Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce-177-using-mist-with-ex-switches-example.html#jd0e32






Organization > Inventory 


Organization > Inventory > Select the Site > "Click "Adopt Switches"


Check ssh session

show configuration system services outbound-ssh

oc-term.mistsys.net  and SSH port: port 2200;


Code Block
titleoutbound ssh
root@srx320-np> show configuration system services outbound-ssh
client mist {
    device-id <organization-id>.<mac-address>;
    secret "$........Ap0"; ## SECRET-DATA
    keep-alive {
        retry 3;
        timeout 5;
    }
    services netconf;
    oc-term.mistsys.net {
        port 2200;
        retry 1000;
        timeout 60;
    }
}





Code Block
titlenslookup
nslookup  oc-term.mistsys.net

Non-authoritative answer:
Name:    ab847c3d0fcd311e9b3ae02d80612151-659eb20beaaa3ea3.elb.us-west-1.amazonaws.com
Addresses:  13.56.90.212
          13.56.90.212
Aliases:  oc-term.mistsys.net





Code Block
titleshow
collapsetrue
root@srx320-np> show system connections | match 13.56.90.212
tcp4       0      0  192.168.0.204.56360   

root@srx320-np> show system connections | match 2200
tcp4       0      0  192.168.0.204.56360                           13.56.90.212.2200                             ESTABLISHED


root@srx320-np> show system connections
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address                                 Foreign Address                               (state)
tcp4       0      0  192.168.0.204.22                              192.168.0.203.56768                           ESTABLISHED
tcp4       0     48  192.168.0.204.22                              192.168.0.203.56767                           ESTABLISHED
tcp4       0      0  192.168.0.204.56360                           13.56.90.212.2200                             ESTABLISHED
tcp4       0      0  192.168.0.204.22                              192.168.0.203.55477                           ESTABLISHED
tcp4       0      0  192.168.0.204.22                              192.168.0.203.55476                           ESTABLISHED
tcp4       0      0  *.22  


show system connections extensive | find 13.56.90.212

Code Block
titleextended
collapsetrue
root@srx320-np> show system connections extensive | find 13.56.90.212
tcp4       0      0  192.168.0.204.56360                           13.56.90.212.2200                             ESTABLISHED
   sndsbcc:          0 sndsbmbcnt:          0  sndsbmbmax:     263856
sndsblowat:       2048 sndsbhiwat:      32982
   rcvsbcc:          0 rcvsbmbcnt:          0  rcvsbmbmax:     527712
rcvsblowat:          1 rcvsbhiwat:      65964
   proc id:          1  proc name:
       iss: 1631025522      sndup: 1631235313
    snduna: 1631235313     sndnxt: 1631235313      sndwnd:     570368
    sndmax: 1631235313    sndcwnd:       2868 sndssthresh: 1073725440
       irs: 2967610863      rcvup: 2967735408
    rcvnxt: 2967735444     rcvadv: 2967801408      rcvwnd:      65964
       rtt:          0       srtt:       4866        rttv:        180
    rxtcur:       1200   rxtshift:          0       rtseq: 1631235245
    rttmin:       1000  mss:       1434
     flags: NODELAY REQ_SCALE RCVD_SCALE REQ_TSTMP RCVD_TSTMP SACK_PERMIT [0x120003e4]
tcp46      0      0  *.443                                         *.*                                           LISTEN
   sndsbcc:          0 sndsbmbcnt:          0  sndsbmbmax:     262144
sndsblowat:       2048 sndsbhiwat:      32768
   rcvsbcc:          0 rcvsbmbcnt:          0  rcvsbmbmax:     524288
rcvsblowat:          1 rcvsbhiwat:      65536
   proc id:          5  proc name:
       iss:          0      sndup:          0
    snduna:          0     sndnxt:          0      sndwnd:          0
    sndmax:          0    sndcwnd: 1073725440 sndssthresh: 1073725440
       irs:          0      rcvup:          0
    rcvnxt:          0     rcvadv:          0      rcvwnd:          0
       rtt:          0       srtt:          0        rttv:      12000
    rxtcur:       3000   rxtshift:          0       rtseq:          0
    rttmin:       1000  mss:       1024
     flags: NODELAY REQ_SCALE REQ_TSTMP [0x20000a4]
tcp4       0      0  *.443                                         *.*                                           LISTEN
   sndsbcc:          0 sndsbmbcnt:          0  sndsbmbmax:     262144
sndsblowat:       2048 sndsbhiwat:      32768
   rcvsbcc:          0 rcvsbmbcnt:          0  rcvsbmbmax:     524288
rcvsblowat:          1 rcvsbhiwat:      65536
   proc id:          2  proc name:
       iss:          0      sndup:          0
    snduna:          0     sndnxt:          0      sndwnd:          0
    sndmax:          0    sndcwnd: 1073725440 sndssthresh: 1073725440
       irs:          0      rcvup:          0
    rcvnxt:          0     rcvadv:          0      rcvwnd:          0
       rtt:          0       srtt:          0        rttv:      12000
    rxtcur:       3000   rxtshift:          0       rtseq:          0
    rttmin:       1000  mss:        512
     flags: NODELAY REQ_SCALE REQ_TSTMP [0x20000a4]


security flow

show security flow session destination-port 2200


Code Block
titlesecurity flow
collapsetrue
root@srx320-np> show security flow session destination-port 2200
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1798, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4172, Bytes: 437734,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2683, Bytes: 269528,
Total sessions: 1

root@srx320-np> show security flow session destination-port 2200 extensive
Session ID: 12093, Status: Normal
Flags: 0x40/0x0/0x8023
Policy name: self-traffic-policy/1
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption:  Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1800
Session State: Valid
Start time: 269541, Duration: 5812
   In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp,
  Conn Tag: 0x0, Interface: .local..0,
    Session token: 0x2, Flag: 0x1031
    Route: 0xfffb0006, Gateway: 192.168.0.204, Tunnel: 0
    Port sequence: 0, FIN sequence: 0,
    FIN state: 0,
    Pkts: 4173, Bytes: 437854
   Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp,
  Conn Tag: 0x0, Interface: ge-0/0/7.0,
    Session token: 0x7, Flag: 0x1020
    Route: 0x180010, Gateway: 192.168.0.1, Tunnel: 0
    Port sequence: 0, FIN sequence: 0,
    FIN state: 0,
    Pkts: 2683, Bytes: 269528
Total sessions: 1



show security flow session destination-port 2200 | refresh


Code Block
titlerefresh
collapsetrue
root@srx320-np> show security flow session destination-port 2200 | refresh
---(refreshed at 2020-11-06 11:38:38 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1796, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4226, Bytes: 442378,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2710, Bytes: 271904,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:43 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1798, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4228, Bytes: 442550,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2711, Bytes: 271992,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:48 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1796, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4230, Bytes: 442722,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2712, Bytes: 272080,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:53 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1798, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4232, Bytes: 442894,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2713, Bytes: 272168,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:58 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1796, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4234, Bytes: 443066,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2714, Bytes: 272256,
Total sessions: 1
---(*more 100%)---









Code Block
titlebasic config
if using DHCP no need for name-server:

set system host-name Switch-1
set system root-authentication plain-text-password
set system time-zone Europe/London
set system ntp server uk.pool.ntp.org
delete chassis auto-image-upgrade
set system services ssh root-login allow




Code Block
titlepaste the script
set system services ssh protocol v2
set system authentication-order password
set system login user mist class super-user
set system login user mist authentication encrypted-password $6$8SKrI1BgRFgrPsLh$HSd7.Fp4DpE8yxghtB1
set system services outbound-ssh client mist device-id b3d4205f-fe87-47f7-99e4-b163bf6ff92e
set system services outbound-ssh client mist secret b6880b89c5153da86491c3060a3fad02641b400535ad25872f
set system services outbound-ssh client mist services netconf keep-alive retry 3 timeout 5
set system services outbound-ssh client mist oc-term.mistsys.net port 2200 timeout 60 retry 1000


...