Versions Compared

Old Version 8

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version Current

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Onboard a switch:   https://www.mist.com/documentation/adding-an-ex-series-switch-to-the-juniper-mist-cloud/


https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce-177-using-mist-with-ex-switches-example.html#jd0e32






Organization > Inventory 

Image Modified


Organization > Inventory > Select the Site > "Click "Adopt Switches"

Image Modified


Image Modified

Check ssh session

show configuration system services outbound-ssh

oc-term.mistsys.net  and SSH port: port 2200;

Code Block
titleoutbound ssh
root@srx320-np> show configuration system services outbound-ssh client mist { device-id <organization-id>.<mac-address>; secret "$........Ap0"; ## SECRET-DATA keep-alive { retry 3; timeout 5; } services netconf;

Code Block
titleCLI command
collapsetrue
set system services ssh protocol-version v2
set system authentication-order password
set system login user mist class super-user
set system login user mist authentication encrypted-password <<password>>
set system services outbound-ssh client mist device-id <<org_ID>>
set system services outbound-ssh client mist secret <<secret>>
set system services outbound-ssh client mist services netconf keep-alive retry 12 timeout 5
set system services outbound-ssh client mist oc-term.mistsys.net
{ 
port 2200
;
 timeout 
60 retry 1000
; timeout 60; } } Code Block
titlenslookup
nslookup 

Assign it to Site
Image Added

Image Added

Additional config
App Track License
Image Added
enable logs
Image Added


Check ssh session

show configuration system services outbound-ssh
oc-term.mistsys.net  and SSH port: port 2200;

 Code Block
titleoutbound ssh
root@srx320-np> show 
Non-authoritative answer:
Name:    ab847c3d0fcd311e9b3ae02d80612151-659eb20beaaa3ea3.elb.us-west-1.amazonaws.com
Addresses:  13.56.90.212
configuration system services outbound-ssh
client mist {
    device-id <organization-id>.<mac-address>;
    secret "$........Ap0"; ## SECRET-DATA
    keep-alive {
    
13.56.90.212
Aliases:  oc-term.mistsys.net Code Block
titleshow
collapsetrue
root@srx320-np> show system connections | match 13.56.90.212
tcp4       0  
    retry 3;
        timeout 5;
    }
   
0
 
 192.168.0.204.56360
services netconf;
    
root@srx320-np> show system connections | match 2200
tcp4
oc-term.mistsys.net {
        port 2200;
  
0
      retry 
0
1000;
   
192.168.0.204.56360
     timeout 60;
    }
}






 Code Block
titlenslookup
nslookup  oc-term.mistsys.net

Non-authoritative answer:
Name:    ab847c3d0fcd311e9b3ae02d80612151-659eb20beaaa3ea3.elb.us-west-1.amazonaws.com
Addresses:  13.56.90.212
.2200

          13.56.90.212
Aliases:  oc-term.mistsys.net




 Code Block
titleshow
collapsetrue
root@srx320-np> show system connections | match 13.56.90.212
tcp4       0      0  192.168.0.204.56360  
ESTABLISHED
 

root@srx320-np> show system connections 
Active
| 
Internet
match 
connections
2200
tcp4 
(including
 
servers)
 
Proto
 
Recv-Q
 
Send-Q
  
Local
0 
Address
     0  192.168.0.204.56360                          
Foreign Address
 13.56.90.212.2200                             ESTABLISHED


(state)
tcp4       0      0  192.168.0.204.22

root@srx320-np> show system connections
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address                                 Foreign Address    
192.168.0.203.56768
                           
ESTABLISHED
(state)
tcp4       0      
48
0  192.168.0.204.22                              192.168.0.203.
56767
56768                           ESTABLISHED
tcp4       0     48 
0
 
 
192.168.0.204.
56360
22                              
13
192.
56
168.
90
0.
212
203.
2200
56767                           
  
ESTABLISHED
tcp4       0      0  192.168.0.204.
22
56360                           
   192.168.0.203.55477
13.56.90.212.2200                             ESTABLISHED
tcp4       0      0  192.168.0.204.22                              192.168.0.203.
55476
55477                           ESTABLISHED
tcp4       0      0  
*
192.168.0.204.22
  
show system connections extensive | find 13.56.90.212
 Code Block
titleextended
collapsetrue
root@srx320-np> show system connections extensive | find 13.56.90.212
tcp4
                      
0
      
0
  192.168.0.
204
203.
56360
55476                           
13.56.90.212.2200 
ESTABLISHED
tcp4       0      0  *.22  

show system connections extensive | find 13.56.90.212
 Code Block
titleextended
collapsetrue
root@srx320-np> show system connections extensive | find 13.56.90.212
tcp4   
ESTABLISHED
    
sndsbcc:    
0      0 
sndsbmbcnt: 
 192.168.0.204.56360         
0
  
sndsbmbmax:
     
263856
 
sndsblowat:
       
2048
 
sndsbhiwat:
  13.56.90.212.2200    
32982
    
rcvsbcc:
          
0
 
rcvsbmbcnt:
          
0
ESTABLISHED
 
rcvsbmbmax:
  sndsbcc:   
527712
 
rcvsblowat:
      0 sndsbmbcnt:   
1
 
rcvsbhiwat:
      
65964
0  sndsbmbmax:  
proc
 
id:
  263856
sndsblowat:       
1
2048 sndsbhiwat: 
proc
 
name:
    32982
   
iss
rcvsbcc: 
1631025522
      
sndup
   0 rcvsbmbcnt: 
1631235313
     
snduna:
 
1631235313
   0  
sndnxt
rcvsbmbmax: 
1631235313
    527712
rcvsblowat: 
sndwnd:
     
570368
    1 
sndmax
rcvsbhiwat: 
1631235313
    
sndcwnd:
 65964
   proc 
 2868 sndssthresh
id: 
1073725440
        
irs:
 
2967610863
1  proc name:
  
rcvup:
 
2967735408
    iss: 
rcvnxt:
1631025522 
2967735444
     
rcvadv
sndup: 
2967801408
1631235313
    
 rcvwnd
snduna: 1631235313     
65964
sndnxt: 1631235313      
 rtt
sndwnd:     570368
    
0
sndmax: 1631235313    sndcwnd:  
srtt:
     2868 sndssthresh: 
4866
1073725440
       
rttv
irs: 2967610863      rcvup: 
180
2967735408
    
rxtcur
rcvnxt: 2967735444     rcvadv: 
1200
2967801408   
rxtshift:
   rcvwnd:      65964

0
       
rtseq
rtt:  
1631235245
     
rttmin:
   0    
1000
   
mss
srtt:       
1434
4866        
flags
rttv: 
NODELAY
 
REQ_SCALE
 
RCVD_SCALE
 
REQ_TSTMP
 
RCVD_TSTMP
 
SACK_PERMIT
 
[0x120003e4]
 
tcp46
180
    rxtcur: 
0
      
0
1200  
*.443
 rxtshift:          0       rtseq: 1631235245
    rttmin:       1000  mss:       1434

*.*
     flags: NODELAY REQ_SCALE RCVD_SCALE REQ_TSTMP RCVD_TSTMP SACK_PERMIT [0x120003e4]
tcp46      0      0  *.443                
LISTEN
    
sndsbcc:
          
0
 
sndsbmbcnt:
          
0
*.*  
sndsbmbmax:
     
262144
 
sndsblowat:
       
2048
 
sndsbhiwat:
         
32768
    
rcvsbcc:
          
0
 
rcvsbmbcnt:
   LISTEN
   sndsbcc:   
0
  
rcvsbmbmax:
     
524288
0 
rcvsblowat
sndsbmbcnt:          
1
0  
rcvsbhiwat
sndsbmbmax:     262144

65536
sndsblowat:    
proc
 
id:
  2048 sndsbhiwat:      32768

5
  
proc
 
name
rcvsbcc:        
iss:
  0 
 
rcvsbmbcnt:      
0
    0  
sndup
rcvsbmbmax:     524288
rcvsblowat:    
0
     
snduna:
 1 rcvsbhiwat:      65536
 
0
  proc id:  
sndnxt:
        5  
0
proc name:
       
sndwnd
iss:          0     
sndmax
 sndup:          0
    
sndcwnd
snduna:    
1073725440
  
sndssthresh:
 
1073725440
   0     
irs
sndnxt:          0      
rcvup
sndwnd:          0
    
rcvnxt
sndmax:          0    
 rcvadv
sndcwnd: 1073725440 sndssthresh: 1073725440
      
0      rcvwnd
 irs:          0      
  rtt
rcvup:          0
    
  srtt
rcvnxt:          0     rcvadv:   
rttv:
      
12000
 0    
rxtcur:
  rcvwnd:     
3000
   
rxtshift:
  0
       
0
rtt:       
rtseq:
   0       
0
srtt:     
rttmin:
     0  
1000
  
mss:
    rttv:   
1024
   12000
  
flags:
 
NODELAY
 
REQ_SCALE REQ_TSTMP [0x20000a4]
tcp4
rxtcur:       3000   
0
rxtshift:      
0
  
*.443
  0       rtseq:          0
    rttmin:       1000  mss:       1024

*.*
     flags: NODELAY REQ_SCALE REQ_TSTMP [0x20000a4]
tcp4       0      0  *.443                  
LISTEN
     
sndsbcc:
          
0
 
sndsbmbcnt:
       *.*   
0
  
sndsbmbmax:
     
262144
 
sndsblowat:
       
2048
 
sndsbhiwat:
      
32768
    
rcvsbcc:
          
0
 
rcvsbmbcnt:
   LISTEN
   sndsbcc:   
0
  
rcvsbmbmax:
     
524288
0 
rcvsblowat
sndsbmbcnt:          
1
0  
rcvsbhiwat
sndsbmbmax:     262144
sndsblowat:   
65536
    
proc
2048 
id
sndsbhiwat:      32768
   
2
rcvsbcc:  
proc
 
name:
       0 
iss
rcvsbmbcnt:          0  rcvsbmbmax:     
sndup
524288
rcvsblowat:          
0
1 rcvsbhiwat:    
snduna:
  65536
   
    0
proc id:     
sndnxt:
     2  proc name:
 
0
      
sndwnd
iss:          0      
sndmax
sndup:          0
    
sndcwnd
snduna:   
1073725440
   
sndssthresh:
 
1073725440
   0     
irs
sndnxt:          0      
rcvup
sndwnd:          0
    
rcvnxt
sndmax:          0    
 rcvadv
sndcwnd: 1073725440 sndssthresh: 1073725440
      
0      rcvwnd
 irs:          0      
  rtt
rcvup:          0
    
  srtt
rcvnxt:          0     rcvadv:   
rttv:
       
12000
0      
rxtcur
rcvwnd:          0
 
3000
      
rxtshift
rtt:          0       
rtseq
srtt:          0        rttv:    
rttmin:
  12000
    rxtcur:       3000 
1000
  
mss
rxtshift:         
512
 0       
flags
rtseq: 
NODELAY
 
REQ_SCALE
 
REQ_TSTMP
 
[0x20000a4]


      0
    rttmin:       1000  mss:        512
     flags: NODELAY REQ_SCALE REQ_TSTMP [0x20000a4]



security flow

show security flow session destination-port 2200

 Code Block
titlesecurity flow
collapsetrue
root@srx320-np> show security flow session 
destination-port 2200

destination-port 2200
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1798, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4172, Bytes: 437734,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2683, Bytes: 269528,
Total sessions: 1

root@srx320-np> show security flow session destination-port 2200 extensive
Session ID: 12093, Status: Normal
Flags: 0x40/0x0/0x8023
Policy name: self-traffic-policy/1
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption:  Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1800
Session State: Valid
Start time: 269541, Duration: 5812
   In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp,
  Conn Tag: 0x0, Interface: .local..0,
    Session token: 0x2, Flag: 0x1031
    Route: 0xfffb0006, Gateway: 192.168.0.204, Tunnel: 0
    Port sequence: 0, FIN sequence: 0,
    FIN state: 0,
    Pkts: 4173, Bytes: 437854
   Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp,
  Conn Tag: 0x0, Interface: ge-0/0/7.0,
    Session token: 0x7, Flag: 0x1020
    Route: 0x180010, Gateway: 192.168.0.1, Tunnel: 0
    Port sequence: 0, FIN sequence: 0,
    FIN state: 0,
    Pkts: 2683, Bytes: 269528
Total sessions: 1




show security flow session destination-port 2200 | refresh

 Code Block
titlerefresh
collapsetrue
root@srx320-np> show security flow session destination-port 2200 | refresh
---(refreshed at 2020-11-06 11:38:38 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1796, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4226, Bytes: 442378,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2710, Bytes: 271904,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:43 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1798, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4228, Bytes: 442550,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2711, Bytes: 271992,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:48 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 
1798
1796, Valid
  In: 192
.168.0.204/56360 --> 13.56.90.212/2200;tcp, Conn Tag: 0x0, If: .local..0, Pkts: 4172, Bytes: 437734,
  Out: 13.56.90.212/2200
.168.0.204/56360 --> 
192
13.
168
56.
0
90.
204
212/
56360
2200;tcp, Conn Tag: 0x0, If: 
ge-0/0/7
.local..0, Pkts: 
2683
4230, Bytes: 
269528,
Total sessions: 1

root@srx320-np> show security flow session destination-port 2200 extensive
Session ID: 12093, Status: Normal
Flags: 0x40/0x0/0x8023
Policy name: self-traffic-policy/1
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption:  Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1800
Session State: Valid
Start time: 269541, Duration: 5812

442722,
  Out: 13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 2712, Bytes: 272080,
Total sessions: 1
---(refreshed at 2020-11-06 11:38:53 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1798, Valid
  In: 192.168.0.204/56360 --> 13.56.90.212/2200;tcp,


 
 
Conn Tag: 0x0, 
Interface
If: .local..0, 
    Session token
Pkts: 
0x2
4232, 
Flag
Bytes: 
0x1031
442894,
  
  Route
Out: 
0xfffb0006, Gateway:
13.56.90.212/2200 --> 192.168.0.204/56360;tcp, Conn Tag: 0x0, 
Tunnel
If: ge-0/0/7.0, Pkts: 
   Port sequence
2713, Bytes: 
0
272168,

FIN
Total 
sequence
sessions: 
0,
    FIN state: 0,
    Pkts: 4173, Bytes: 437854
   Out: 13.56.90.212/2200
1
---(refreshed at 2020-11-06 11:38:58 UTC)---
Session ID: 12093, Policy name: self-traffic-policy/1, Timeout: 1796, Valid
  In: 192.168.0.204/56360 --> 
192
13.
168
56.
0
90.
204
212/
56360
2200;tcp, 
  
Conn Tag: 0x0, 
Interface
If: 
ge-0/0/7
.local..0, 
    Session token
Pkts: 
0x7
4234, 
Flag
Bytes: 
0x1020
443066,
  
  Route
Out: 
0x180010, Gateway:
13.56.90.212/2200 --> 192.168.0.
1
204/56360;tcp, 
Tunnel: 0
    Port sequence
Conn Tag: 
0
0x0, 
FIN sequence
If: 
0,
    FIN state: 0,
   
ge-0/0/7.0, Pkts: 
2683
2714, Bytes: 
269528
272256,
Total sessions: 1
---(*more 100%)---










 Code Block
titlebasic config
if using DHCP no need for name-server:

set system host-name Switch-1
set system root-authentication plain-text-password
set system time-zone Europe/London
set system ntp server uk.pool.ntp.org
delete chassis auto-image-upgrade
set system services ssh root-login allow





 Code Block
titlepaste the script
set system services ssh protocol v2
set system authentication-order password
set system login user mist class super-user
set system login user mist authentication encrypted-password $6$8SKrI1BgRFgrPsLh$HSd7.Fp4DpE8yxghtB1
set system services outbound-ssh client mist device-id b3d4205f-fe87-47f7-99e4-b163bf6ff92e
set system services outbound-ssh client mist secret b6880b89c5153da86491c3060a3fad02641b400535ad25872f
set system services outbound-ssh client mist services netconf keep-alive retry 3 timeout 5
set system services outbound-ssh client mist oc-term.mistsys.net port 2200 timeout 60 retry 1000