Step 1: Begin
The goal of this Day One+ guide is to get you up and running with the Juniper AI-driven network and see what it can do for you. As you’ll see, both the onboarding and provisioning of the physical devices (your switches and access points) are highly automated. There’s nothing to install on your workstation, and for the most part, nothing to configure in the Junos OS CLI. All the features are available through the portal on the cloud.
We’ll start by connecting a Juniper switch to the Juniper Mist cloud architecture, and then we’ll look at some key features in the cloud-hosted Juniper Mist portal. There are more than 100 types of service-level expectations (SLEs) that are available, in real time, through the dashboards on the portal. These SLEs measure key compliance metrics for your wired network and result in vastly simpler operations, streamlined troubleshooting, and better visibility into your users’ network experience.
The following illustration gives a quick overview of the Juniper AI-driven network. It shows how Juniper Mist cloud services use telemetry from the physical infrastructure to develop AI-powered automation that is delivered through the cloud and accessible from the portal.
One thing to mention: Juniper Mist cloud architecture supports location services and contact tracing, but we’re not going to get into those things here. For more information on these and a bunch of other features, you can check out our website.
Before You Begin
The switch you’re connecting needs to be able to reach to the Juniper Mist cloud architecture over the Internet. So, if there’s a firewall between the cloud and the switch, you need to allow outbound access on TCP port 2200. Once the switch connects to the Juniper Mist cloud, it automatically downloads the necessary commands to the Junos OS and completes the provisioning. If you don’t want to use this automated procedure, or if the switch you’re connecting isn’t set up for it, then connect the switch to an DNS server (you'll still need to allow outbound access through the firewall).
You’ll also need:
Physical access to the switch to connect the cables
Login credentials for the Juniper Mist portal
An activation code to adopt the switch and any Juniper access points that are part of your order
A user account on the switch to make CLI configurations (only applies to the brownfield option, which is described later)
A supported Juniper EX Series switch running a supported version of Junos OS
Here’s a summary of supported Juniper EX Series switches driven by Mist AI:
Connect to the Juniper Mist Cloud Architecture
There are two kinds of switches when it comes to connecting to the Juniper Mist cloud architecture: greenfield and brownfield. Greenfield switches are typically new and come cloud-ready, which means you can add them to the Juniper Mist cloud automatically using the zero touch provisioning (ZTP) option. As the name implies, this is fast and simple—connect the switch to the network, open a path to the Internet, and let the cloud architecture make the remaining configurations. As part of the ZTP process, the switch automatically accesses what’s known as a phone-home server, which brokers a connection to the Juniper Mist cloud architecture and coordinates the necessary Junos OS configuration updates. If you don’t want to use the phone-home server, you can configure the switch to use a DHCP server instead. The point is, the switch needs to be able to resolve the Juniper Mist cloud address, and either method will do.
Brownfield switches are typically those that are already in use somewhere on the network, and now you want to connect them to the Juniper Mist cloud. Connecting brownfield switches to the cloud is also pretty straightforward, but you need to do the configurations by hand using the Junos OS CLI. We’ll cover both cases.
Connect a Greenfield Switch
- Start by unboxing your switch, if you haven’t already, and then connect the management port to the Internet and power on the switch.
- Open a Web browser and log in to your Juniper Mist account. The Monitor page appears, showing an overview of the Juniper Mist cloud architecture and any Juniper access points and clients that are already connected.
- In the menu on the left, click Organization > Inventory to open that
page.
Here’s a picture of the Inventory page we’re talking about:
- Select Switches at the top of the Inventory page, and then click the Claim Switches button and enter the activation code for the switch.
Here’s a picture of the Claim Switches page:
- Fill in the other fields as appropriate for your network. Select Manage configuration
with Juniper Mist and then enter a root password for the switch.
Note that this choice puts the switch under the management of the Juniper Mist portal, and as such, we recommend that local configuration using the CLI be restricted to prevent conflicts (for example, you might want to create a system login message on the switch to warn against making configuration changes locally, from the CLI).
Once the ZTP process is finished, the switch automatically appears in the Inventory page. If the switch doesn’t appear after a few minutes, despite refreshing the webpage, log out and then log back in.
Connect a Brownfield Switch
Back Up Your Configuration
It is important to back up your existing Junos OS configuration because when once you adopt the switch into the Juniper Mist cloud architecture, the old configuration is completely replaced.
In Junos OS, run the request system software configuration-backup path command to save the currently active configuration and any installation-specific parameters.
Once the switch is adopted, you should manage it exclusively from the Juniper Mist portal and not the local CLI. As such, consider taking the following actions:
Create a system login message on the switch to warn users against making configuration changes locally, from the Junos OS
Restrict management access by changing account passwords
Place restrictions on existing user accounts
To connect a brownfield switch, you'll need to use the Junos OS CLI to make some configuration changes to the Juniper Mist portal and to the switch. Be sure you can log in to both.
- Log in to your organization on the Juniper Mist portal and then click Organization > Inventory in the menu.
- Select Switches at the top of the page that appears, and then click
the Adopt Switch button in the upper-right corner to generate the Junos OS CLI
commands needed for the interoperability (these commands create a Juniper Mist user account
and an SSH connection to the Juniper Mist cloud architecture over TCP port 2200).
Here’s what the Switch Adoption page looks like:
- From the Switch Adoption page, click Copy to Clipboard to get the commands.
- In the Junos OS CLI, type edit to start configuration mode, and then paste the commands you just copied (type top if you are not already at the base level of the hierarchy).
- Back in the Juniper Mist portal, click Organization > Inventory > Switches and select the switch you just added.
- Click the More drop-down list at the top of the page, and then click the Assign to Site button to continue making your selections as prompted.
- Confirm your updates on the switch by running show commands at the [system services] hierarchy level, and again at the [system login user juniper-mist] hierarchy level.
show system servicesssh { protocol-version v2; } netconf { ssh; } outbound-ssh { client juniper-mist { device-id 550604ec-12df-446c-b9b0-eada61808414; secret "trimmed"; ## SECRET-DATA keep-alive { retry 3; timeout 5; } services netconf; oc-term.mistsys.net { port 2200; retry 1000; timeout 60; } } } dhcp-local-server { group guest { interface irb.188; } group employee { interface irb.189; } group management { interface irb.180; } }show system login user mistuser@Switch-1# show system login user mist class super-user; authentication { encrypted-password "$trimmed ## SECRET-DATA }
Now that the switch can register with the Juniper Mist portal, the next thing to do is to add the switch to a site and assign access points. You do this from the portal.
Here’s what the Juniper Access Points page looks like:
- To add the switch to a site, click Organization > Inventory in the Juniper Mist menu and then the Switches tab at the top of the next page.
- Select the switch you just added, and click the More button.
Click Assign to Site, and then choose a site from the drop-down list that appears in the Assign Switches page.
Click the Assign to Site button to complete the action.
- Click Access Points to see a list of any unassigned access points.
- Click Switches to see a list of switches, and choose a switch from
the list to confirm that it and the Juniper Mist portal are correctly provisioned.
Here’s what the Switches page looks like, with EX Series switches:
- From the Switches page, click a switch name to drill down into a detailed
view of that switch, including connected access points and clients. For each switch on the
list, you can view various properties, including the version, model number, CPU and memory
utilization, bytes transferred, power drawn by the PoE devices, and port errors.
Tip Hover your mouse cursor over the image of the switch port at the top of the page to see details such as the connection speed, PoE status, and throughput.
Here’s what the Wired Insights page looks like:
Problems?
You can confirm your connection from the switch to the Juniper Mist cloud architecture by running the following Junos OS command:
user@host> show system connections | grep 2200The command output shows the switch connection to the cloud . It includes the IP address of the management interface on the switch, the destination IP address, and the connection result.
tcp4 0 0 10.10.70.89.63208 <ip-address>.2200 ESTABLISHED
If there is no ACK of the SYN packet, chances are that outbound packets over TCP port 2200 are being blocked by the firewall. This issue needs to be resolved before the switch can appear in the Juniper Mist portal under Organization > Inventory > Switches.