Step 2: Up and Running
The SSR1200 is onboarded to the Juniper Mist™ Cloud. To provision the SSR1200 with ZTP, log in to your Mist portal and begin the WAN configuration.
Add the Network
To begin your WAN design, identify the network to be used for accessing applications over a LAN network segment.
-
Select Organization > Networks from the menu on the left.
-
Click Add Networks in the upper-right corner of the Networks page.
-
Enter a name for the network.
-
Enter the network subnet. For example, 192.168.1.0/24.
-
Click Add.
Excellent! This network is now defined for use across the entire organization, including the template that you will apply to your SSR1200.
Add Applications
Define the applications for the WAN to deliver, starting with the Internet.
-
Select Organization > Applications from the menu on the left.
-
Click Add Applications in the upper-right corner of the Applications page.
-
Enter the name of the application. For example, Internet.
-
Enter 0.0.0.0/0, or all IPv4 address space in the IP Addresses field.
-
Click Add.
Nice! Your organization is now set up to provide access to the Internet.
Create a WAN Edge Template
Excellent! Now you have the SSR1200 waiting to be claimed, a network for your LAN, and an application. Next, you need to create a WAN Edge template that ties them all together! Templates are reusable and keep the configuration consistent for every SSR1200 you deploy.
Create a Template
To create a Template:
-
Select Organization > WAN Edge Templates from the menu on the left.
-
Click Create Template in the upper-right corner of the WAN Edge Templates page.
-
Enter a name for the template.
-
Click Create.
-
Enter the NTP and DNS information for the WAN edge device as per your network requirements.
Configure the WAN Port
The first thing to do in your template is to specify which port to use for the WAN.
-
Scroll to the WAN section of the template, and click Add WAN.
-
Enter the name for the WAN port. For example, wan1.
-
Enter the interface as ge-0/0/0 to designate it as a WAN port.
-
Click Add.
Configure the LAN Port
Next, associate your LAN network segment with the appropriate port on the SSR1200.
-
Scroll to the LAN section of the template, and click Add LAN.
-
From the Network dropdown menu, select your network segment to associate it with the LAN port.
-
Enter the interface for the LAN port, for example, ge-0/0/3.
-
Enter 192.168.1.1 as the IP Address that needs to be assigned to the WAN edge device .1 for use as the gateway in the network.
-
Enter /24 as the Prefix Length.
-
Select Server under DHCP to provide DHCP services to endpoints on this network.
-
Give your DHCP server an address pool starting with 192.168.1.100 and ending with 192.168.1.200.
-
Enter 192.168.1.1 as the gateway to be assigned to DHCP clients.
-
Finally, enter the IP addresses for the DNS Servers to be assigned to clients on the network. For example, 8.8.8.8, 8.8.4.4.
-
Click Add.
Your template has the WAN and LAN information. Now, you need to tell the SSR1200 how to use the information to connect users to applications. This is done using traffic steering and application policies.
Configure Traffic Steering Policy
To configure Traffic Steering policy:
-
Scroll to the Traffic Steering section of the template, and click Add Traffic Steering.
-
Enter a name for the steering policy, for example, local-breakout.
-
Click Add Paths to give your steering policy a path to send traffic.
-
Select WAN as the path type, and select your WAN interface. For applications that use the policy, this indicates you want the traffic to be sent directly out of the local WAN interface.
-
Click the ✓ button in the upper right corner of the Add Path panel, and then click Add at the bottom of the Add Traffic Steering side panel.
Configure the Application Policy
To configure Application policy:
-
Scroll to the Application Policies section of the template, and click Add Application Policy.
-
Enter a string in the Name column, and click the check mark to the right of your entry.
-
Select your LAN network from the Network column drop-down list. Select Allow from the Action column drop-down list.
-
Select your application from the Applications column drop-down list. For example, application Internet that you created in Add Applications.
-
Select your local breakout steering policy from the Traffic Steering column drop-down list.
Almost there! You now have a working WAN Edge template that you can apply to many sites and appliances across your organization.
Assign the Template to a Site
Now that you have set up the template, you need to save and assign it to the site where your WAN edge device will be deployed.
-
Scroll to the top of the page and click Save.
-
Click the Assign to Site button, and select the site to which you want to apply the template configuration.
Great work! All that remains is to associate the SSR1200 with a site.
Assign the SSR1200 to a Site
After the SSR1200 is onboarded to the Mist cloud, you'll need to assign it to a site so you can begin to manage the configuration and gather data in Mist cloud.
-
Select Organization > Inventory. The status of the SSR1200 is shown as Unassigned.
-
Select the SSR1200 and from the More drop-down list, select Assign to Site.
-
Select the site from the Site list.
Note:Under Manage Configuration, do not check the Manage Configuration with Mist checkbox for the SSR1200 if it is using Session Smart Router software version 5.4.4. This allows the SSR1200 to reach out to the conductor IP address specified when the site was created to receive configuration information.
If you are onboarding a Mist-managed appliance using Session Smart Router software version 6.0, select Manage Configuration with Mist. If you do not select Manage Configuration with Mist, the SSR1200 will not be managed by Mist.
-
Click Assign to Site.
The site assignment takes a few minutes. After the site is fully onboarded, use the Mist WAN Edge - Device View to access the SSR1200, and the Insights view to view events and activity.
Install the SSR1200 in a Rack
Install the SSR1200 in a rack and connect it to power. For instructions see the hardware guide on the Juniper Mist Supported Hardware page.
Connect Your SSR1200 to the Mist Cloud
Your SSR1200 uses, port labelled MGMT (mgmt-0/0/0) as the default port to contact Mist for zero-touch provisioning (ZTP). You will also be setting up port 0/3 (ge-0/0/3) with a LAN network.
-
Connect the MGMT port to an Ethernet link that can assign a DHCP address to the SSR1200 and provide connectivity to the Internet and Mist.
Note:For management, you can connect the SSR1200 to Mist using the MGMT port. You can also connect to Mist from one of the WAN ports only when the MGMT port is disconnected, or does not have a valid DHCP leased address and default route.
Do not change the Mist management port once your appliance is powered on and connected to the Mist Cloud instance.
-
Connect port 0/3 to your LAN devices, such as
-
Mist-managed Juniper EX switches
-
Mist APs
-
User devices
-
-
Power on the SSR1200.
Great job! Your SSR1200 is now connected to the Mist cloud! In just a few minutes, Mist will send the template-driven configuration down to your device. Once the configuration has been applied, it will begin forwarding sessions from LAN to WAN as described by your policy.
Go to the WAN Edges menu on the Mist sidebar, select your device, and watch events as the device completes ZTP.
As your client devices connected to the LAN are assigned addresses from the WAN Edge DHCP server and begin sending sessions, telemetry will populate the insights page, and Marvis will start analyzing it on your behalf.