WN Video 021 – Rode NT1 Microphone Review
Welcome to our podcast-focused “AV Tests” Video Series! Today we are testing Rode NT1 – a Side-Address Studio Condenser microphone. Enjoy!Â
Mac Deryng
WN Video 020 – Rode Broadcaster Microphone Review
Welcome to our podcast-focused “AV Tests” Video Series! Today we are testing Rode Broadcaster – an End-Address Broadcast Condenser microphone. Enjoy!Â
WN Video 019 – Aston Stealth Microphone Review
Welcome to our podcast-focused “AV Tests” Video Series! Today we are testing Aston Stealth – a Dynamic Cardioid Studio microphone. Enjoy!
WN Blog 031 – Juniper Switch Managed via Mist Dash – Basics & Additional CLI (L3, DHCP, DNS, Static)
Hey!
Welcome to the latest WiFi Ninjas blog!
Today we’ll show you how to do three things:
- Register your Juniper switch to the Mist dashboard
- Configure switch basics using Mist dash GUI (switch name, VLANs, access ports and trunks, templates)
- Configure more advanced stuff using Mist dash “Additional CLI” field (L3 interfaces, inter-VLAN routing, DHCP pools, DNS and static routing)
The Juniper EX2300-C-12P switch now sits in the centre of my network.
I just swapped my Cisco switch with a Juniper one and looked to do pretty much 1:1 migration.
The reason for this change is that I now use Mist wireless (and totally love it) and I just wanted to manage everything from a single platform, that happens to be the Mist dashboard 🙂
No more controllers nor other boxes around.
Let’s take a look at more background behind the simplification 🙂
It’s funny – every time I experienced an issue with my production network at home, I simplified it.
Look at that. This is my network pre 2018:
I learned what I needed from my ‘Branch’ and ‘DC’ segments (routing and switching-wise back when I was 5yo) so I killed them (sold unused boxes on eBay). I run out of license on Meraki and it stopped working so I binned it. QNAP NAS was loud sometimes so I killed it too. I had issues with old code on my WLC2504, where features I needed for work were no longer supported, so I upgraded it. I virtualised and simplified all I could at that time.
As a result, my network now looked like this:
New WiFi 5 APs (3802i), new WLC (3504), new Firewall (5506-X FTD), moved NAS to my lovely 2U ESXi box. Nice and simple. It was all happily running in my server room for more than a year, at which point I got my hands on new Cisco WiFi 6 APs. After I put them in and moved to C9800, some of my devices (especially WiFi 6 ones) had issues (couldn’t associate) due to software bugs. I spent few days trying to resolve them and gave up.
At that point I decided to put Mist in full time. All the issues disappeared. Maybe except one. My FTD was dying statistically once a week, at which point it was rebooting itself resulting in 10 minutes outage. So I binned it too.
There you go. Now it’s as simple as that. 2 APs connected to a L3 switch and a virtual firewall sitting on an Intel NUC box. Rock solid setup, where I don’t have too many elements than can break. Oh, and I still can lab up everything I care about!
Here is the current lab:
Quick tip before we crack on – no matter if you’re working with enterprise network or home equipment – make it as simple as possible! The simpler the network, the easier it is for admins to understand and tshoot and there are less elements that can break. As simple as that.
Now, let’s crack on!
Register your Juniper switch to the Mist dashboard
This is an easy task, where you connect your switch to the network using any LAN port or a built in Management port.
For as long as the uplink has a DHCP and Internet connectivity, you will be able to claim the switch and it will show up as online in the Mist Dashboard, ready for you to configure.
You can either use mobile app called “Mist AI” (typically used for claiming APs, but also works with switches) or add switch manually in the Dash in the Inventory.
Switch Claim – Method 1 – Mist AI Mobile app
- Open “Mist AI” Mobile app
- Scan QR code or type in a Claim Code (from a label)
Switch Claim – Method 2 – Mist Dashboard
- Go to “Organization > Inventory > Switches > Claim Switches”
- Go to “Switches > Edit” and “Enable Configuration Management”
You can find more details about claiming Juniper Mist devices in our short video: https://wifininjas.net/2020/07/11/wn-video-002-how-to-claim-a-mist-wifi-ap/
Configure switch basics using Mist dash GUI (switch name, VLANs, access ports and trunks, templates)
We can configure very basic things like a switch name, VLANs, access ports and trunks directly on the switch, or using templates. Let’s take a look at how to do it!
Switch Config – basics and L2 (per switch)
You can configure all your switches separately. To do it, go to “Switches” menu and click on the switch you want to configure. It’s great and easy if you have one switch. But if you have more, you would really want to look at switch templates in the next paragraph.
Configure Switch Name
It’s just that – a switch name, lol. You’ll see it in LLDP neighbors.
Configure Switch Management IP and VLAN
VLAN 1 and DHCP are configured by default. Typically it’ll stay that way, uplink will be tagged on the upstream router and DHCP makes it ‘plug-n-play’.
Configure Switch Ports (in 3 steps)
- Create “Networks” (VLANs)
It’s just a VLAN with its name.
- Create “Port Profiles” (trunks, access, wired dot1x)
- Your port profile can make the port “Enabled” or “Disabled”
- Access port tags all traffic with a single VLAN ID
- Trunk port can transport traffic from multiple VLANs; it can also add a (native) VLAN ID to an untagged traffic
- You can specify either “Access VLAN” or a “Trunk Native VLAN” in a “Port Network” field
- You can specify which VLANs you want to allow on a trunk in “Trunk Networks”
- Recent dash update allows you to also set Speed, Duplex, MAC limit, Voice VLAN and turn on or off PoE on a port – nice!
- Create “Port Configuration” (apply profiles, LAG)
- Here you apply “Port Profile” configured in a previous step to a physical switch port (or ports range)
- You can also enable Link Aggregation (LAG / Port Aggregation – same thing)
Switch Templates – basics and L2 (at scale)
Templates are great and powerful if you have more switches in your environment. You can have, for example, one template per switch model and push the templated configuration down to hundreds of Mist-managed Juniper switches at the same time. All of them would have the same, unified ports configuration and it’d be free from human errors. You first need to create a template, and then apply it:
- Create Template in “Org > Switch Templates”
- Apply Template in “Net > Switch Configuration”
You can find more details about basic Juniper switch configuration using Mist dash in our short video:
https://wifininjas.net/2020/07/30/wn-video-008-configure-juniper-switch-using-mist-dashboard/
Configure more advanced stuff using Mist dash “Additional CLI” field (L3 interfaces, inter-VLAN routing, DHCP pools, DNS and static routing)
Life is good and easy when all you need from the switch is basic L2 functionality. You can click through all that VLANs, ports configs and templates in the Mist Dashboard.
In case you need more from capable Juniper switch, you can use either CLI or API to configure more functionality. We’ll save API for later and focus on the CLI portion here.
Before you begin, it really is great to understand the Junos CLI basics. We’ve recorded a few (short) videos about just that:
https://wifininjas.net/2020/08/31/wn-video-010-ssh-to-mist-managed-juniper-switch/
https://wifininjas.net/2020/10/01/wn-video-012-junos-cli-basics-part-1/
https://wifininjas.net/2020/11/12/wn-video-013-junos-cli-basics-part-2/
Now, let’s take a look at how to push down additional CLI config to the Juniper switch using Mist dashboard.
There is a special box in the switch or template configuration, called “Additional CLI Commands”:
You can use just a local switch config page, just a template, or add switch-specific configuration on top of a template.
Since my Juniper switch sits in the heart of my network, I wanted it do more than just Layer 2 stuff. I need it to be my DHCP server, gateway for all VLANs, do inter-VLAN routing, use specific DNS servers and then use a static route to put all the traffic towards my firewall.
Coming from a Cisco world, Junos felt a little bit tropical and it took me several hours (or more, lol) to wrap my head around it. I hope that you will be able to save some time by reading this blog and watching our short Juniper Mist videos!
Here is the lab again:
Let’s start with L3 config.
Inter VLAN Routing
I have created all VLANs and created / assigned port profiles via GUI.
Next step is to create L3 interfaces (called IRBs, which is just a different name for SVI or RVI).
set interfaces irb unit 10 family inet address 10.10.10.1/24
set interfaces irb unit 11 family inet address 10.10.11.1/24
set interfaces irb unit 20 family inet address 10.10.20.1/24
set interfaces irb unit 21 family inet address 10.10.21.1/24Finally, apply L3 IRB interfaces to relevant VLANs:
set vlans mgmt l3-interface irb.10
set vlans vm l3-interface irb.11
set vlans users l3-interface irb.20
set vlans iot l3-interface irb.21Note: for L3 interface to be up/up, on top of the above config, you must have a corresponding VLAN created and applied to a switch port (either access or trunk) and physical port must be up.
DHCP
I will now create 4 DHCP pools, one for each subnet.
set system services dhcp-local-server group wifininjas interface irb.10
set access address-assignment pool mgmt family inet network 10.10.10.0/24
set access address-assignment pool mgmt family inet range mgmt-range low 10.10.10.50
set access address-assignment pool mgmt family inet range mgmt-range high 10.10.10.250
set access address-assignment pool mgmt family inet dhcp-attributes router 10.10.10.1
set access address-assignment pool mgmt family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool mgmt family inet dhcp-attributes name-server 8.8.4.4
set access address-assignment pool mgmt family inet dhcp-attributes name-server 10.10.11.2
set system services dhcp-local-server group wifininjas interface irb.11
set access address-assignment pool vm family inet network 10.10.11.0/24
set access address-assignment pool vm family inet range vm-range low 10.10.11.50
set access address-assignment pool vm family inet range vm-range high 10.10.11.250
set access address-assignment pool vm family inet dhcp-attributes router 10.10.11.1
set access address-assignment pool vm family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool mgmt family inet dhcp-attributes name-server 8.8.4.4
set access address-assignment pool vm family inet dhcp-attributes name-server 10.10.11.2
set system services dhcp-local-server group wifininjas interface irb.20
set access address-assignment pool users family inet network 10.10.20.0/24
set access address-assignment pool users family inet range users-range low 10.10.20.50
set access address-assignment pool users family inet range users-range high 10.10.20.250
set access address-assignment pool users family inet dhcp-attributes router 10.10.20.1
set access address-assignment pool users family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool mgmt family inet dhcp-attributes name-server 8.8.4.4
set access address-assignment pool users family inet dhcp-attributes name-server 10.10.11.2
set system services dhcp-local-server group wifininjas interface irb.21
set access address-assignment pool iot family inet network 10.10.21.0/24
set access address-assignment pool iot family inet range iot-range low 10.10.21.50
set access address-assignment pool iot family inet range iot-range high 10.10.21.250
set access address-assignment pool iot family inet dhcp-attributes router 10.10.21.1
set access address-assignment pool iot family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool mgmt family inet dhcp-attributes name-server 8.8.4.4
set access address-assignment pool iot family inet dhcp-attributes name-server 10.10.11.2Note: Since DHCP sits on the same ‘router’ as the L3 interfaces (gateways), I don’t need to worry about DHCP relays / IP helpers.
Static Routing
Configuring static routing is dead easy:
set routing-options static route 0.0.0.0/0 next-hop 10.10.11.2Switch DNS
I want to use just Google DNS for now:
set system name-server 8.8.4.4
set system name-server 8.8.8.8This is it folks! When you paste all the config in the “Additional CLI” window, Mist will push it all down to the switch and it should just work.
For more details, see our videos about the advanced config:
https://wifininjas.net/2020/12/04/wn-video-17-how-to-configure-dhcp-on-a-juniper-switch/
Few more tips:
- Once you manage your switch via Mist dash, push all the config through the dashboard. Don’t mix dashboard and CLI via SSH – it will cause you issues
- Try to watch our videos mentioned above to learn how to validate your CLI first and how to troubleshoot it if needed
This concludes the Juniper switches integration series!
We will focus more on the API side in the future.
Thanks! xx
WN Video 018 – How to Configure DNS & Static Routing on a Juniper Switch
Do you want to configure DNS and Static Routing on your Juniper switch? Here is how to do it! Hint – you can use Mist Dashboard to push down the CLI config 🙂
WN Video 017 – How to Configure DHCP on a Juniper Switch
Do you want your Juniper switch to be your DHCP server? Here is how to do it! Hint – you can use Mist Dashboard to push down the CLI config 🙂
WN Video 016 – How to Configure RVI (SVI / IRB) on a Juniper Switch
Do you want to do Inter-VLAN routing on your L3 Juniper switch? Here is how! Hint – you can use Mist Dashboard to push down the CLI config to your switch too. Sweeeet.
WN Video 013 – JunOS CLI Basics – Part 2
Want to be more proficient at Junos OS? Learn how to safely commit changes to a Juniper switch without risking losing access to it, see how to roll back uncommitted changes, restore previous working config, understand different config views and how to use piping to your advantage!
Lastly, this are the examples used in the video:
- Discussed previously
- Operational vs configuration view
- Basic show commands
- Groups
- Commit model
- Saving / checking config in JunOS
- ‘commit confirmed’
- Fail safe
- Mist uses it with JunOS
- ‘commit’
- ‘commit and-quit’
- ‘commit-check’
- Check syntax without committing any changes
- ‘commit confirmed’
- Rollback and compare
- ‘# rollback 0’
- Removes uncommitted changes
- ‘# rollback 1-12’
- More rollback points
- ‘# show | compare rollback 0’
- ‘# rollback 0’
 Â
- Config Views in JunOS & Piping
- Inheritance
- ‘> show interfaces ge-0/0/2’
- ‘> show interfaces ge-0/0/2 | display inheritance’
- ‘> show interfaces ge-0/0/2 | display inheritance no-comments’
- Display set
- ‘> show interfaces ge-0/0/2 | display set’
- ‘> show interfaces ge-0/0/2 | display inheritance | display set’
- Output manipulation
- ‘> show interfaces terse
- ‘> show interfaces terse | match ge-
- ‘> show interfaces terse | match ge- | except switch
- ‘> show interfaces terse | match ge- | except switch | refresh 1
- Inheritance
WN Video 012 – JunOS CLI Basics – Part 1
You don’t need to know JunOS at all to configure Juniper Switch (L2, basics) via Mist Dash but it’s super useful to know at least basics to validate and push down more advanced config. Today we discuss CLI views (operational vs configuration), basic show commands and concepts of groups and commit model. Enjoy!
WN Video 010 – SSH to Mist Managed Juniper Switch
In this video we demonstrate how to configure Juniper Switch SSH password in Mist dashboard, where would your switch get management IP address from and how to learn what IP to use to actually connect to the switch using SSH.