC PSU noted above,
18.8 in (47.8 cm) with 600/930 W AC PSU
System Weight
• EX4200-24T with 320 W AC PSU: 16.5 lb (7.5 kg)
• EX4200-24P with 600 W AC PSU: 17.2 lb (7.8 kg)
Hardware Specifications
• Switching Engine Model: Store and forward
• DRAM – 1 GB with ECC
• Flash – 1 GB
• CPU – 1 GHz PowerPC CPU
• GbE port density per system:
-- 24P/24T/24F: 28 (24 host ports + four-port GbE uplink module)
-- 48P/48T: 52 (48 host ports + four-port GbE uplink module)
• 10GbE port density per system (all models): 2 (uplink module)
• 100 Mbps optic/connector type: LC SFP fiber supporting 100BASEFX SFP (multimode), LX (single-mode) and
BX (single-strand)
• 10/100/1000BASE-T connector type: RJ-45
• GbE SFP optic/connector type: RJ-45 or LC SFP fiber supporting
1000BASE-T SFP, SX (multimode), LX (single-mode), LH/ZX
(single-mode) and BX (single strand)
• 10GbE XFP optic/connector type: 10GE XFP LC connector,
SR (multimode), LR (single-mode), ER (single-mode) or
ZR (single-mode)
• 10GbE SFP+ optic/connector type: 10GE SFP+ LC connector, SR
(multimode), USR (multimode), LR (single-mode), ER (singlemode), LRM (multimode) and DAC (direct-attach copper)
Physical Layer
• Time Domain Reflectometry (TDR) for detecting cable breaks and
shorts: 24P/24T and 48P/48T only
• Auto MDI/MDIX support: 24P/24T and 48P/48T only (all ports)
• Port speed downshift/setting max advertised speed on
10/100/1000BASE-T ports: 24P/24T and 48P/48T only, on
all ports
• Digital optical monitoring for optical ports
• EX4200-48T with 320 W AC PSU: 17.1 lb (7.8 kg)
Packet Switching Capacities (Maximum with
64 Byte Packets)
• EX4200-48P with 930 W AC PSU: 18.2 lb (8.3 kg)
• 24P/24T: 88 Gbps
• EX4200-48PX with 930 W AC PSU: 19 lb (8.61 kg)
• 48P/48T: 136 Gbps
• EX4200-24F with 320 W AC PSU: 16.1 lb (7.3 kg)
• 24F: 88 Gbps
• EX4200-24T-DC with 190 W DC PSU: 16.5 lb (7.5 kg)
• EX4200-48T-DC with 190 W DC PSU: 17.1 lb (7.8 kg)
Aggregate Switch Capacities (Maximum with
64 Byte Packets)
• EX4200-24F-DC with 190 W DC PSU: 16.1 lb (7.3 kg)
• 24P/24T/24F: 216 Gbps
Environmental Ranges
• 48P/48T: 264 Gbps
• Operating temperature: 32° to 113° F (0° to 45° C)
• Storage temperature: -40° to 158° F (-40° to 70° C)
Layer 2/Layer 3 Throughput (Mpps) (Maximum
with 64 Byte Packets)
• Operating altitude: up to 10,000 ft (3,049 m)
• 24P/24T: 65 Mpps (wire speed)
• Non-operating altitude: up to 16,000 ft (4,877 m)
• 48P/48T: 101 Mpps (wire speed)
• Relative humidity operating: 10% to 85% (noncondensing)
• 24F: 65 Mpps (wire speed)
• Relative humidity non-operating: 0% to 95% (noncondensing)
Layer 2 Switching
• EX4200-24PX with 930 W AC PSU: 18 lb (8.16 kg)
• Max MAC addresses per system: 32,000
• Field-replaceable fan tray with multiple blowers (3)
• Jumbo frames: 9216 Bytes
• Switch remains operational even if one blower fails
• Number of VLANs: 4,096
• Airflow: 20.3 cfm
• VST instances: 253
• Port-based VLAN
• MAC-based VLAN
• Voice VLAN
EX4200 Specifications (continued)
Layer 2 Switching (continued)
Supported RFCs
• Physical port redundancy: Redundant trunk group (RTG)
• RFC 768 UDP
• Compatible with PVST+
• RFC 783 TFTP
• RVI (Routed VLAN Interface)
• RFC 791 IP
• IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
• RFC 792 ICMP
• LLDP-MED with VoIP integration
• RFC 793 TCP
• IEEE 802.1D: Spanning Tree Protocol
• RFC 826 ARP
• IEEE 802.1p: CoS prioritization
• RFC 854 Telnet client and server
• IEEE 802.1Q: VLAN tagging
• RFC 894 IP over Ethernet
• IEEE 802.1s: Multiple instances of Spanning Tree Protocol (MSTP)
• RFC 903 RARP
• Number of MST instances supported: 64
• RFC 906 TFTP Bootstrap
• Number of VSTP instances supported: 253
• RFC 951, 1542 BootP
• IEEE 802.1w: Rapid reconfiguration of Spanning Tree Protocol
• RFC 1027 Proxy ARP
• IEEE 802.1X: Port Access Control
• RFC 1058 RIP v1
• IEEE 802.1ak: Multiple Registration Protocol
• RFC 1112 IGMP v1
• IEEE 802.3: 10BASE-T
• RFC 1122 Host Requirements
• IEEE 802.3u: 100BASE-T
• IEEE 802.3ab: 1000BASE-T
• RFC 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual
Environments (TCP/IP transport only)
• IEEE 802.3z: 1000BASE-X
• RFC 1256 IPv4 ICMP Router Discovery (IRDP)
• IEEE 802.3ae: 10 Gigabit Ethernet
• RFC 1492 TACACS+
• IEEE 802.3af: Power over Ethernet
• RFC 1519 CIDR
• IEEE 802.3x: Pause Frames/Flow Control
• RFC 1587 OSPF NSSA Option
• IEEE 802.3ad: Link Aggregation Control Protocol
• RFC 1591 DNS
• IEEE 802.3ah: Ethernet in the First Mile
• RFC 1745 BGP4/IDRP for IP-OSPF Interaction
• Metro
• RFC 1771 Border Gateway Protocol 4
-- PVLAN support
• RFC 1812 Requirements for IP Version 4 Routers
-- IEEE 802.1ag connectivity fault management
• RFC 1965 Autonomous System Confederations for BGP
-- ITU-T G803.2
• RFC 1981 Path MTU Discovery for IPv6
-- ITU-T Y.1731
• RFC 1997 BGP Communities Attribute
-- IEEE 802.1ad Q-in-Q
• RFC 2030 SNTP, Simple Network Time Protocol
-- Multicast VLAN routing
• RFC 2068 HTTP server
Layer 3 Features: IPv4
• Max number of ARP entries: 16,000
• Max number of IPv4 unicast routes in hardware: 16,000
• Max number of IPv4 multicast routes in hardware: 8,000
• Routing protocols: RIPv1/v2, OSPF, BGP, IS-IS
• Static routing
• Routing policy
• Bidirectional Forwarding Detection
• Layer 3 redundancy: VRRP
• IPv4/v6 GRE tunneling
Layer 3 Features: IPv6
• Max number of Neighbor Discovery (ND) entries: 16,000
(shared with IPv4)
• Max number of IPv6 unicast routes in hardware: 4,000
• Max number of IPv6 multicast routes in hardware: 2,000
• Routing protocols: RIPng, OSPFv3, IPv6, ISIS, BGP4+, PIM, MLD,
• RFC 2080 RIPng for IPv6
• RFC 2131 BOOTP/DHCP relay agent and DHCP server
• RFC 2138 RADIUS Authentication
• RFC 2139 RADIUS Accounting
• RFC 2154 OSPF w/Digital Signatures (Password, MD-5)
• RFC 2236 IGMP v2
• RFC 2267 Network Ingress Filtering
• RFC 2283 Multiprotocol Extensions for BGP-4
• RFC 2328 OSPF v2 (Edge-mode)
• RFC 2338 VRRP
• RFC 2362 PIM-SM (Edge-mode)
• RFC 2370 OSPF Opaque LSA Option
• RFC 2385 TCP MD5 Authentication for BGPv4
• RFC 2439 BGP Route Flap Damping
• RFC 2453 RIP v2
• RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
• RFC 2461 Neighbor Discovery for IP Version 6 (IPv6)
• Static routing
• RFC 2463 Internet Control Message Protocol (ICMPv6) for the
Internet Protocol Version 6 (IPv6) Specification
• RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
• Circuit Cross Connect (CCC)
• RFC 2474 DiffServ Precedence, including 8 queues/port
• Multicast snooping MLD v1/v2
• RFC 2475 DiffServ Core and Edge Router Functions
• VRF-Lite
• RFC 2526 Reserved IPv6 Subnet Anycast Addresses
• RFC 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 InterDomain Routing
EX4200 Specifications (continued)
• RFC 2597 DiffServ Assured Forwarding (AF)
Access Control Lists (ACLs) (Junos OS
firewall filters)
• RFC 2598 DiffServ Expedited Forwarding (EF)
• Port-based ACL (PACL) – Ingress and Egress
• RFC 2740 OSPF for IPv6
• VLAN-based ACL (VACL) – Ingress and Egress
• RFC 2784 Generic Routing Encapsulation (GRE)
• Router-based ACL (RACL) – Ingress and Egress
• RFC 2796 BGP Route Reflection (supersedes RFC 1966)
• ACL entries (ACE) in hardware per system: 7,000
• RFC 2796 Route Reflection
• ACL counter for denied packets
• RFC 2918 Route Refresh Capability for BGP-4
• ACL counter for permitted packets
• RFC 2925 MIB for Remote Ping, Trace
• RFC 3176 sFlow
• Ability to add/remove/change ACL entries in middle of list
(ACL editing)
• RFC 3376 IGMP v3
• Layer 2 – L4 ACL
• RFC 3392 Capabilities Advertisement with BGP-4
• 802.1X port-based
• RFC 3484 Default Address Selection for Internet Protocol Version
6 (IPv6)
• 802.1X multiple supplicants
• RFC 3513 Internet Protocol Version 6 (IPv6) Addressing
• 802.1X with authentication bypass access (based on host MAC
• RFC 3569 draft-ietf-ssm-arch-06.txt PIM-SSM PIM Source
Specific Multicast
• 802.1X with VoIP VLAN support
• RFC 3579 RADIUS EAP support for 802.1x
• 802.1X Supported EAP types: MD5, TLS, TTLS, PEAP
• RFC 3618 MSDP
• TNC certified
• RFC 3623 OSPF Graceful Restart
• MAC Authentication (RADIUS)
• RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers
• Control Plane DoS protection
• RFC 4291 IP Version 6 Addressing Architecture
High Availability
• RFC 4360 BGP Extended Communities Attribute
• RFC 4443 ICMPv6 for the IPv6 Specification
• Non-Stop Routing (NSR) - PIM, OSPF v2 and v3, RIP v2, RIPnG,
BGP, BGPv6, ISIS, IGMP v1, v2, v3
• RFC 4486 Subcodes for BGP Cease Notification message
• Non-Stop Software Upgrade (NSSU)
• RFC 4541 IBMP and MLD snooping services
• Redundant, hot-swappable power supplies
• RFC 4861 Neighbor Discovery for IPv6
• Redundant, field-replaceable, hot-swappable fans
• RFC 4862 IPv6 Stateless Address Autoconfiguration
• RFC 4915 MT-OSPF
• Graceful Route Engine Switchover (GRES) for Layer 2 hitless
forwarding and Layer 3 protocols on RE failover
• RFC 5176 Dynamic Authorization Extensions to RADIUS
• Graceful protocol restart – OSPF, BGP
• RFC 5798 VRRPv3 for IPv6
• Layer 2 hitless forwarding on RE failover
• Draft-ietf-bfd-base-05.txt Bidirectional Forwarding Detection
• Online insertion and removal (OIR) uplink module
• Draft-ietf-idr-restart-10.txt Graceful Restart Mechanism for BGP
• Non-Stop Bridging (NSB) - LACP
• Draft-ietf-isis-restart-02 Restart Signaling for IS-IS
Link Aggregation
• Draft-ietf-isis-wg-multi-topology-11 Multi Topology (MT) Routing
in IS-IS
• 802.3ad (LACP) support:
• Internet draft-ietf-isis-ipv6-06.txt, Routing IPv6 with IS-IS
• Max number of ports per LAG: 8
• LAG load-sharing algorithm – Bridged or Routed (Unicast or
Multicast) Traffic:
Supported RFCs (continued)
• ITU-T Y.1731
• LLDP Media Endpoint Discovery (LLDP-MED), ANSI/TIA-1057,
draft 08
• PIM-DM Draft IETF PIM Dense Mode draft-ietf-idmr-pim-dm-05.
txt, draft-ietf-pim-dm-new-v2-04.txt
• MAC limiting (per port and per VLAN)
• Allowed MAC addresses – configurable per port
• 802.1X with VLAN assignment
• 802.1X dynamic ACL based on RADIUS attributes
• Number of LAGs supported: 64
• IP: S/D IP
• TCP/UDP: S/D IP, S/D Port
• Non-IP: S/D MAC
• Tagged ports support in LAG
• Layer 2 QoS
• Dynamic ARP inspection (DAI)
• Layer 3 QoS
• IP source guard
• Ingress policing: 1 rate 2 color
• Local proxy ARP
• Hardware queues per port: 8
• Static ARP support
• DHCP snooping
• Scheduling methods (egress): Strict priority (SP), Shaped Deficit
Weighted Round-Robin (SDWRR)
• Captive Portal
• 802.1p, DSCP/IP Precedence trust and marking
• Persistent MAC address configurations
• Layer 2-4 classification criteria: Interface, MAC address, Ethertype,
802.1p, VLAN, IP address, DSCP/IP Precedence, TCP/UDP port
numbers, etc.
• DDoS protection (CPU control path flooding protection)
• Congestion avoidance capabilities: Tail Drop
*Unless explicitly specified for any particular MIB table or variables, Junos OS does not support SNMP set operations.
EX4200 Specifications (continued)
• RFC 2579 SNMP Textual Conventions for SMIv2
• IGMP: v1, v2, v3
• RFC 2665 Ethernet-like interface MIB
• IGMP snooping
Services and Manageability
• RFC 2863 Interface Group MIB
Junos OS CLI
Web interface
Out-of-band management: Serial; 10/100/1000BASE-T Ethernet
ASCII configuration
Rescue configuration
Configuration rollback
Image rollback
LCD management
Element management tools: Network and Security
Manager (NSM)
Remote performance monitoring
Junos SDK
Proactive services support via Advanced Insight Solutions (AIS)
SNMP: v1, v2c, v3
RMON (RFC 2819) Groups 1, 2, 3, 9
DHCP server
DHCP client and DHCP proxy
DHCP relay and helper
DHCP local server support
Service Now for automated fault detection, simplified trouble
ticket management and streamlined operations
Secure copy
DNS resolver
Syslog logging
Temperature sensor
Config-backup via FTP / secure copy
Interface range specification
Port profile associations
Supported MIBs*
• RFC 2863 Interface MIB
• RFC 2925 Ping/Traceroute MIB
• RFC 2932 IPv4 Multicast MIB
• RFC 3413 SNMP Application MIB
• RFC 3414 User-based Security model for SNMPv3
• RFC 3415 View-based Access Control Model for SNMP
• RFC 3621 PoE-MIB (PoE switches only)
• RFC 4188 STP & Extensions MIB
• RFC 4363 Definitions of Managed Objects for Bridges with Traffic
Classes, Multicast Filtering and VLAN extensions
• RFC 5643 OSPF v3 MIB support
• Draft – blumenthal – aes – usm - 08
• Draft – reeder - snmpv3 – usm - 3desede -00
• Draft-ietf-bfd-mib-02.txt
• Draft-ietf-idmr-igmp-mib-13
• Draft-ietf-idmr-pim-mib-09
• Draft-ietf-idr-bgp4-mibv2-02.txt – Enhanced BGP-4 MIB
• Draft-ietf-isis-wg-mib-07
• Debugging: CLI via console, Telnet or SSH
• Diagnostics: Show and debug cmd, statistics
• Traffic mirroring (port)
• Traffic mirroring (VLAN)
• ACL-based mirroring
• Mirroring destination ports per system: 1
• LAG port monitoring
• Multiple destination ports monitored to 1 mirror (N:1)
• Max number of mirroring sessions: 1
• Mirroring to remote destination (over L2): 1 destination VLAN
• IP tools: Extended ping & trace
• Juniper Networks commit and rollback
• RFC 1155 SMI
• RFC 1157 SNMPv1
• Limited lifetime switch hardware warranty
• RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB & TRAPs
Safety and Compliance
• RFC 1493 Bridge MIB
• RFC 1643 Ethernet MIB
• RFC 1657 BGP-4 MIB
• RFC 1724 RIPv2 MIB
• RFC 1850 OSPFv2 MIB
• RFC 1905 RFC 1907 SNMP v2c, SMIv2 and Revised MIB-II
• RFC 2011 SNMPv2 for internet protocol using SMIv2
• RFC 2012 SNMPv2 for transmission control protocol using SMIv2
• RFC 2013 SNMPv2 for user datagram protocol suing SMIv2
• RFC 2096 IPv4 Forwarding Table MIB
• RFC 2287 System Application Packages MIB
• RFC 2570 – 2575 SNMPv3, user based security, encryption and
• RFC 2576 Coexistence between SNMP Version 1, Version 2 and
Version 3
• RFC 2578 SNMP Structure of Management Information MIB
Safety Certifications
• UL-UL60950-1(First Edition)
• C-UL to CAN/CSA 22.2 No. 60950-1 (First Edition)
• TUV/GS to EN 60950-1, Amendment A1-A4, A11
• CB-IEC60950-1, all country deviations
Electromagnetic Compatibility Certifications
• FCC 47CFR Part 15 Class A
• EN 55022 Class A
• ICES-003 Class A
• VCCI Class A
• AS/NZS CISPR 22 Class A
• CISPR 22 Class A
• EN 55024
• EN 300386
• CE
Ordering Information
• GR-63-Core: NEBS, Physical Protection
• GR-1089-Core: EMC and Electrical Safety for Network
Telecommunications Equipment
Model Number
24-port 10/100/1000BASE-T (8 PoE ports) +
320 W AC PSU. Includes 50cm Virtual Chassis
24-port 10/100/1000BASE-T (24 PoE ports) +
600 W AC PSU. Includes 50cm Virtual Chassis
24-port 10/100/1000BASE-T (24 PoE+ ports)
+ 930 W AC PSU. Includes 50cm Virtual
Chassis cable.
48-port 10/100/1000BASE-T (8 PoE ports) +
320 W AC PSU. Includes 50cm Virtual Chassis
48-port 10/100/1000BASE-T (48 PoE ports)
+ 930 W AC PSU. Includes 50cm Virtual
Chassis cable.
48-port 10/100/1000BASE-T (48 PoE+ ports)
+ 930 W AC PSU. Includes 50cm Virtual
Chassis cable.
• TL9000
24-port 100/1000BASE-X SFP + 320 W AC
PSU. Includes 50cm Virtual Chassis cable.
Trusted Network Connect
24-port 10/100/1000BASE-T + 190 W DC
PSU. Includes 50cm Virtual Chassis cable.
48-port 10/100/1000BASE-T + 190 W DC
PSU. Includes 50cm Virtual Chassis cable.
24-port 100/1000BASE-X SFP + 190 W DC
PSU. Includes 50cm Virtual Chassis cable.
Trade Agreement Act-compliant 24-port
10/100/1000BASE-T (8 PoE ports) + 320 W
AC PSU. Includes 50cm Virtual Chassis cable.
Trade Agreement Act-compliant 24-port
10/100/1000BASE-T (24 PoE ports) + 600 W
AC PSU. Includes 50cm Virtual Chassis cable.
Trade Agreement Act-compliant 48-port
10/100/1000BASE-T (8 PoE ports) + 320 W
AC PSU. Includes 50cm Virtual Chassis cable.
Trade Agreement Act-compliant 48-port
10/100/1000BASE-T (48 PoE ports) + 930 W
AC PSU. Includes 50cm Virtual Chassis cable.
Trade Agreement Act-compliant 24-port
100BASE-FX/1000BASE-X SFP + 320 W AC
PSU. Includes 50cm Virtual Chassis cable.
• All models except EX4200-24P and EX4200-48P
• Reduction of Hazardous Substances (ROHS) 5
• CLEI code
Joint Interoperability Test Command (JITC)
• Department of Defense (DoD) Unified Capabilities (UC) Approved
Products List (APL)
Common Criteria
Metro Ethernet Forum
• MEF 9
Telecom Quality Management
• FIPS 140-2 Level 1
Noise Specifications
Noise measurements based on operational tests taken from
bystander position (front) and performed at 23° C in compliance
with ISO 7779.
Power Supply
Acoustic Noise
in dBA
320 W AC
600 W AC
930 W AC
320 W AC
320 W AC
930 W AC
930 W AC
190 W DC
190 W DC
190 W DC
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services
that are designed to accelerate, extend, and optimize your
high-performance network. Our services allow you to maximize
operational efficiency while reducing costs and minimizing
risk, achieving a faster time to value for your network. Juniper
Networks ensures operational excellence by optimizing the
network to maintain required levels of performance, reliability, and
availability. For more details, please visit
Virtual Chassis Port cable 0.5 M length
Virtual Chassis Port cable 1 M length
Virtual Chassis Port cable 3 M length
Virtual Chassis Port cable 5 M length
Mounting Options
Adjustable 4-post rack-mount kit for EX4200
and EX3200
Rack-mount kit for EX2200, EX3200, EX4200
and EX4550
EX4200 and EX3200 wall-mount kit
EX4200 Feature Licenses**
Advanced Feature License for EX4200-24T,
EX4200-24T-DC, EX4200-24P, EX4200-24F
and EX4200-24F-DC switches
Advanced Feature License for EX4200-48T,
EX4200-48T-DC and EX4200-48P switches
MACsec Software License for EX4200 access
* E
ach switch comes with one power supply, RJ-45 cable, RJ-45-to-DB-9 serial port adapter,
19” rack-mount kit, and Virtual Chassis cable and connector retainer. Each system also
ships with a power cord for the country to which it is being shipped. The EX4200-24F also
comes with fiber port dust covers.
** AFL includes licenses for IS-IS, BGP and MPLS.
Not available in Russia and CIS countries.
Ordering Information (continued)
Model Number
Uplink Modules
2-port 10GbE XFP Uplink Module
4-port GbE SFP Uplink Module
2-port 10GbE SFP+ / 4-port GbE SFP Uplink
2-port 10GbE SFP+ / 4-port GbE SFP Uplink
Module with MACsec Support
Power Supplies
320 W AC Power Supply Unit (PSU)
600 W AC Power Supply Unit (PSU)
930 W PoE+ AC Power Supply Unit (PSU)
190 W DC Power Supply Unit (PSU)
Pluggable Optics
Model Number
SFP 1000BASE-BX; Tx 1310nm/Rx 1550nm
for 40km transmission on single-strand,
single-mode fiber
SFP 1000BASE-BX; Tx 1550nm/Rx 1310nm
for 40km transmission on single-strand,
single-mode fiber
SFP 1000BASE-LH; LC connector; 1550nm;
70km reach on single-mode fiber
XFP 10GBASE-SR; LC connector; 850nm;
300m reach on 50 microns multimode fiber;
33m on 62.5 microns multimode fiber
XFP 10GBASE-LR; LC connector; 1310nm;
10km reach on single-mode fiber
XFP 10GBASE-ER; LC connector; 1550nm;
40km reach on single-mode fiber
XFP 10GBASE-ZR; LC connector; 1550nm;
80km reach on single-mode fiber
SFP+ 10GBASE-SR; LC connector; 850nm;
300m reach on 50 microns multimode fiber;
33m on 62.5 microns multimode fiber
SFP+ 10GBASE-LRM; LC connector; 1310nm;
220m reach on multimode fiber
SFP+ 10GBASE-LR; LC connector; 1310nm;
10km reach on single-mode fiber
SFP+ 10 Gigabit Ethernet Direct Attach Copper
(twinax copper cable), where “x” denotes 1, 3,
5 or 7 meter lengths
SFP 100BASE-FX; LC connector; 1310nm;
2km reach on multimode fiber
SFP 100BASE-LX; LC connector; 1310nm;
10km reach on single-mode fiber
SFP 100BASE-LX; LC connector; 1310nm;
40km reach on single-mode fiber
SFP 100BASE-LX; LC connector; 1310nm;
80km reach on single-mode fiber
SFP 100BASE-BX; LC connector; TX 1310nm/
RX 1550nm; 20km reach on single-strand,
single-mode fiber
SFP 100BASE-BX; LC connector; TX 1550nm/
RX 1310nm; 20km reach on single-strand,
single-mode fiber
SFP+ 10GBASE-ER 10 Gigabit Ethernet Optics,
1550nm for 40km transmission on singlemode fiber
SFP 10/100/1000BASE-T copper; RJ-45
connector; 100m reach on UTP
SFP 1000BASE-SX; LC connector; 850nm;
550m reach on multimode fiber
SFP+ 10 Gigabit Ethernet Ultra Short Reach
Optics, 850 nm for 10m on OM1, 20m on OM2,
100m on OM3 multimode fiber
SFP 1000BASE-LX; LC connector; 1310nm;
10km reach on single-mode fiber
SFP 1000BASE-BX; Tx 1310nm/Rx 1490nm
for 10km transmission on single-strand,
single-mode fiber
XFP 10GBASE DWDM, LC connector, tunable
across C-band 50 GHz channel spacing
(compliant with ITU-T G.698.1); 80km reach
on single-mode fiber
SFP Gigabit Ethernet CWDM, LC connector;
xxxx nm where xxxx represents 1470, 1490,
1510, 1530, 1550, 1570, 1590 or 1610; 80km
reach on single-mode fiber
SFP 1000BASE-BX; Tx 1310nm/Rx 1550nm
for 10km transmission on single-strand,
single-mode fiber
SFP 1000BASE-BX; Tx 1490nm/Rx 1310nm
for 10km transmission on single-strand,
single-mode fiber
SFP 1000BASE-BX; Tx 1550nm/Rx 1310nm
for 10km transmission on single-strand,
single-mode fiber
SFP 1000BASE-LX; LC connector; 1310nm;
40km reach on single-mode fiber
About Juniper Networks
Juniper Networks is in the business of network innovation. From
devices to data centers, from consumers to cloud providers,
Juniper Networks delivers the software, silicon and systems that
transform the experience and economics of networking. The
company serves customers and partners worldwide. Additional
information can be found at
*Not available in Russia and CIS countries.
Corporate and Sales Headquarters
APAC and EMEA Headquarters
Juniper Networks, Inc.
Juniper Networks International B.V.
1194 North Mathilda Avenue
Boeing Avenue 240
Sunnyvale, CA 94089 USA
1119 PZ Schiphol-Rijk
Phone: 888.JUNIPER (888.586.4737)
Amsterdam, The Netherlands
or 408.745.2000
Fax: 408.745.2100
Copyright 2013 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos and QFabric are
registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks,
registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise
revise this publication without notice.
1000215-020-EN Aug 2013
Printed on recycled paper
To purchase Juniper Networks solutions,
please contact your Juniper Networks
representative at 1-866-298-6428 or
authorized reseller.