Skip to content

Switch Management

Overview

The Switches section of the admin panel (/admin/switches) provides visibility into all managed Juniper switches and their configuration backups.

Switch Backups

Automatic Backups

Backups are taken automatically in two scenarios:

  1. Pre-change backups -- Before any automated switch configuration change (VMAC binding, port security event, apply-all), the current configuration is saved. Trigger label: vmac_change or apply_all
  2. Scheduled backups -- Configured in Settings > Switches, runs at specified hours daily. Trigger label: scheduled

Manual Backups

Click Backup on any switch detail page to take an immediate configuration backup. Trigger label: user:<id>

Retention

Old backups are automatically pruned when the count exceeds the configured maximum (default: 100 per switch). Oldest backups are deleted first.

Restoring a Backup

  1. Go to /admin/switches/{id}
  2. Find the backup you want to restore
  3. Click View to inspect the configuration
  4. Click Restore to push it back to the switch

Warning

Restoring a backup does a full configuration override on the switch. This will replace all current switch configuration, not just port security bindings.

Apply All Bindings

The Apply All Bindings button on the Switches index page re-pushes every MAC/IP binding across the entire network in one operation:

What It Does

  1. Proxmox nodes -- For each node configured in Settings > Proxmox (port security interface):

    • Queries the Proxmox API for all VMs and their MACs
    • Resolves IPs from the guest agent or Tenantos reverse-lookup
    • Resolves VLANs and filters to the allowlist
    • Takes a switch backup
    • Full replaces all bindings on the configured uplink port

  2. Dedicated servers -- For every server in Tenantos with an automation-enabled switch connection (excluding Proxmox node hosts):

    • Fetches all assigned IPs from Tenantos
    • Checks for active VMACs in the wsh_infra database
    • Builds bindings: primary IP -> PXE MAC, VMAC IPs -> their VMACs
    • Takes a switch backup
    • Full replaces all bindings on the server's switch port

When to Use It

  • After changing the VLAN allowlist
  • After a switch reboot or firmware upgrade
  • To verify switch state matches the database
  • After bulk server provisioning

Settings

Switches Tab (Settings > Switches)

Setting Description
Backup schedule Hours to run daily backups (e.g., 3,15 for 03:00 and 15:00)
Max backups per switch Retention limit -- oldest are pruned automatically
Allowed VLANs VLAN IDs eligible for port security automation (e.g., 13,100,200). Leave blank to allow all