Juniper Mist Alert Types
SUMMARY Juniper Mist™ provides various alerts that you can enable to track ongoing issues.
Infrastructure Alerts
In Juniper Mist, we present those events that don't fit neatly into the service-level experience (SLE) model as alerts. Whereas SLEs represent events that have already happened, alerts represent network and device issues that are ongoing. On the Monitor > Alerts dashboard, you can see three types of alerts: Infrastructure, Marvis, and Security.
Juniper Mist categorizes alerts that potentially affect a large number of clients as infrastructure alerts. For example, an event during which a Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), or RADIUS server is unreachable can affect many clients. Similarly, if a power supply on a switch is in alarm state, a large number of clients and a large amount of traffic could be affected.
Severity | Alert Name | API Only |
---|---|---|
Critical | ARP Failure Note:
Click the pencil icon to set the threshold for this alert. |
|
Critical | DHCP Failure Note:
Click the pencil icon to set the threshold for this alert. |
|
Critical | DNS Failure Note:
Click the pencil icon to set the threshold for this alert. |
|
Critical | Mist Edge cpu usage high | |
Critical | Mist Edge disconnected from cloud | |
Critical | Mist Edge disk usage high | |
Critical | Mist Edge memory usage high | |
Critical | Mist Edge power input disconnected | |
Critical | Mist Edge service failed to start | |
Critical | Mist Edge unplugged from power | |
Critical | Virtual Chassis - Backup Member Elected | |
Critical | Virtual Chassis - New device elected for Active Role | |
Critical | Virtual Chassis Member Deleted | |
Critical | Virtual Chassis Port Down | |
Informational | ARP Recovered | X |
Informational | BGP Neighbor State Changed | |
Informational | BGP Neighbor Up | |
Informational | Cellular Edge Connected to NCM | |
Informational | Cellular Edge Disconnected from NCM | |
Informational | Cellular Edge Firmware Upgraded | |
Informational | Cellular Edge Login Failure | |
Informational | Cellular Edge Login Success | |
Informational | Cellular Edge Rebooted | |
Informational | Cellular Edge SIM Door Closed | |
Informational | Cellular Edge SIM Door Opened | |
Informational | Cellular Edge WAN Cellular Connected | |
Informational | Cellular Edge WAN Cellular Service Type Changed | |
Informational | Cellular Edge WAN Ethernet Connected | |
Informational | Cellular Edge WAN Ethernet Plugged | |
Informational | Critical Switch Port Up Note:
If you enable this alert, you also need to update the switch configuration to identify the critical ports. To do this:
For more information about port configuration, see the Juniper Mist Wired Assurance Configuration Guide. |
|
Informational | Critical WAN Edge Port Up Note:
If you enable this alert, you also need to update the WAN or LAN configuration to identify the critical ports. To do this:
For more information about WAN Edges configuration, see the Juniper Mist WAN Assurance Configuration Guide. |
|
Informational | Device reconnected | X |
Informational | Device restarted | |
Informational | DHCP Recovered | X |
Informational | DNS Recovered | X |
Informational | HA Control Link Up | X |
Informational | Mist Edge connected to cloud | |
Informational | Mist Edge cpu usage normal | |
Informational | Mist Edge disk usage normal | |
Informational | Mist Edge memory usage normal | |
Informational | Mist Edge plugged to power | |
Informational | Mist Edge power input connected | |
Informational | Switch reconnected | X |
Informational | Switch restarted | |
Informational | Virtual Chassis Member Added | |
Informational | VPN Peer Up | |
Informational | WAN Edge BGP Neighbor Up | |
Informational | WAN Edge reconnected | x |
Warning | BGP Neighbor Down | |
Warning | Cellular Edge WAN Cellular Disconnected | |
Warning | Cellular Edge WAN Ethernet Disconnected | |
Warning | Cellular Edge WAN Ethernet Unplugged | |
Warning | Critical Switch Port Down Note:
If you enable this alert, you also need to update the switch configuration to identify the critical ports. To do this:
For more information about switch configuration, see the Juniper Mist Wired Assurance Configuration Guide. |
|
Warning | Critical WAN Edge Port Down Note:
If you enable this alert, you also need to update the WAN or LAN configuration to identify the critical ports. To do this:
For more information about WAN Edges configuration, see the Juniper Mist WAN Assurance Configuration Guide. |
|
Warning | Device offline Note:
Click the pencil icon to set the threshold (in minutes) for this alert. |
|
Warning | HA Control Link Down | |
Warning | Loop detected (by AP) | |
Warning | Mist Edge service crashed | |
Warning | Switch Bad Optics | |
Warning | Switch BPDU Error | |
Warning | Switch DHCP Pool Exhausted | |
Warning | Switch offline | |
Warning | Switch PEM Alarm | |
Warning | Switch PoE Alarm | |
Warning | Switch Power Supply Alarm | |
Warning | Switch Storage Partition Alarm | |
Warning | Tunnel down | |
Warning | VPN Peer Down | |
Warning | WAN Edge BGP Neighbor Down | |
Warning | WAN Edge DHCP Pool Exhausted | |
Warning | WAN Edge offline | x |
Warning | WAN Edge Source NAT Pool Threshold Exceeded |
Marvis Alerts
Marvis alerts are tied into the Marvis Action Dashboard. These alerts are triggered whenever the corresponding Marvis Action is detected in your organization. For example, if an access point (AP) regularly fails health checks, Marvis notices and tracks this event.
The table below provides a listing of Marvis alerts, sorted by severity.
Severity | Applies To | Alert Name |
Critical | AP | AP health check failed |
Critical | AP | AP insufficient capacity |
Critical | AP | AP insufficient coverage |
Critical | AP | Bad cable |
Critical | AP | Non-compliant |
Critical | AP | Offline (Marvis) |
Critical | connectivity | ARP failure (Marvis) |
Critical | connectivity | Authentication failure (Marvis) |
Critical | connectivity | DHCP failure (Marvis) |
Critical | connectivity | DNS failure (Marvis) |
Critical | WAN edge | Bad cable |
Critical | WAN edge | Bad WAN Uplink |
Critical | WAN edge | Negotiation mismatch |
Critical | WAN edge | VPN Path Down |
Critical | switch | Bad cable |
Critical | switch | Missing VLAN |
Critical | switch | Negotiation mismatch |
Critical | switch | Port Stuck |
Critical | switch | Switch STP Loop |
Warning | switch | Port flap |
Security Alerts
Security alerts warn you of activities or events on the network that can cost you in terms of lost data, unauthorized access to the network, or traffic that matches known security threats. Security alerts are raised by repeated events that could dramatically affect network security. For example, if a rogue AP is detected, that represents a potential security problem. If a client connects to a rogue AP, that could be even worse.
Juniper Mist lists all security alerts except those that relate to intrusion detection and prevention (IDP) or URL filtering on the Monitor > Alerts page. You can find IDP and URL filtering events and their severity on the Site > WAN Edge > Secure WAN Edge IDP/URL Events page.
Severity | Alert Name |
Critical | Client Connection to rogue AP detected |
Critical | Rogue AP detected |
Informational | Air Magnet Scan detected |
Informational | EAP Handshake Flood detected |
Warning | Active Watched Station detected |
Warning | Adhoc Network detected |
Warning | BSSID Spoofing detected |
Warning | Disassociation Attack detected |
Warning | EAP Dictionary Attack detected |
Warning | EAP Failure Injection detected |
Warning | EAP Spoofed Success detected |
Warning | EAPOL-Logoff Attack detected |
Warning | ESSID Jack detected |
Warning | Excessive Clients detected |
Warning | Excessive EAPOL-Start detected |
Warning | Fake AP Flooding detected |
Warning | Honeypot SSID detected |
Warning | IDP attack detected |
Warning | Monkey Jack detected |
Warning | Out of Sequence detected |
Warning | Repeated Client Authentication Failures |
Warning | Replay Injection detected - KRACK Attack |
Warning | Security Policy Violation |
Warning | SSID Injection detected |
Warning | TKIP ICV Attack |
Warning | URL blocked |
Warning | Vendor IE Missing |
Warning | Zero SSID Association Request detected |