How to Configure a Switch Proxy Server
This chapter provides information about configuring the Switch Proxy server for a Juniper Mist™ Edge appliance.
Mist Edge Switch Proxy Overview
The switch proxy service in Juniper Mist™ Edge enables you to proxy all the data packets received from the Juniper EX series switches to the Juniper Mist™ cloud. You can benefit from this service when switches are behind an HTTP proxy or a firewall with port 2200 blocked. If a firewall exists between the Juniper Mist Edge device and the switch, you need to allow outbound access on TCP port 2222 (configurable) to the management port of the switch.
The following image illustrates the connectivity between a Juniper Mist Edge device, Juniper EX series switches, and the Juniper Mist cloud.
Configure a Switch Proxy
This topic describes how to enable the switch proxy service on Juniper Mist™ Edge and configure EX series switches to allow the cloud connection through Juniper Mist Edge.
-
Claim and configure Juniper Mist Edge. See Deploy Juniper Mist Edge at the Organization Level.
-
Configure the Juniper Mist Edge out-of-band management (OOBM) interface with a static IP address.
-
Juniper Networks EX Series switches must connect to a DNS server. Juniper Networks also recommends that you connect the switches to a network time protocol (NTP) server. The switch must connect to the Juniper Mist™ cloud architecture over the Internet. If a firewall exists between the cloud and the switch, you need to allow outbound access on TCP port 2200 to the management port of the switch.
You can configure a switch proxy at the organization level or the site level. In a site-level switch proxy configuration, you can configure each site to proxy to a different Juniper Mist Edge device. However, for an organization-level configuration, you can configure only one Juniper Mist Edge device to use the switch proxy service.
The process includes two main steps:
-
Configure the switch proxy service at the site or organization level to instantiate and run the mxocproxy service on the given Juniper Mist Edge device.
-
Copy the switch configuration blob from the dashboard and paste it into the switch console.
To configure the Juniper Mist Edge devices to run the switch proxy and EX switches to communicate to the switch proxy device using Juniper Mist Edge:
-
In the Switch Management pane:
Configure the EX series switches with copied commands. You can check the sample blob (Proxy IP and host differs based on your configuration):set system services ssh protocol-version v2 set system authentication-order password set system login user mist class super-user set system login user mist authentication encrypted-password $6$cPCpJGPWAAZudJYX$vLIZLXkhGmlu0YAXfJzXYKZO4wk8vA4HWM2By62l67FoICAsiC7qvz7FOSl8NN2BRK3Ehe3LPj2ix/9MluYlz/ set system login user mist authentication ssh-rsa “ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqS5lRMGTNPsU5OIEbravgmgFc77ERc4+oc7VjC1TB/gpUBWePytHGVhWWBJIxh38b8WB/QvziR+eI5XspzJlHf6QpfLPMj+WGIaDTtuNnbfjHxVnT2UgHBgauIsr/HlTwcN/SsqXmtcjvxAeoYz28yMZW/g76aOSu7an0Z7ZJok8a0fh52QK6QL/uNihXTvxQlsPVYHDpYKjecN+lPPwcbgTkIohRrDkNIYOueh7D8p7IWewcr33Be8afUD46/YUgPtcTN5cTB+2utIx39Polw0xR+mNr+Bz4ukLLKwnxwIa4Q5RfXd5TIL557RETm+dhptA7S1cY5fRJCy3TYu+I1pnSXFytc4zwm6Gi0vXQhIWobirrCcoDGZWc+F6940ujqClIGFFwHiQ+Kq1/kt35lTCWSMK1OjIo0KnofBTJiiaOL9zYkImte6tXQh3ufslszqiqpBDpI3hN0mIIr96n/nBWd+W+muk5CnoOsGhu0imVq6mMq/KoWdfNsfTEt10= mist@1a76e23f-8ac8-4bcc-b277-8b78b206d3f7” set system services outbound-ssh client mist device-id 1a76e23f-8ac8-4bcc-b277-8b78b206d3f7.e9ae515f-151e-4db3-8bfb-b25088b57f6e set system services outbound-ssh client mist secret 3a5a7be93e7b69b25c1711a2bf4d5e1d531887dceb5429ff6ab29d8416b70b69229ca131febf8fb4526eaa500b12a6a9b9671c3d51248adbbe876e22d5a2358e set system services outbound-ssh client mist services netconf keep-alive retry 12 timeout 5 set system services outbound-ssh client mist <PROXY HOST IP> port <PROXY HOST PORT> timeout 60 retry 1000 set system services outbound-ssh client mist oc-term-staging.mistsys.net port 2200 timeout 60 retry 1000 delete system phone-home
Configure a Switch Proxy Using the API
You can configure the switch proxy on Juniper Mist Edge appliance using the API instead of the Mist portal, if you prefer.
For a site-level API endpoint, you use this string:
API endpoint: /api/v1/sites/{{SITE-ID}}/setting. Following is the API
payload:
Troubleshoot a Switch Proxy
You can troubleshoot the switch proxy server to verify whether the proxy service is running on the Juniper Mist Edge or to verify the status of the switch.
To troubleshoot a switch proxy server: