EX3400 Ethernet Switches are a cost-effective solution for highly demanding converged data, voice, and video enterprise access networks. The compact, fixed-configuration 1U devices offer levels of performance and management. This model offers 24 10/100/1000BASE-T ports, the EX3400 switch also supports IEEE 802.3af Power over Ethernet for powering networked telephones, video cameras, wireless LAN access points, and other IP devices. Four front-panel dual-mode (GbE/10GbE) SFP/SFP+ uplink ports and two 40GbE QSFP+ ports are also available for connecting the switches to upstream devices. The EX3400 supports Juniper’s unique Virtual Chassis technology for interconnecting up to 10 switches that can be managed as a single device. The EX3400 can also be configured as a satellite device in a Junos Fusion Enterprise deployment, which aggregates large numbers of access switches into a logical management platform.
Power
The EX3400 supports the 802.3af Class 3 Power over Ethernet standards for supporting networked devices such as telephones, video cameras, IEEE 802.11ac WLAN access points, and videophones in converged networks. While EX3400 switches ship with a single power supply by default, they can support redundant power supplies that provide PoE (15.4 W) or PoE+ (30 W) power to all ports in the switch. Spare power supplies can be ordered as needed.
Security
The EX3400 switches fully interoperate with Juniper Networks Access Policy Infrastructure, which consolidates all aspects of a user's identity, device, and location, enabling administrators to enforce access control and security down to the inpidual port or user levels. Working as an enforcement point in the Access Policy Infrastructure, the EX3400 provides both standards-based 802.1X port-level access control and Layer 2-4 policy enforcement based on user identity, location, device, or a combination of these. A user's identity, device type, machine posture check, and location can be used to not only grant or deny access but also to determine the duration of access. If access is granted, the switch assigns the user to a specific VLAN based on authorization levels. The switch can also apply QoS policies or mirror user traffic to a central location for logging, monitoring, or threat detection by an intrusion prevention system (IPS). The EX3400 also provides a full complement of port security features, including Dynamic Host Configuration Protocol (DHCP) snooping, dynamic ARP inspection (DAI), and media access control (MAC) limiting to defend against man-in-the-middle and denial-of-service (Dos) attacks.
MACsec
EX3400 switches support IEEE 802.1ae MACsec, providing support for link-layer data confidentiality, data integrity, and data origin authentication. The MACsec feature enables the EX3400 to support 88 Gbps of near line-rate hardware-based traffic encryption on all GbE and 10GbE ports. Defined by IEEE 802.1AE, MACsec provides secure, encrypted communication at the link layer that is capable of identifying and preventing threats from Dos and intrusion attacks, as well as man-in-the-middle, masquerading, passive wiretapping, and playback attacks launched from behind the firewall. When MACsec is deployed on switch ports, all traffic is encrypted on the wire but traffic inside the switch is not. This allows the switch to apply all network policies such as QoS, deep packet inspection, and sFlow to each packet without compromising the security of packets on the wire.
High availability
The EX3400 Ethernet switch is designed to support many of the same failover capabilities and high availability (HA) functionality as other Juniper EX access switches with Virtual Chassis technology. Each EX3400 switch is capable of functioning as a Routing Engine (RE) when deployed in a Virtual Chassis configuration. When two or more EX3400 switches are interconnected in a Virtual Chassis configuration, all member switches share a single control plane. An integrated Layer 2 and Layer 3 graceful Routing Engine switchover (GRES) feature maintains uninterrupted access to applications, services, and IP communications in the unlikely event of a master Routing Engine failure.
