Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Day 0: Add an EX Series Switch to the Juniper Mist Cloud

Requirements

We recommend that all switches in an organization be managed exclusively through the Juniper Mist cloud, and not from the device’s CLI.

The switch needs to connect to a DNS server (an NTP server is also recommended), and it needs to be able to connect to the Juniper Mist cloud architecture over the Internet. If there is a firewall between the cloud and the switch, you need to allow outbound access on TCP port 2200 to the management port of the switch. In addition, you need the following items:

  • A Juniper Mist Wired Assurance Subscription, and logon credentials for the Juniper Mist portal

  • Physical access to the switch to connect the cables

  • A supported Juniper EX Series switch

  • A user account on the switch to make CLI configurations (brownfield option)

This example shows how to connect an EX Series switch to the Juniper Mist cloud architecture, and how to bring it onboard to your organization in the Juniper Mist portal. Cloud-ready, or “greenfield” switches can be automatically added to the Juniper Mist cloud using the ZTP option, or they can be added manually by entering an activation code for the switch in the Juniper Mist portal.

Figure 1: Cloud-Ready SwitchesCloud-Ready Switches

“Brownfield” switches, that is, switches being brought into the Juniper Mist cloud architecture from a previous deployment, can also be added to the Juniper Mist cloud. Both procedures are described in this example.

Overview of the ZTP Process

Once a cloud-ready switch is connected to the Internet and powered on for the first time, it triggers an onboard phone-home client (PHC) to get configuration updates from the phone-home server (PHS) as shown in Figure 2. The default behavior is for the PHC to connect to a redirect server, which then redirects it to a phone home server where the switch can get the configuration or software image. This enables the switch to securely and automatically obtain the most recent Junos OS configuration or software image, with no intervention other than physically connecting the switch to the network. Alternatively, you can configure the switch to use a Dynamic Host Configuration Protocol (DHCP) server configured with the necessary ZTP options to complete the ZTP process. To revert to the ZTP default, you need to boot from the factory-default state (or you can issue the Junos OS request system zeroize command to reset the configuration).

Topology

Figure 2: ZTP Process for EX Series SwitchesZTP Process for EX Series Switches

How to Activate a Greenfield Switch

To adopt a cloud-ready switch manually, you need an activation code for the switch. Activation codes are sent through e-mail to the address on record at the time of purchase, or they can be obtained by contacting the Juniper Mist Customer Engagement team. Using the activation code adopts the switch and any Juniper access points that are part of the purchase order, as well as claims any subscriptions that are included in your purchase.

Manually Add a Cloud-Ready Switch to the Juniper Mist Cloud:

Step-by-Step Procedure

  1. Start by unboxing your switch, connecting the management port to the Internet, and powering it on. As part of the ZTP process, the switch automatically accesses the PHC server (or the DHCP server if you have set this up instead) and then connects to the Juniper Mist cloud for configuration updates.

  2. Using a Web browser, log in to your Juniper Mist account. The Monitor page appears, showing an overview of the Juniper Mist cloud and any Juniper access points and clients that are already connected. In the menu on the left, click Organization > Inventory to open that page.

    Figure 3: The Juniper Mist Inventory PageThe Juniper Mist Inventory Page
  3. Select Switches at the top of the Inventory page, and then click the Claim Switches button and enter the activation code for the switch.

    Figure 4: The Claim Switches PageThe Claim Switches Page
  4. Fill out the other fields on the page as you like. Select Manage configuration with Juniper Mist and then enter a root password for the switch. Note that this choice puts the switch under the management of the Juniper Mist portal, and as such, we recommend that local configuration using the CLI be restricted to prevent conflicts (for example, you might want to create a system login message on the switch to warn against making configuration changes locally, from the CLI).

Once the ZTP process resolves, the switch automatically appears in the Inventory page. If the switch doesn’t appear after a few minutes, despite refreshing the web page, log out and then log back in.

Activate a Brownfield Switch

It is important to back up your existing Junos OS configuration on the switch before activating a brownfield switch because when the switch is adopted for management from the Juniper Mist cloud, the old configuration is replaced. Back up your existing Junos OS configuration by running the request system software configuration-backup (path) command, which saves the currently active configuration and any installation-specific parameters.

Likewise, To prevent users from using the Junos CLI to configure the switch after it has been adopted into the Juniper Mist cloud, you may want to create a system login message on the switch to warn against making configuration changes, or to restrict their management access altogether by changing the password or placing restrictions on the Junos CLI user accounts.

How to Add a Brownfield Switch to the Juniper Mist Cloud

Step-by-Step Procedure

This procedure describes how to set up a secure connection between a supported EX Series switch running a supported version of Junos OS. In it, you will make a few configuration changes to the Juniper Mist portal, and some to the switch using the Junos OS CLI. Be sure you can log in to both systems.

  1. Log in to your organization on the Juniper Mist cloud and then click Organization > Inventory in the menu.

  2. Select Switches at the top of the page that appears, and then click the Adopt Switch button in the upper-right corner to generate the Junos OS CLI commands needed for the interoperability. The commands create a Juniper Mist user account, and a SSH connection to the Juniper Mist cloud over TCP port 2200 (the switch connection is from a management interface and is used for configuration settings and sending telemetry data).

    Figure 5: The Switch Adoption PageThe Switch Adoption Page
  3. In the page that appears, click Copy to Clipboard to get the commands from the Juniper Mist cloud.

  4. In the Junos OS CLI, type edit to start configuration mode, and then paste the commands you just copied (type top if you are not already at the base level of the hierarchy).

  5. If you want to add a system message, use the following command:

  6. You can confirm your updates on the switch by running show commands at the [system services] level of the hierarchy, and again at the [system login user juniper-mist] level of the hierarchy.

  7. Run the commit command to save the configuration.

  8. Back in the Juniper Mist portal, click Organization > Inventory > Switches and select the switch you just added.

  9. Click the More drop-down list at the top of the page, and then click the Assign to Site button.

  10. In the page that appears, choose which site you want to assign the switch to, and then select Manage configuration with Mist.

Add the Switch to the Juniper Mist Cloud Architecture and View Details

Now that the switch is able to register with the Juniper Mist portal, the next steps are to add the switch to the appropriate site and assign access points.

Figure 6: The Juniper Access Points PageThe Juniper Access Points Page

Procedure

Step-by-Step Procedure

  1. To add the switch to a site, click Organization > Inventory in the Juniper Mist menu and then the Switches tab at the top of the page that appears.

  2. Select the switch you just added, and then click the More button. Click Assign to Site, and then choose a site from the drop-down list that appears in the Assign Switches page. Click the Assign to Site button to complete the action.

    Figure 7: The Switches Page Shows the EX Series SwitchThe Switches Page Shows the EX Series Switch
  3. Next, select Switches from the menu on the left and click a switch name to display the access points connected to that switch.

    • Hover your mouse cursor over a switch in the list to see summary details of the switch, or click it to expose attached devices.

    • Click the name of the switch (which appears above the list) to open a page where you can dig in to switch details, including various metrics and properties. Scroll down to see the Junos configuration for that specific switch.

    Figure 8: Switch Details in The Switches PageSwitch Details in The Switches Page

Troubleshooting

Confirm your connection from the switch to the Juniper Mist cloud by running the Junos OS command below.

The command output shows the switch connection to the Juniper Mist cloud. It includes the IP address of the management interface on the switch, the destination IP address of the Juniper Mist cloud, and the connection result.

If there is no ACK of the SYN packet, chances are that outbound packets over TCP port 2200 are being blocked by the firewall, and this issue needs to be resolved before the switch can appear in the Juniper Mist portal under Organization > Inventory > Switches.