Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Deploy Juniper Mist Edge at the Organization Level

This chapter provides information about the various tasks that you perform to deploy the Juniper Mist™ Edge.

Create a Mist Cluster

After you create a Juniper Mist Edge on the Juniper Mist portal, you must add the device to a Mist Cluster. A cluster can comprise a single edge device or multiple edge devices. You can use multiple clusters in an active/active or active/passive configuration.

To create a cluster:

  1. From the left menu of the Juniper Mist portal, select Mist Edges.
    Mist Edges Clusters page appears.
  2. In the Mist Edges Clusters page, click Create Cluster.
  3. On the Create Mist Cluster page, enter a name in the Cluster Name field and in the Select Mist Edges field, select the edge devices to add to the cluster.
  4. In the Tunnel Termination Services page, specify the hostname or IP address to configure the Mist Edge cluster.
    If multiple Juniper Mist Edges are part of the cluster, list the IP address of each device, separated by a comma. The hostname or IP addresses you specify in this page must be the same as the Tunnel IP address that you have configured for each Juniper Mist Edge.

    The Hostnames/IPs field gets automatically populated as per the IP address you enter in the Tunnel IP Configuration fied in the Mist Edge inventory page. Whenever you add or delete a Mist Edge from a Cluster, make sure to verify the entries in this section. For more information, see Tunnel Termination Services.

    If you add multiple Juniper Mist Edges to a single cluster, you can create an active/active setup for all the Juniper Mist Edges in the same cluster.
    For an active/standby setup, you must create a second cluster for the Juniper Mist Edge you want to be on standby. If the Juniper Mist Edges in the primary cluster are down, the AP fails over to the Juniper Mist Edges in the secondary cluster.

    For Remote Teleworker solution, ensure that the firewall is configured to allow the connection from remote AP. Consider the following guidelines:

    • Allow port 500/4500 for IPSec and port 2083 for RadSec from remote APs

    • Firewall must translate the destination IP of the packets from remote AP to the tunnel IP

    • Obtain the external IP for the Mist Edge tunnel IP where a remote AP connects (usually a firewall IP), Append that IP to the hostname/IPs under tunnel termination services.

    No additional configuration is required on Mist Edge or AP, other than selecting the tunnel type as IPSec and Radius to proxy through Mist Edge

Create Mist Tunnel (Organization Level)

After you create a cluster, you must configure a tunnel and bind the tunnel to the cluster. Typically, the tunnel is where you list all your user VLANs (client VLANs) that you want to extend from your corporate network to the APs.

To create a Mist Tunnel at the organization level:

  1. From the left menu of the Juniper Mist portal, select Mist Edges.
    Mist Tunnels page appears.
  2. In the Mist Tunnels pane, click Create Tunnel.
    Mist Tunnels page appears.
  3. On the Mist Tunnels pane, in the VLAN ID(s) field, specify all the user VLANs that you must tunnel back. Separate the VLANs in the list with commas.
  4. In the Custer pane, assign the tunnel to a primary or a secondary Mist Edge Cluster that you have created earlier. In either the Primary Cluster or the Secondary Cluster field, select the required cluster from the drop-down list. You can retain the default entry or selection in the other fields on the page.
    After you create a tunnel, the tunnel termination service download is complete on the Mist Edge.

Configure WLAN Template

A WLAN template is a collection of WLAN policies, tunneling policies and WxLAN policies. Instead of repeating a given configuration across multiple service set identifiers (SSIDs), with WLAN templates you can set it once and then attach APs to the template to automatically inherit the setting. Both the APs and WLAN must belong to the same site.

You must use the WLAN Templates to enable the corporate SSID. You can create a WLAN template and use the template assignment for:

  • Specific sites or a collection of individual sites that are mapped to a Site-Group.

  • Entire organization with actual office sites added as exceptions.

To configure a WLAN template:

  1. From the left menu of the Juniper Mist portal, select Organization > Wireless > WLAN Templates. .
  2. On the WLAN Templates page, click Create Template.
  3. On the New Template page, enter a name and select Entire Org or Site and Site Groups to assign the template.
    Figure 1: WLAN Template Assigned to Site and Site Groups WLAN Template Assigned to Site and Site Groups
    Figure 2: WLAN Template Assigned to Entire Organization with Some Exceptions WLAN Template Assigned to Entire Organization with Some Exceptions
  4. In the WLAN templates page, select Add WLAN in the WLANs pane. In the Create WLAN page, you can specify the security settings.
  5. In the Create WLAN page, specify the number of VLANs to be tunneled through the Juniper Mist Edge in the VLAN ID field .
    Note that Juniper® Series of High-Performance Access Points do not tunnel any WLAN configured with an untagged VLAN. You can choose the APs that are tunneled as per the deployment type.
  6. For organization-level deployment, select Custom Forwarding to and then select Mist from the drop-down list. Next, select tunnel profile from the Tunnel drop-down list. Note that this Mist tunnel must be the same VLAN that you want to tunnel.