ON THIS PAGE
Appendix: Day-2 Operate
Switch Information Page
To get to the basic switch monitoring page, click Switches, select a site and then click on the device itself similar to what is shown below:
Not obvious but very useful is this button at the right side which allows you to modify what is displayed on this page:
A typical add example is shown below:
Resulting in this new view:
Going further, please click on the switch name you want to inspect (here, we select “access1”). At the top of the device information page, you see a graphical front view of the device, its ports and some baseline status information.
Hover your mouse over each status icon for CPU, Memory, Temperature, PoE, PSUs and Fans to see the current status for each category.
Next, hover your mouse over some of the ports of the device to review what is configured and detected there. In our example, you also see at the bottom that our lab switch has a wired client (a test VM) that is attached to the port.
Clicking on one or more ports gives you access to the commands shown below:
Then, select the Utilities tab available for the device and click on Testing Tools to see what tests are available to run.
The testing tools allow you to issue ICMP pings, traceroutes and to bounce a port, for example:
Besides the testing tools, one of the most useful utilities is the ability to open a direct SSH shell to the device just by clicking a button.
This will open a new window with the ability to utilize the CLI on the device remotely.
A new option is Sync Configuration which will immediately push a synced configuration to the device based on what is configured via Mist (and reviewable via the Download Junos Config option). Consider this option when:
- You made use of the Additional CLI Commands option and want to revoke previously made configurations without “delete” commands.
- Somebody made a local change on the device without proper configuration via the Juniper Mist cloud and you want to remove these changes.
- There was a prior configuration push that failed and you want to try again.
Back on the device information page, review the Statistics Pane for information.
Also review the Metrics Pane to confirm all is well.
Then, review the configuration for the device. Usually, it should be inherited by the templates or profiles you used. However, if you need to, you can make individual changes to the configuration to be pushed to the device. Ensure that your switch is managed by Mist now:
Finally, review the Properties Pane for information and then click on Switch Insights for the next level of information about this device:
Switch Insights Page
At the top of the Switch Insights page, you should see your switch.
In our example, you do not see the location of the access switch, hence the dark background. Optionally, you can add this information via a location configuration as shown. Go to Location > Live View:
Add a new floorplan:
Upload the picture of your topology:
Click on Setup Floorplan:
Select Switches and drag the switch itself to the position on the topology/floorplan:
Click Save and return to the Switch Insights page to see the topology:
On the Switch Insights page, at the top of the page, you can see the time range for the information you want to see (default is Today). Below, you can see how you can influence that range:
Below the device, you can see events over time (and the traffic through the device at that time). With your mouse cursor, you can select an event to review which will then automatically be selected in the below events reports:
You can also zoom in by selecting an area in the timeline with your mouse cursor (make sure it’s not too short).
To then get to a more detailed view of the time range, selected before:
Then, review the Switch Events pane:
You can limit the events displayed by selecting specific events as shown below:
You can limit the events displayed by selecting specific ports as shown below:
Another item you can review is Table Capacity like the example shown below:
Next is the Switch Charts pane with the following five charts:
- CPU Utilization
- Memory Utilization
- RX+TX Bytes
- Port Errors
- Power Draw
You can expand the chart by clicking on the symbol marked below:
You can then review the switch ports again to figure out what is attached to each:
Then, the last pane on this page is Current Switch Properties:
Wired SLE Monitor Page
The next level of information is regarding Switch SLE monitoring. To review those, click Monitor > Service Levels.
Then, select a site for inspection and select Wired.
Please be aware that all Wired SLE metrics are about monitoring a device for a longer period of time. They may not display much after you’ve just onboarded a device as not much data has been collected yet. In a production environment, expect to need to collect a full week of data from the device. You can try to change the period to “Last 60 min” but it may not present much information.
The first pane gives you a relationship between the number of connected clients within that time range and the system events that occurred. A purple triangle denotes when something changed. Also, familiarize yourself with the ability to see what is reported in the lower-right corner of the pane.
Currently, there are three Wired SLE measurements displayed with different classifiers together for each SLE:
- Throughput SLE.
- Successful Connect SLE.
- Switch Health SLE.
- Switch Bandwidth
It is critical to understand that the metrics and reports for each SLE are based on Mist AI utilizing a tensor flow network. This means:
- As with all AIs, Mist AI requires large amounts of data about your network to provide useful analysis. We recommend waiting a week after the switch has been installed and has been running traffic though it before inspecting this information.
- Unlike a traditional monitoring tool which displays a chart and then leaves it up to you to interpret the health status, through AI, Mist gathers a sense of the health of your network and only displays items that are at risk. Hence, if you do not see any reports, it means all is good and you do not need to review further.
Let’s focus on the reports you can get via each SLE now. The SLE for Throughput with accompanying classifiers:
- Storm Control
- Network with sub-classifiers:
- Latency
- Jitter
- Interface Anomalies with sub-classifiers:
- Cable Issues
- MTU Mismatch
- Negotiation Failed
It is best practice to start inspecting the SLE through the Statistics tab first:
You may select the next tab named Timeline, if needed.
Then, you should review the next classifier, drilling deeper into the issue. In the example below, we select the classifier having the most impact:
As this SLE classifier has sub-classifiers, we then select the sub-classifier with the most impact:
In this example, it’s best to inspect the Distribution tab next. Here, we start with Clients:
Below, we review the affected switches, for example:
Next comes the Successful Connect SLE with its classifiers:
- DHCP
- Authentication with sub-classifiers:
- Wrong Credentials
- Radius Server Unreachable
Next comes the Switch Health SLE with its classifiers:
- Switch Unreachable
- Capacity with sub-classifiers:
- Mac Address Table
- ARP Table
- Route Table
- Network with sub-classifiers:
- WAN Jitter
- WAN Latency
- System with sub-classifiers:
- Temp
- Power
- CPU
- Memory
Finally, the Switch Bandwidth SLE with its classifiers:
- Bandwidth Headroom
- Congestion Uplink
- Congestion
Reports on SLEs are only made visible if there is a concern and you need to review something. If you want charts on raw data without the benefit of an AI-based analysis, please visit the #Toc170115267__Ref94796236.
Alarms Page
With this test case, we demonstrate the ability to see alarms for switches and optionally, to get those alarms sent as emails to the administrator. Go to Monitor > Alarms:
Review the current page and open the Alerts Configuration:
Under the configuration, keep the scope as the default Entire Org, and email recipients as organization and site admins. Then, you can optionally add your email address to the “To additional email recipients” field and click on the “My Account” link to verify your own settings.
If you are an admin, the default setting is to not send you any emails so you must enable this now.
If you have followed the “My Account” link above, you can now select enable under the Email Notification section.
You can enable notifications on a site-by-site basis, but for now enable them for the entire organization as indicated below:
Your account email notification setting should now look like this:
Now, enable the switch alerts and email notifications for infrastructure as the options below indicate:
We recommend enabling the Marvis switch alerts and email notifications as well.
As an example, if you were to reboot a switch, you would receive the following email and others after a couple of minutes:
The link in the above image redirects you to the alarms page, which shows the event information similar to what is shown below:
There is also a button to download the events as a CSV-based table:
Large organizations tend to use templates for alarms. Alarm templates allow for more granular assignments of alerts to the persons needing them based on the sites they manage or based on other needs.
Marvis Actions
Marvis Actions is a feature of the Juniper Mist AI-driven operations platform that provides proactive and reactive troubleshooting capabilities. It leverages Mist AI to identify network issues, recommend actions, and provide insights into the root causes of these issues. The Marvis Actions dashboard displays high-impact network issues across wired, WAN, and wireless networks at different levels (MSP, organization, site). It allows users to track firmware compliance, detect WAN link outages, identify bad cables, and more. With real-time AI-driven insight, Marvis Actions enables proactive issue detection and resolution, reducing troubleshooting effort and time. More details to be found here https://www.mist.com/documentation/switch-actions/
Marvis Actions are reachable via Marvis > Marvis Actions. Should there be any outstanding actions needed on the network, they will be identified here.
The Marvis Actions you may see with concerns to switch infrastructure are currently:
- Marvis Switch Actions:
- Missing VLAN
- Negotiation Mismatch
- Loop Detected
- Port Flap
- High CPU
- Port Stuck
- Traffic Anomaly
- Marvis Layer 1 Action
- Bad Cable
The Marvis “Missing VLAN” action is not triggered by the switch itself as with all others shown. It needs a Juniper AP to inspect the LLDP-Media information reported by the switch. This should contain all configured VLANs on the switch where the AP is attached. When a wireless client attaches to the AP and the SSID the client is using is configured for a particular VLAN, the AP checks if the switch has the same VLAN configured. If that is not the case, a Marvis action is triggered.
Marvis Conversational Assistant
Remember that the recommendation is to have traffic running for at least a week for the AI to be able to collect enough data for processing.
The Marvis Conversational Assistant is in the lower-right corner of your browser window.
After selecting the Marvis Conversational Assistant icon, the window that appears allows you to enter questions and lists predefined topics. Enter (or click as below) here “Troubleshoot Site” to limit the search to issues related only the current site.
When clicking on wired in our example one can see the following report:
In this case, the link points to the Wired SLE Monitor page like shown in one of the chapters above.
Switch Firmware Upgrade
With Mist, we can now upgrade switches directly from the cloud.
Please refer to EX4400 – BIOS and Junos Upgrade Recommendations
Preconditions
- Ensure stable SSH connectivity from switch to the cloud
- Ensure enough space on the switch (more details below)
Enabling Status Column from the Menu
Make sure the status column is enabled to see the switch upgrade option.
The hamburger menu option is visible on top of the right side in the switch list view:
Ensure the status option is checked:
Steps to perform the Switch Upgrade:
- Select the switch to upgrade, and the “Upgrade Switches” option will be visible on the
right side.
- Click Upgrade Switches > Upgrade switch firmware and then select the firmware
of choice.
- You are presented with two options:
- Reboot switch after image copy—By checking this box, the switch will automatically
reboot after the image copy procedure is completed so that the switch will boot up
with the new image.
- If left unchecked—The image will be copied to the switch and will be in a state of
pending reboot. To complete the upgrade of the switch, select Utilities > Reboot
Switch when you are ready.
- Reboot switch after image copy—By checking this box, the switch will automatically
reboot after the image copy procedure is completed so that the switch will boot up
with the new image.
- The Upgrade Process:
- Once the upgrade starts, the progress of the upgrade will be indicated in the switch list view, switch details view (will show as “Upgrading”) and from the Switch Insights view:
- Switch List View:
- Switch details view:
- Switch Insights view:
- Once the copy process is complete, if the “Reboot after image copy” option was chosen, the switch will boot automatically, and the switch upgrade will be complete.
- If the option “Reboot after image copy” was unchecked, the portal will indicate that the
switch needs to “Reboot to use new image”.
Upgrade Event
Upgrade events are visible on the portal. Clicking on Switch Insights will redirect to the switch upgrade events. The following events will appear when choosing “Reboot after image copy”:
- “Upgraded by User” (Meaning the user has initiated the upgrade from the portal)
- “Upgraded” (After the switch has rebooted and was upgraded to the image from the portal)
- If the option “Reboot after image copy” is unchecked, the “Sw Upgrade Pending” event is
visible as a manual reboot is required to complete the switch upgrade to the desired
version:
- The “Restart by User” event is visible here as a manual reboot was needed for the
software upgrade to take effect:
- Once the switch is upgraded, the “Upgraded” event is visible on the portal:
Multi-switch upgrade support
Mist provides options to upgrade multiple platforms simultaneously from the switch list view (With different switch model combinations):
Virtual-chassis upgrade support
Mist supports the upgrade of Virtual Chassis. This support does not include NSSU.
The switch upgrade is implemented in a way that it uses the “request system storage cleanup” Junos CLI command before any upgrade to make sure the space is available so that the image can be copied into the /var/tmp folder onto the switch.
Replace a Single Switch
Overview
- You can replace a switch without disrupting network service by retaining the existing configuration of the switch.
- Also note that this topic does not apply to replacing a switch in a Virtual Chassis.
Replace a switch via the portal
Prerequisites
- The switch to be replaced must already be claimed or adopted in the organization and assigned to a site.
- The switch can be in either a “connected” or “disconnected” state.
- The new switch that will replace the old switch should be in an “unassigned” state (that is, not assigned to any site in the organization) and seen on the Inventory page.
Steps
- Go to the Switch tab on the dashboard and click on the switch details view.
- Click on the Utilities button in the upper-right corner of the page.
- In the Utilities dropdown menu, the Replace Switch option is seen as shown
in the image below.
- Click on the Replace Switch option.
- A Replace Switch window opens up as shown below:
- Make sure that there is at least one switch (non-Virtual Chassis) in an “unassigned” state on the Inventory page of that organization.
- Also note that existing EX Series Switches can only be replaced with another EX Series Switch and not by QFX Series nor SRX Series devices.
- Search for the MAC address of the new switch in the search box as seen below:
- Click on the checkboxes of any of the listed configuration items from the old switch
that you don’t want to copy to the new switch, as seen below:
- If a switch with a higher number of ports is getting replaced with a switch with a lower
number of ports, then by default the portal will discard the port configurations. Hence,
the “Port Configuration” checkbox will always be checked by default in such scenarios, as
seen below:
- Click the Replace button.
- Notice that the switch is replaced—the new switch takes the place of the old switch.
- The old switch is set to an “Unassigned” state under the Inventory page.
Replace (or add) a Switch part of a Virtual Chassis
While this chapter mainly talks about switch replacement in a Virtual Chassis, the same workflow (with less steps) is used when just adding a new switch to an existing Virtual Chassis.
Independent of the device type used in the Virtual Chassis, you must always do a pre-provisioning of the new switch that will replace an existing switch in the current Virtual Chassis. The Juniper Mist cloud needs know about and update the Junos firmware on the switch that will be added to the Virtual Chassis as well as configure the new device before you can add it to the Virtual Chassis. If the replacement switch arrives at the site, you can leverage one of two methods to be able to image and pre-provision the switch before adding it to the Virtual Chassis.
One method is to use a temporary OOBM connection towards the new switch to be able to pre-provision it like in the figure shown below. After this switch has joined the Virtual Chassis and all is working again as expected, you can remove the temporary link. If possible, it is recommended to use the same VLAN on the OOBM connection as on the in-band management connection over the LAG.
The other option is to daisy chain the in-band management capabilities between an existing (not to be replaced) switch and the new switch via a patch cable between the revenue port on the existing switch and the MGMT port on the new switch:
It is NOT RECOMMENDED to daisy chain between the existing switch and the new switch using the revenue ports on both sides! This method has the potential to cause a loop in case someone forgets to remove this cable after the Virtual Chassis is formed again and STP is subsequently removed from these ports.
Now that we have shared how connectivity should work, we are now reviewing the workflow to be used.
- Remove the power from the switch that you want to replace. Should that switch have been
the primary switch (as in our case), the Virtual Chassis routing engine should failover to
the secondary switch. The switch itself will be indicated in red color as disconnected in
the site overview so that you are able to identify it as shown in the figure below.
- Onboard your new switch to the Juniper Mist cloud (with the management connectivity as described above) until it is seen in the same site as your Virtual Chassis.
- Upgrade the firmware of the new switch to the same Junos version used in the existing Virtual Chassis.
- Now go into the Modify Virtual Chassis dialogue and delete the identified switch
from the configuration. In the case shown below, it was the former primary switch in slot
0.
- Specific to slot 0 removal, you may see an error message like the one below saying “FPC0
is required. Please add an existing member to this slot.”
To clear this error message, move one of the other existing switches to that level for now. In the image shown below, we have moved the former slot 1 switch to slot 0, leaving slot 1 empty.
- The new switch can now be added to the Virtual Chassis via the Available Switches
dialogue.
- In our case, the new switch was added to the Virtual Chassis in slot 3.
- OPTIONAL: You can move the new switch to a new position if needed. In our case, we moved
it to slot 1 to refill the empty slot.
- Specific to Virtual Chassis adding a EX2300, EX4650, or QFX5120 as new members, you must
now specify the front ports used for the Virtual Chassis, so edit the appropriate fields
and check that it is in sync with the remaining cluster. There is no need to do that for
switches like the EX4100 and EX4400 series switches as they have dedicated VC ports and
will automatically join the Virtual Chassis.
- After this configuration change is applied and pushed to the switches, you can now make
all the necessary cable changes:
- Remove the switch to be replaced from the infrastructure.
- Add the new switch to the Virtual Chassis and re-cable the VCP ports.
- Remove the dedicated management wire from the new switch as this should not be needed anymore.
- Your changes to the Virtual Chassis should be complete now. Please check the status to confirm.
