Marvis
Other Actions
Other Actions is a new section in the Marvis Action Dashboard. The purpose of this section is to highlight other actions across your org which are less urgent & don’t require immediate action. Find this new section underneath the main Action Dashboard diagram by clicking on the Other Actions text. This will expose our new Persistently Failing Clients action.
Persistently Failing Clients
Our first action available in the Other Actions section highlights clients that are continuously failing to connect due to a client specific issue i.e. the scope of failure isn’t the AP, WLAN or server. This can be due to Authentication failures from entering the wrong PSK, or failures caused by incorrect 802.1x configuration. Click on the View More link under the Details column to see the list of clients experiencing failure, and the WLANs they are trying to connect to. Please note that since this is considered a lower priority action, we won’t expose persistently failing clients in the Latest Updates column or on the Sites tab. This is to prevent clutter on your dashboard, and allows you to prioritize the critical Marvis Actions pieces.
Marvis Actions – Port Flaps
Port Flaps is a new action available in the Switch section of the action dashboard. This action will identify ports on your switch which are continuously going up and down for a variety of reasons. Port flapping may be caused by unreliable connections, continuous rebooting of a device connected to the port, incorrect duplex configurations, and more.
Conversational Interface – New and Improved Queries
We are constantly making improvements to the Conversational Interface to help make your experience as seamless as possible. This week we improved some general queries and added new support for product search. You can now search for the following types of issues in the conversational interface:
- Time to Connect
- Successful Connects
- Coverage
- Roaming
- Throughput
- Capacity
- Ap Uptime
- Switch health
- Association
- Authorization
- DHCP issues
- DNS issue
- ARP
- Asymmetry Uplink
- Asymmetry Downlink
- OKC
- Authentication
Here are some sample questions you may ask:
“How to find time to connect issues at <name>” will bring you to the Time to Connect SLE in the UI:
“How to find coverage issues for my site?” will ask for your site name, and then direct you to the Coverage SLE of that site:
“Show me dhcp failures” will locate the relevant DHCP failures in the Successful Connects and Time to Connect SLEs:
Simplified Operations
Help Menu – Cloud Status and Ports & Endpoints
We have added two new items in our help menu that can be accessed on any page of our Mist dashboard. Find this menu in the upper right corner indicated by the ? button.
Cloud Status
Visit the Cloud Status page (https://status.mist.com/) to monitor the Mist cloud status for both the Global and Europe cloud. Here, you can see if the cloud is operational or experiencing an error. Previous incidents over the past 7 days will also be listed out for you to see. If you would like to be notified of cloud status changes without manually going to this page to check, you can also sign up for Email or Slack notifications in the dropdown menu:
Ports & Endpoints
Ports & Endpoints will bring you to this page in our documentation portal: https://www.mist.com/documentation/ports-enable-firewall/
Here, you can read about the ports needed to be enabled on your firewall in order for the Mist cloud to operate properly. Be sure to carefully read through all sections, as different features and cloud environments require different hostnames and ports enabled.
Org Webhooks – Audits and Device Status
We are expanding our organization webhooks capabilities with the inclusion of audit logs and device statuses to be tracked using webhooks in the Mist dashboard. In your Org settings page (Organization > Settings), enable the audit and device status checkboxes under the Webhooks section. You will get a webhook alert for any events shown in the audit logs of your org, as well as device statuses that occur, such as reboot events and upgrades.
Here are some sample webhook outputs:
Device Upgrade:
{ "topic": "device-events", "events": [ { "ap": "5c5b350exxxx", "ap_name": "5c5b350exxxx", "audit_id": "8ad6b70f-484d-4ef9-bf04-33706141xxxx", "device_name": "5c5b350exxxx", "device_type": "ap", "ev_type": "NOTICE", "mac": "5c5b350exxxx", "org_id": "62f5b975-7dd5-4313-b465-29e758exxxxx", "site_id": "76eaf670-1053-4d74-a144-e08ddaxxxxx", "site_name": "Production Testbed", "timestamp": 1625077870, "type": "AP_UPGRADE_BY_USER" } ] }
Update WLAN:
{ "topic": "audits", "events": [ { "admin_name": "Jonathan jonathan@mistsys.com", "id": "a363d9cb-1c39-4089-8a24-b25571cxxxxx", "message": "Update WLAN \"testwlan\" (update portal template)", "org_id": "62f5b975-7dd5-4313-b465-29e758exxxxx", "site_id": "76eaf670-1053-4d74-a144-e08ddaexxxxx", "site_name": "Production Testbed", "src_ip": "69.181.215.90", "timestamp": 1625077705.749821, "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36", "wlan_id": "f8696ea3-a547-40b4-a499-515b92dxxxxx" } ] }
Network Security – BSSID Wildcard
We now support creating an allowlist of Network Security BSSIDs using wildcards. Use wildcards in your Rogue/Honeypot AP detection configuration to pre-approve BSSIDs that contain certain sequences of characters. These pre-approved BSSIDs won’t appear as threats on your security page. This is extremely helpful for those who are migrating to Mist, one floor or one building at a time.
To use the wildcard feature, navigate to your site settings page (Organization > Site Settings) and find the Security Configuration section. Here, you may enter segments of BSSIDs you would like to approve on your site. Enter in your approved BSSID segment in any of these formats:
xx-xx-*, xxxx*, xx:xx:*
The “*” indicates any characters, as long as the specified characters match your desired pattern.
Map Import – Device Profiles
Keep in mind that Device Profiles is not a GA feature at this moment. If you would like this functionality on your organization, or have any additional questions about use cases, please reach out to support@mist.com
Auto Device Profile support when enabled in org settings, is now supported when the map import feature is used. This prevents the need to recreate device profile settings on your new site – they will automatically be included. There is no UI setting you need to enable for this feature, so the workflow for importing floor plans remains the same.
To lean more about Importing Floorplans, please visit this page: https://www.mist.com/documentation/importing-ekahau-projects-to-mist/
See here for more information about device profiles: https://www.mist.com/documentation/device-profiles/
Wired Assurance
Virtual Chassis
Please note that this is required only for EX2300 series switches without dedicated VC ports. Switches with dedicated VC ports will form VC automatically when connected to the Mist cloud.
This week we are releasing Virtual Chassis (VC) as a feature available for all users with the SUB-EX* license. With VC, you can combine multiple EX switches so they act as a single device with regards to the Juniper Mist cloud. This eliminates the risk of loops, the need for legacy redundancy protocols such as spanning tree and VRRP, and the time required for individual device management.
Easily form a Virtual Chassis with EX2300 series switches on your site running the same version by navigating to the Switches page and selecting your desired switches. Make sure they are both connected to the cloud as well. Using the More dropdown menu, you can select Form Virtual Chassis to begin the procedure.
Add Port IDs, and assign a Primary and Backup switch.
Click on Form Virtual Chassis and wait for 3-5 minutes for the VC formation to apply. A banner message will appear, asking you to connect the specified VC ports.
When the VC formation is in progress, the switch statuses will show “VC forming“
Once the entire process is complete, the switch list page will only display one entry for the VC, with the primary switch as its name.
To learn more about Virtual Chassis, please visit this page: https://www.mist.com/documentation/virtual-chassis/
And to learn more about the setup procedure, please visit this page:
https://www.mist.com/documentation/virtual-chassis-setup-with-mist/
OSPF Areas and Routing [BETA]
We are introducing support for configuring OSPF (Open Shortest Path First) Areas and Routing in the UI this week as a Beta feature. OSPF Areas defines the areas the switch is a part of and what networks belong to it, and Routing helps define the Router ID and toggles OSPF configurations for those areas.
Configure OSPF in the Switch Details page (Switches > Select a Switch)
Mist Edge
Split Tunnels
We are making the Split Tunnel functionality required for remote work from home available for all users with the SUB-ME license. Split tunneling ensures that only specific matching destinations are tunneled to Mist Edge, while the rest of the remote user’s traffic egresses through home broadband. This will help conserve network bandwidth at DC or DMZ by not tunneling the entire remote user’s traffic.
To configure a Split Tunnel for your Mist Edge, navigate to Organization > Mist Tunnels and select enable under Split Tunnel. Here, you need to specify your DNS server, subnet, and Tunnel Gateway.
For more details, refer to the Mist Teleworker Guide that can be found here: https://www.mist.com/documentation/mist-edge-configuration-guides/
Feature Deprecation
This is a reminder for the Feature Deprecation of Location Analytics and Reports. As mentioned in previous release notes, on 6/30 the Location Analytics and Reports APIs will be deprecated and will no longer be accessible. Please see the section What APIs are getting removed with the deprecation? on this page: https://www.mist.com/documentation/location-analytics-reports-deprecation/ for the exact list of APIs that will be deprecated and which new API you should be using instead. Please continue to migrate over to Engagement & Network Analytics under the Analytics tab to create custom reports.