Initial Setup for Mist Edge Devices

To set up your Mist Edge device:

Connect the AC power cords to the AC power supplies.
Press the power button to power on the device.
Claim your device on the Mist portal. See Claim a Mist Edge Device.
Connect the OOBM port on the rear panel of the device to the switch.

See Configure the OOBM Port for the configuration.
Connect the tunnel (data) ports on the rear panel of the device to the network.

See Configure the Tunnel Ports for the configuration.

For the detailed configuration and deployment procedures, see the Juniper Mist Edge Guide.

Claim a Mist Edge Device

You can claim and onboard Mist Edge devices to your network using the Mist AI mobile application or using the Mist portal.

Download and install the Mist AI app from the Google Play Store or Apple App Store.
Open the Mist AI app and log in using your account credentials.
Select your Organization.
Select Claim Devices to Org to enter the claim code.

Or,

Select Device Inventory, select the Mist Edges tab and tap + on the top right corner.
Enter the claim code in the Claim code field and select Claim.

You could also locate the QR code on the Mist Edge appliance and focus the camera on the QR code.

The app automatically claims the Mist Edge and adds it to your site.
Select Device Inventory. You'll see the new Mist Edge listed under the Unassigned group in the Mist Edges tab.

Log in to your account at https://manage.mist.com/.
Navigate to Mist Edges and click on Claim Mist Edge.
Enter the Mist Edge claim code and click on Add.

You can find the claim code above the QR code on the pull-out information tab on the front panel of the device.
(Optional) Select the site to which you want to assign the device. You can choose to assign the device to a primary site (default) or any other site. If you want to assign the device to a site later, clear the Assigned claimed ME to site check box.
(Optional) Select the Generate names for ME, with format: check box and enter a name format for the device.You can use this option only if you are assigning the device to a site.

You can also choose to rename and assign a device to a site after you claim the device.
Click Claim.

The out-of-band management (OOBM) port is located on the rear panel of the device.

Connect the OOBM port to an access-mode interface of a switch on the customer premises.
If your network is DHCP enabled, you must first connect to the Mist cloud by using DHCP. Use the Mist portal to configure the static IP address.

By default, the OOBM port is configured for Dynamic Host Configuration Protocol (DHCP).
If your network is not DHCP enabled, use the Juniper Mist Edge CLI to configure the OOBM port.

Use the Integrated Dell Remote Access Controller (iDRAC) port to access the CLI.
1. Open a browser window and type the iDRAC IP address in the address bar. Log in using the username and password.
  
  If your device has an LCD panel, use it to obtain the iDRAC IP address.
  
  The default iDRAC user is root. The password is located on the back of the pull-out tab of the device.
  
  The Dashboard comes up.
2. Click the Virtual Console on the bottom-left side of the window and log in.
  The username is mist and the password is the claim code of the device. The claim code is located above the QR code on the pull-out tab.
3. Switch to root access using the su - command. The password is the claim code.
4. Use the following command to configure the OOBM parameters.
5. Use the ip a command to view the IP address of the OOBM port.

You can now access the Mist Edge CLI using the OOBM IP address. The username is mist and the password is the claim code of the device.

You can configure the tunnel (data) ports on your device as single arm or as dual arm (downstream and upstream) interfaces.

Single Arm—Carries both upstream and downstream traffic on a single port. You can configure and detect one or more ports as a single Link Aggregation Control Protocol (LACP).
Dual Arm—Carries upstream and downstream traffic on two different ports. You can configure and detect dual arm port configuration as two LACPs.

There are two interfaces that are related to the tunnel ports:

Tunnel IP—The interface where the Layer 2 Tunneling Protocol version 3 (L2TPv3) or IPsec tunnel between the Mist Edge and the AP terminates. It is also called the downstream interface.
Data interface—The interface connected to a trunk port that has all the VLANs configured to which the WLAN maps. It is also called the upstream interface.

To set up the tunnel ports:

Connect the Tunnel IP interface to the untrusted side of your network.

The interface is untagged and you must connect the it to the Tunnel IP network.

If a firewall exists between the AP management subnet and the Mist Edge device, you must allow the traffic destined to the Tunnel IP on port 1701 for L2TPv3 tunnels and on port 500/4500 for IPSec tunnels.
Connect the data interface to the trusted side of your network.
This interface would typically connect to your core or aggregate switch trunked with all the necessary user VLANs allowed.
To create a dual-arm configuration, in the Juniper Mist portal, select Separate Upstream and Downstream Traffic on the Tunnel Interface Configuration page. You can assign the interfaces as needed.

Upstream Port VLAN ID is optional and should only be used whenever the upstream switchport is configured as an access port with a single untagged VLAN.
To create a single-arm configuration, in the Juniper Mist portal, clear the Separate Upstream and Downstream Traffic option. you can assign the interfaces as needed.

Upstream Port VLAN ID is optional and should only be used whenever the upstream switchport is configured as an access port with a single untagged VLAN.