1. Documentation
  3. Wireless
  5. Mist Edge
  7. Configuration
  9. OC-TERM Proxy Config Guide

OC-TERM Proxy Config Guide

Modified on

Pre-requisites:

  • Claimed and fully configured Mist Edge
  • Mist Edge Out-of-band management (OOBM) interface configured with static ip address.
  • Claimed EX switches.

For information on how to claim and configure Mist devices, refer to Mist Edge getting started guide at https://www.mist.com/documentation

EX Series switches and the Juniper Mist Cloud

For the EX series switches to be managed by Juniper Mist Cloud, switch needs to connect to a DNS server (an NTP server is also recommended), and it needs to be able to connect to the Juniper Mist cloud architecture over the Internet. If there is a firewall between the cloud and the switch, you need to allow outbound access on TCP port 2200 to the management port of the switch.

Mist Edge OC-Term Proxy

In situation where either switches are behind a HTTP proxy or a firewall with port 2200 blocked, OC-Term Proxy service on Mist Edge can be used to proxy all the data packets received from the Juniper EX series switches to the Juniper Mist Cloud. If there is a firewall between the Mist Edge and the switch, you need to allow outbound access on TCP port 2222 (configurable) to the management port of the switch.

OC-Term Proxy service on mist edge, if enabled can proxy the cloud connection from the EX-series switches to the Juniper Mist Cloud.

 

 

If there is a firewall between the cloud and the Mist Edge, Along with port 443, port 2200 will also need to be added to allowed ports in the firewall from Mist Edge OOBM (Out of Band Management) IP.

 

 

This document describes how to enable OC-Term Proxy service on Mist Edge and configure EX-series switches to proxy the cloud connection through Mist Edge.

Basic Configuration

OC-Term Proxy can be configured at ORG level or the site level. The difference is, for site level, you can configure each site to proxy to different Mist Edge, while for org level only one Mist Edge can be configured for OC-Term Proxy.

OC-Term Proxy service doesn’t provide any redundancy.

 

 

 

Follow below steps to configure the Mist Edges to run oc-term proxy and EX switches to communicate to oc-term using mist edge.

It’s a two-step process:

  1. Configure OC-Term Proxy at site or organization level to instantiate and run the mxocproxy service on the given Mist Edge.
  2. Copy the switch configuration blob from dashboard and paste it on switch console.

Navigate to Organization >> Settings (or Site configuration)

  • Under the Switch Management section of Organization settingEnable the OC-Term Proxy
  • Enter the Proxy Host, this will be the Mist Edge OOBM IP address
  • Enter the Proxy Port, default is 2222
  • Click on clipboard icon (highlighted below) to copy the commands and paste it on switch CLI

Proxy port configuration is between EX series switches and Mist Edge, Any change in port number in above config, also needs to be updated to above copied commands, before pasting them on the switch command line interface.

 

 

OR

Navigate to Organization >> Site Configuration >> Select a site

Under the Switch Management section of Site configuration

  • Enable the OC-Term Proxy
  • Enter the Proxy Host, this will be the Mist Edge OOBM IP address
  • Enter the Proxy Port, default is 2222
  • Click on clipboard icon (highlighted below) to copy the commands and paste it on switch CLI


 

OOBM interface on Mist Edge is required to be configured with static ip to instantiate OC-Term Proxy service. OC-Term Proxy Configuration using API

OC-Term proxy service on Mist Edge can also be configured using the API.

ORG Level API
API endpoint: /api/v1/orgs/{{ORG-ID}}/setting

API Payload:

Site Level API
API endpoint: /api/v1/sites/{{SITE-ID}}/setting

API Payload:

Configure the EX-series switches with copied commands

Sample blob (Proxy IP and host will defer based your config):

set system services ssh protocol-version v2
set system authentication-order password
set system login user mist class super-user
set system login user mist authentication encrypted-password <sample password>
set system login user mist authentication ssh-rsa “ssh-rsa <sample key>
set system services outbound-ssh client mist device-id <sample device ID>
set system services outbound-ssh client mist secret <sample secret>
set system services outbound-ssh client mist services netconf keep-alive retry 12 timeout 5
set system services outbound-ssh client mist <PROXY HOST IP> port <PROXY HOST PORT> timeout 60 retry 1000
set system services outbound-ssh client mist oc-term-staging.mistsys.net port 2200 timeout 60 retry 1000
delete system phone-home

Troubleshooting

  1. Check if Mist Edge OOBM interface is configured with static IP.
  2. Check if mxocproxy service is running on Mist Edge –

  1. Verify the connection status on switch –
    1. user@host> show system connections | grep 2200
  2. Verify the firewall config and logs