Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Step 1: Begin


The goal of this Day One+ guide is to get you up and running with the Juniper AI-driven network and see what it can do for you. As you’ll see, both the onboarding and provisioning of the physical devices (your switches and access points) are highly automated. There’s nothing to install on your workstation, and for the most part, nothing to configure in the Junos OS CLI. All the features are available through the portal on the cloud.

We’ll start by connecting a Juniper switch to the Juniper Mist cloud architecture, and then we’ll look at some key features in the cloud-hosted Juniper Mist portal. There are more than 100 types of service-level expectations (SLEs) that are available, in real time, through the dashboards on the portal. These SLEs measure key compliance metrics for your wired network and result in vastly simpler operations, streamlined troubleshooting, and better visibility into your users’ network experience.

The following illustration gives a quick overview of the Juniper AI-driven network. It shows how Juniper Mist cloud services use telemetry from the physical infrastructure to develop AI-powered automation that is delivered through the cloud and accessible from the portal.

One thing to mention: Juniper Mist cloud architecture supports location services and contact tracing, but we’re not going to get into those things here. For more information on these and a bunch of other features, you can check out our website.

Before You Begin

The switch you’re connecting needs to be able to reach to the Juniper Mist cloud architecture over the Internet. So, if there’s a firewall between the cloud and the switch, you need to allow outbound access on TCP port 2200. Once the switch connects to the Juniper Mist cloud, it automatically downloads the necessary commands to the Junos OS and completes the provisioning. If you don’t want to use this automated procedure, or if the switch you’re connecting isn’t set up for it, then connect the switch to an DNS server (you'll still need to allow outbound access through the firewall).

You’ll also need:

  • Physical access to the switch to connect the cables

  • Login credentials for the Juniper Mist portal

  • An activation code to adopt the switch and any Juniper access points that are part of your order

  • A user account on the switch to make CLI configurations (only applies to the brownfield option, which is described later)

  • A supported Juniper EX Series switch running a supported version of Junos OS

Here’s a summary of supported Juniper EX Series switches driven by Mist AI:

Connect to the Juniper Mist Cloud Architecture

There are two kinds of switches when it comes to connecting to the Juniper Mist cloud architecture: greenfield and brownfield. Greenfield switches are typically new and come cloud-ready, which means you can add them to the Juniper Mist cloud automatically using the zero touch provisioning (ZTP) option. As the name implies, this is fast and simple—connect the switch to the network, open a path to the Internet, and let the cloud architecture make the remaining configurations. As part of the ZTP process, the switch automatically accesses what’s known as a phone-home server, which brokers a connection to the Juniper Mist cloud architecture and coordinates the necessary Junos OS configuration updates. If you don’t want to use the phone-home server, you can configure the switch to use a DHCP server instead. The point is, the switch needs to be able to resolve the Juniper Mist cloud address, and either method will do.

Brownfield switches are typically those that are already in use somewhere on the network, and now you want to connect them to the Juniper Mist cloud. Connecting brownfield switches to the cloud is also pretty straightforward, but you need to do the configurations by hand using the Junos OS CLI. We’ll cover both cases.

Connect a Greenfield Switch

  1. Start by unboxing your switch, if you haven’t already, and then connect the management port to the Internet and power on the switch.
  2. Open a Web browser and log in to your Juniper Mist account. The Monitor page appears, showing an overview of the Juniper Mist cloud architecture and any Juniper access points and clients that are already connected.
  3. In the menu on the left, click Organization > Inventory to open that page.

    Here’s a picture of the Inventory page we’re talking about:

  4. Select Switches at the top of the Inventory page, and then click the Claim Switches button and enter the activation code for the switch.

    Here’s a picture of the Claim Switches page:

  5. Fill in the other fields as appropriate for your network. Select Manage configuration with Juniper Mist and then enter a root password for the switch.

    Note that this choice puts the switch under the management of the Juniper Mist portal, and as such, we recommend that local configuration using the CLI be restricted to prevent conflicts (for example, you might want to create a system login message on the switch to warn against making configuration changes locally, from the CLI).

Once the ZTP process is finished, the switch automatically appears in the Inventory page. If the switch doesn’t appear after a few minutes, despite refreshing the webpage, log out and then log back in.

Connect a Brownfield Switch

Back Up Your Configuration

It is important to back up your existing Junos OS configuration because when once you adopt the switch into the Juniper Mist cloud architecture, the old configuration is completely replaced.

  • In Junos OS, run the request system software configuration-backup path command to save the currently active configuration and any installation-specific parameters.

Once the switch is adopted, you should manage it exclusively from the Juniper Mist portal and not the local CLI. As such, consider taking the following actions:

  • Create a system login message on the switch to warn users against making configuration changes locally, from the Junos OS

  • Restrict management access by changing account passwords

  • Place restrictions on existing user accounts

To connect a brownfield switch, you'll need to use the Junos OS CLI to make some configuration changes to the Juniper Mist portal and to the switch. Be sure you can log in to both.

  1. Log in to your organization on the Juniper Mist portal and then click Organization > Inventory in the menu.
  2. Select Switches at the top of the page that appears, and then click the Adopt Switch button in the upper-right corner to generate the Junos OS CLI commands needed for the interoperability (these commands create a Juniper Mist user account and an SSH connection to the Juniper Mist cloud architecture over TCP port 2200).

    Here’s what the Switch Adoption page looks like:

  3. From the Switch Adoption page, click Copy to Clipboard to get the commands.
  4. In the Junos OS CLI, type edit to start configuration mode, and then paste the commands you just copied (type top if you are not already at the base level of the hierarchy).
  5. Back in the Juniper Mist portal, click Organization > Inventory > Switches and select the switch you just added.
  6. Click the More drop-down list at the top of the page, and then click the Assign to Site button to continue making your selections as prompted.
  7. Confirm your updates on the switch by running show commands at the [system services] hierarchy level, and again at the [system login user juniper-mist] hierarchy level.
    show system services
    show system login user mist

Now that the switch can register with the Juniper Mist portal, the next thing to do is to add the switch to a site and assign access points. You do this from the portal.

Here’s what the Juniper Access Points page looks like:

  1. To add the switch to a site, click Organization > Inventory in the Juniper Mist menu and then the Switches tab at the top of the next page.
  2. Select the switch you just added, and click the More button.
    • Click Assign to Site, and then choose a site from the drop-down list that appears in the Assign Switches page.

    • Click the Assign to Site button to complete the action.

  3. Click Access Points to see a list of any unassigned access points.
  4. Click Switches to see a list of switches, and choose a switch from the list to confirm that it and the Juniper Mist portal are correctly provisioned.

    Here’s what the Switches page looks like, with EX Series switches:

  5. From the Switches page, click a switch name to drill down into a detailed view of that switch, including connected access points and clients. For each switch on the list, you can view various properties, including the version, model number, CPU and memory utilization, bytes transferred, power drawn by the PoE devices, and port errors.Tip

    Hover your mouse cursor over the image of the switch port at the top of the page to see details such as the connection speed, PoE status, and throughput.

    Here’s what the Wired Insights page looks like:


You can confirm your connection from the switch to the Juniper Mist cloud architecture by running the following Junos OS command:

user@host> show system connections | grep 2200

The command output shows the switch connection to the cloud . It includes the IP address of the management interface on the switch, the destination IP address, and the connection result.

If there is no ACK of the SYN packet, chances are that outbound packets over TCP port 2200 are being blocked by the firewall. This issue needs to be resolved before the switch can appear in the Juniper Mist portal under Organization > Inventory > Switches.