Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Onboard a switch:   https://www.mist.com/documentation/adding-an-ex-series-switch-to-the-juniper-mist-cloud/


https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce-177-using-mist-with-ex-switches-example.html#jd0e32






Organization > Inventory 

Image Modified


Organization > Inventory > Select the Site > "Click "Adopt Switches"

Image Modified


Image Modified

Code Block
titleCLI command
collapsetrue
set system services ssh protocol-version v2
set system authentication-order password
set system login user mist class super-user
set system login user mist authentication encrypted-password <<password>>
set system services outbound-ssh client mist device-id <<org_ID>>
set system services outbound-ssh client mist secret <<secret>>
set system services outbound-ssh client mist services netconf keep-alive retry 12 timeout 5
set system services outbound-ssh client mist oc-term.mistsys.net port 2200 timeout 60 retry 1000


Assign it to Site

Image Modified


Image Modified


Additional config
App Track License

Image Modified

enable logs

Image Modified



Check ssh session

show configuration system services outbound-ssh

oc-term.mistsys.net  and SSH port: port 2200;


Code Block
titleoutbound ssh
root@srx320-np> show configuration system services outbound-ssh
client mist {
    device-id <organization-id>.<mac-address>;
    secret "$........Ap0"; ## SECRET-DATA
    keep-alive {
        retry 3;
        timeout 5;
    }
    services netconf;
    oc-term.mistsys.net {
        port 2200;
        retry 1000;
        timeout 60;
    }
}





Code Block
titlenslookup
nslookup  oc-term.mistsys.net

Non-authoritative answer:
Name:    ab847c3d0fcd311e9b3ae02d80612151-659eb20beaaa3ea3.elb.us-west-1.amazonaws.com
Addresses:  13.56.90.212
          13.56.90.212
Aliases:  oc-term.mistsys.net





Code Block
titleshow
collapsetrue
root@srx320-np> show system connections | match 13.56.90.212
tcp4       0      0  192.168.0.204.56360   

root@srx320-np> show system connections | match 2200
tcp4       0      0  192.168.0.204.56360                           13.56.90.212.2200                             ESTABLISHED


root@srx320-np> show system connections
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address                                 Foreign Address                               (state)
tcp4       0      0  192.168.0.204.22                              192.168.0.203.56768                           ESTABLISHED
tcp4       0     48  192.168.0.204.22                              192.168.0.203.56767                           ESTABLISHED
tcp4       0      0  192.168.0.204.56360                           13.56.90.212.2200                             ESTABLISHED
tcp4       0      0  192.168.0.204.22                              192.168.0.203.55477                           ESTABLISHED
tcp4       0      0  192.168.0.204.22                              192.168.0.203.55476                           ESTABLISHED
tcp4       0      0  *.22  


show system connections extensive | find 13.56.90.212

Code Block
titleextended
collapsetrue
root@srx320-np> show system connections extensive | find 13.56.90.212
tcp4       0      0  192.168.0.204.56360                           13.56.90.212.2200                             ESTABLISHED
   sndsbcc:          0 sndsbmbcnt:          0  sndsbmbmax:     263856
sndsblowat:       2048 sndsbhiwat:      32982
   rcvsbcc:          0 rcvsbmbcnt:          0  rcvsbmbmax:     527712
rcvsblowat:          1 rcvsbhiwat:      65964
   proc id:          1  proc name:
       iss: 1631025522      sndup: 1631235313
    snduna: 1631235313     sndnxt: 1631235313      sndwnd:     570368
    sndmax: 1631235313    sndcwnd:       2868 sndssthresh: 1073725440
       irs: 2967610863      rcvup: 2967735408
    rcvnxt: 2967735444     rcvadv: 2967801408      rcvwnd:      65964
       rtt:          0       srtt:       4866        rttv:        180
    rxtcur:       1200   rxtshift:          0       rtseq: 1631235245
    rttmin:       1000  mss:       1434
     flags: NODELAY REQ_SCALE RCVD_SCALE REQ_TSTMP RCVD_TSTMP SACK_PERMIT [0x120003e4]
tcp46      0      0  *.443                                         *.*                                           LISTEN
   sndsbcc:          0 sndsbmbcnt:          0  sndsbmbmax:     262144
sndsblowat:       2048 sndsbhiwat:      32768
   rcvsbcc:          0 rcvsbmbcnt:          0  rcvsbmbmax:     524288
rcvsblowat:          1 rcvsbhiwat:      65536
   proc id:          5  proc name:
       iss:          0      sndup:          0
    snduna:          0     sndnxt:          0      sndwnd:          0
    sndmax:          0    sndcwnd: 1073725440 sndssthresh: 1073725440
       irs:          0      rcvup:          0
    rcvnxt:          0     rcvadv:          0      rcvwnd:          0
       rtt:          0       srtt:          0        rttv:      12000
    rxtcur:       3000   rxtshift:          0       rtseq:          0
    rttmin:       1000  mss:       1024
     flags: NODELAY REQ_SCALE REQ_TSTMP [0x20000a4]
tcp4       0      0  *.443                                         *.*                                           LISTEN
   sndsbcc:          0 sndsbmbcnt:          0  sndsbmbmax:     262144
sndsblowat:       2048 sndsbhiwat:      32768
   rcvsbcc:          0 rcvsbmbcnt:          0  rcvsbmbmax:     524288
rcvsblowat:          1 rcvsbhiwat:      65536
   proc id:          2  proc name:
       iss:          0      sndup:          0
    snduna:          0     sndnxt:          0      sndwnd:          0
    sndmax:          0    sndcwnd: 1073725440 sndssthresh: 1073725440
       irs:          0      rcvup:          0
    rcvnxt:          0     rcvadv:          0      rcvwnd:          0
       rtt:          0       srtt:          0        rttv:      12000
    rxtcur:       3000   rxtshift:          0       rtseq:          0
    rttmin:       1000  mss:        512
     flags: NODELAY REQ_SCALE REQ_TSTMP [0x20000a4]


security flow

show security flow session destination-port 2200


Code Block
titlesecurity flow
collapsetrue
root@srx320-np> show security flow session destination-port 2200
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1798, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4172, Bytes: 437734,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2683, Bytes: 269528,
Total sessions: 1

root@srx320-np> show security flow session destination-port 2200 extensive
Session ID: 12093, Status: Normal
Flags: 0x40/0x0/0x8023
Policy name: self-traffic-policy/1
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption:  Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1800
Session State: Valid
Start time: 269541, Duration: 5812
   In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp,
  Conn Tag: 0x0, Interface: .local..0,
    Session token: 0x2, Flag: 0x1031
    Route: 0xfffb0006, Gateway: 192.168.0.204, Tunnel: 0
    Port sequence: 0, FIN sequence: 0,
    FIN state: 0,
    Pkts: 4173, Bytes: 437854
   Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp,
  Conn Tag: 0x0, Interface: ge-0/0/7.0,
    Session token: 0x7, Flag: 0x1020
    Route: 0x180010, Gateway: 192.168.0.1, Tunnel: 0
    Port sequence: 0, FIN sequence: 0,
    FIN state: 0,
    Pkts: 2683, Bytes: 269528
Total sessions: 1



show security flow session destination-port 2200 | refresh


Code Block
titlerefresh
collapsetrue
root@srx320-np> show security flow session destination-port 2200 | refresh
---(refreshed at 2020-11-06 11:38:38 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1796, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4226, Bytes: 442378,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2710, Bytes: 271904,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:43 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1798, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4228, Bytes: 442550,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2711, Bytes: 271992,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:48 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1796, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4230, Bytes: 442722,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2712, Bytes: 272080,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:53 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1798, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4232, Bytes: 442894,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2713, Bytes: 272168,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:58 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1796, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4234, Bytes: 443066,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2714, Bytes: 272256,
Total sessions: 1
---(*more 100%)---









Code Block
titlebasic config
if using DHCP no need for name-server:

set system host-name Switch-1
set system root-authentication plain-text-password
set system time-zone Europe/London
set system ntp server uk.pool.ntp.org
delete chassis auto-image-upgrade
set system services ssh root-login allow




Code Block
titlepaste the script
set system services ssh protocol v2
set system authentication-order password
set system login user mist class super-user
set system login user mist authentication encrypted-password $6$8SKrI1BgRFgrPsLh$HSd7.Fp4DpE8yxghtB1
set system services outbound-ssh client mist device-id b3d4205f-fe87-47f7-99e4-b163bf6ff92e
set system services outbound-ssh client mist secret b6880b89c5153da86491c3060a3fad02641b400535ad25872f
set system services outbound-ssh client mist services netconf keep-alive retry 3 timeout 5
set system services outbound-ssh client mist oc-term.mistsys.net port 2200 timeout 60 retry 1000