This article summarizes how to onboard your Juniper EX4400 access layer switches as Virtual Edge Nodes for policy enforcement. This can only be done after deploying a Juniper Mist Virtual Edge and Flow Forwarder. This article shows this workflow for Cloud Control Center version 15.6 and newer.
NOTE:
As of Cloud Control Center release 15.6, Juniper Mist support is in beta. Enhancements to Juniper Mist support will come in subsequent releases. Some important details and limitations exist and are noted below:
- The following Juniper Access switch models have been tested
- EX4400
- For each VLAN where enforcement is desired, an IRB must be configured.
- Layer 4 policy is not supported, only the final policy action of Permit All or Deny All will take effect
- Policy Logging is not supported
Onboarding Steps
Step 1: Ensure you have already deployed the switch template with the required onboarding configurations by following the Juniper Mist Virtual Edge Deployment Guide.
Step 2: Navigate to Virtual Edges and select the Virtual Edge Nodes tab. Select Add Virtual Edge Node and Add Single Virtual Edge Node.
Step 3: Select the Juniper Mist Virtual Edge you wish to onboard the switch with and click Save.
Step 4: Provide the Switch Management IP and Description and click Add.
Step 5: After a couple minutes the newly onboarded Virtual Edge Node will show Online.
Checking the Status of a VEN Onboarding
In the top right of your Cloud Control Center dashboard, you will see a notification icon. After beginning the VEN onboarding, a blue dot will indicate that the status of your VEN onboarding has an update.
Clicking on this icon will reveal the status of your VEN onboarding. As each step of the onboarding is completed successfully, that item is marked with a green check mark and a "Success" status.
Once the onboarding is complete, your VEN will show green in Cloud Control Center and information about the switch is now visible such as hostname, switch model, number of discovered devices, and more.
Decommissioning and Deleting a Virtual Edge Node
Decommissioning a VEN takes the enforcement point out of service by removing the configurations from the switch, but retains the configuration in Cloud Control Center so that you can easily put the VEN back in service with a single click.
Step 1: Open the details view of your Virtual Edge Node and then select Decommission in the top right.
Step 2: You can recommission or delete the Virtual Edge Node from this screen as well