Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

WAN Interfaces

Use this information to enter the settings in the WAN section of a WAN Edge template, hub profile, or device configuration.

Navigating to a WAN Configuration

You'll find WANs on the configuration page for your WAN Edge templates (for spokes), hub profiles, and individually managed devices.

  • For a WAN Edge template—From the left menu, select Organization > WAN > WAN Edge Templates. Click a template, or create a new one. Scroll down to the WAN section.

  • For a hub profile—From the left menu, select Organization > WAN > Hub Profiles. Click a profile, or create a new one. Scroll down to the WAN section.

  • For an individually managed WAN Edge device—From the left menu, select WAN Edges > WAN Edges. Click a device. Scroll down to the WAN section.

WAN Configuration Overview

A WAN interface is the interface out to the Internet.

By default, Juniper Mist sets up the WNA Edge device for management connectivity to the Mist cloud by enabling DHCP on the default WAN interface.

WAN Settings

On the configuration page, the WAN section lists the WANs that you've defined. To add a WAN, click Add WANs, enter the settings in the side panel, and then click Add at the bottom of the panel.

Table 1: Settings for the WAN Configuration Panel
Field Description
Name Enter a name to identify this interface. You can enter up to 32 letters, numbers, underscores, and dashes. The name must start and end with a letter or a number.
Description

Enter a description for this interface.

WAN Type Select the type of WAN link.

If you select LTE, also enter the LTE APN and LTE Authentication (described later in this table).

Note:

The DSL option is for SRX devices only.
Interface Enter the name of the interface (such as ge-0/0/1, ge-0/0/1-5, or reth0). Or, for aggregation, enter a comma-separated list of interfaces.

Then, select additional interface options as needed:

  • Disabled— Administratively disable the LAN port.

    If you disable a physical interface (for example, ge-0/0/1), all associated sub-interfaces or VLAN interfaces (for example, ge-0/0/1.200 and ge-0/0/1.100) will go down.

    If you disable an aggregated Ethernet interface (for example, ae1) on a WAN edge device, only the ae interface will go down; the underlying physical interfaces in the ae bundle will remain up.

  • Port Aggregation(Available only if the WAN Type is Ethernet) Group Ethernet interfaces to form a single link layer interface. You can use this for Link Aggregation Control Protocol (LACP) configuration.

    • Disable LACP—Disable LACP interface.

    • Enable Force Up—Choose this option prior to onboarding a device that is connected to the LAN port via Link Aggregation Control Protocol (LACP). For example, if you are onboarding a new switch to the Mist cloud, the switch will not already be provisioned for LACP. Setting Enable Force Up forces the first Ethernet interface of the LACP on the WAN edge device to the up state, which in turn allows the switch to connect to the Mist cloud using zero-touch provisioning (ZTP), where it will retrieve the configuration files needed to complete the onboarding.

    • AE Index—Enter the index value for Aggregated Ethernet. Range: 0-127

  • Redundant(available for all WAN Types except DSL) Select this option to enable redundancy. Also select the Primary Node. The drop-down list includes the nodes specified in the IP Config section of the configuration.

    For SRX only, also enter the Redundant Index and Redundant Group.

  • Enable "Up/Down Port" Alert Type—Select this option to designate this interface as a critical WAN Edge port for alerts. After you save this configuration, you also need to enable the Critical WAN Edge Port Up and Critical WAN Edge Port Down alerts on the Alerts Configuration page. Then you'll receive alerts whenever this port goes down or comes back up. For more information, see the Alerts chapter of the Juniper Mist AI-Native Operations Guide.

  • Enable Scheduled Speed Tests—Select this option to allow Marvis to run self-driving speed tests on the selected WAN interfaces automatically during low activity times.

    If you enable this feature, be aware of these factors:

    • This feature requires a Marvis for WAN subscription for each device that you want to run Marvis self-driving speed tests on.

    • It's selected by default when you select Ethernet as the WAN type, and is recommended for these interfaces.

    • It's not recommended for devices with built-in LTE. The reason is that this feature uses bandwidth and can be costly if you pay for bandwidth usage through a service provider. If you have LTE interfaces connected to your Ethernet interfaces, as on Cradlepoint devices, do not enable this option.

    • If you enable this feature on this interface, also enable it at the organization level. To do so, go to Organization > Settings > WAN Speed Test Scheduler.

LTE APN

(if WAN Type is LTE)

 (Optional for SRX Series Firewalls and mandatory for Session Smart Routers)

If you selected LTE as the WAN type, also complete this field.

On SRX Series Firewalls, the LTE Mini-Physical Interface Module (Mini-PIM) provides wireless WAN support on the SRX300 Series and SRX550 High Memory Services Gateways. The Mini-PIM contains an integrated modem and operates over 3G and 4G networks. The Mini-PIM can be installed in any of the Mini-PIM slots on the devices. For help with installation, see https://www.juniper.net/documentation/us/en/hardware/lte-mpim-install/topics/task/lte-mpim-hardware-intalling.html.

You need to set up an LTE interface on your WAN edge device and insert the Subscriber Identity Module (SIM) in the LTE card.

In the LTE APN field, enter the access point name (APN) of the gateway router. The name can contain alphanumeric characters and special characters. (Mandatory when enabling LTE with Session Smart Routers).

LTE Authentication

(if WAN Type is LTE)

If you selected LTE as the WAN type, select an authentication type for the APN configuration:

  • PAP—Select this option to use Password Authentication Protocol (PAP) as the authentication method. Provide User name and Password.

  • CHAP—Select this option to use Challenge Handshake Authentication Protocol (CHAP) authentication as the authentication method. Provide User name and Password.

  • None (Default)—Select this option if you do not want to use any authentication method.

DSL Type

(if WAN Type is DSL)

 Currently, there is only one option, which is pre-selected for you: VDSL
VLAN ID (Not applicable if WAN Type is LTE)Enter the VLAN ID for this interface.
IP Configuration (Not applicable if WAN Type is LTE)Select IP configuration options.

  • DHCP—Select this option to have your WAN configuration use Dynamic Host Configuration Protocol (DHCP).

  • Static—Select this option to assign your WAN a static, unchanging IP address. Enter the IP Address, Prefix Length, and Gateway address.

  • PPPoE—Select this option to have your WAN to use Point-to-Point Protocol over Ethernet (PPPoE). Choose from the following authentication options:

    • PAP—Select this option to use Password Authentication Protocol (PAP) as the authentication method. Provide User name and Password.

    • CHAP—Select this option to use Challenge Handshake Authentication Protocol (CHAP) authentication as the authentication method. Provide User name and Password.

    • None (Default)—Select this option if you do not want to use any authentication method.

Source NAT

Use Network Address Translation (NAT) along with advertising the public IP address unless the WAN address is a publicly routable address.

Select Source NAT options:

  • Interface—NAT using source interface.
  • Pool—NAT using defined IP address pool.
  • Disabled—Disable source NAT
Traffic Shaping

Select Enabled or Disabled.

Enable traffic shaping for better bandwidth control and traffic prioritization. Traffic shaping is driven by forwarding class parameters derived from application configuration.

If you enable traffic shaping, you need to also configure a transmit cap so that the actual traffic rate aligns with the configured shaping rate, regardless of the physical interface bandwidth.

If you enable traffic shaping on Session Smart Routers, you can also specify the traffic shaping percentage for an interface. In other words, you can define the maximum bandwidth (as a percentage) that should be allocated to high-, medium-, and low-priority traffic, as well as best-effort traffic.

By default, traffic shaping is disabled.

Auto Negotiation

Select Enabled or Disabled.
MTU Enter an MTU value between 256 -9192. Default is 1500.
Endpoints Add endpoints to create overlays to use in your traffic steering rules. For example, create different overlays for normal traffic, critical traffic, and other use cases.

  • Hub to Hub Endpoints—Click Add Hub to Hub Endpoints. Select a WAN interface on the other hub. For example, if you're configuring the hub profile for Hub A, and you want a hub-to-hub overlay to Hub B, select a WAN interface on Hub B.

  • Hub to Spoke Endpoints (SSR Only)—Click Add Hub to Spoke Endpoints. Enter the custom endpoint for this overlay.

  • Overlay Mesh Endpoints (SSR Only)

    —Click Add Overlay Mesh Endpoints. Select the Mesh Name, Path, and BFD Profile.