A site represents a project, a deployment. For MSP, it can be as small as a coffee shop or a five-star 600-room hotel. A site contains a set of Maps, Wlans, Policies, Zones.
Wlans are the wireless networks created under a site.
/api/v1/sites/:site_id/wlans
{
"ssid": "corporate",
"enabled": true,
"auth": {
"type": "psk",
// type is psk
"psk": "foryoureyesonly",
"enable_mac_auth": false,
"multi_psk_only": false,
"pairwise": [ "wpa1-ccmp", "wpa2-tkip", "wpa1-tkip", "wpa2-ccmp", "wpa3" ],
"wep_as_secondary_auth": false,
// type = wep
"keys": [ "1234567890", null, "0987654321", null ],
"key_idx": 1
// type = eap
"eap_reauth": false
// type = open
"owe": "enabled", // disabled (default) / enabled (transitional) / required
// whether to enable Private WLAN
"private_wlan": true,
// sae anti-clogging token threshold
"anticlog_threshold": 16, // default: 16, range: 16-32
},
"dynamic_psk": {
// dynamic_psk allows PSK to be selected at runtime depending on context (wlan/site/user/...)
// thus following configurations are assumed (currently)
// - PSK will come from RADIUS server if source is radius
// - AP sends client MAC as username ans password (i.e. `enable_mac_auth` is assumed)
// - AP sends BSSID:SSID as Caller-Station-ID
// - `auth_servers` is required
// - PSK will come from cloud WLC if source is cloud_psks
// - default_psk will be used if cloud WLC is not available
// - `multi_psk_only` and `psk` is ignored
// - `pairwise` can only be wpa2-ccmp (for now, wpa3 support on the roadmap)
"enabled": true
"source": "radius", // radius (default), cloud_psks
"default_vlan_id": 999,
"default_psk": "foryoureyesonly", // 8-63 characters
// optional, when 11r is enabled, we'll try to use the cached PMK, this can be disabled
"force_lookup": false, // default is false (meaning auto)
},
"roam_mode": "none",
// radius-related
"auth_servers_nas_id": "5c5b350e0101-nas",
"auth_servers_nas_ip": "15.3.1.5",
"auth_servers_timeout": 5,
"auth_servers_retries": 3,
"auth_server_selection": "ordered",
"auth_servers": [
{
"host": "1.2.3.4",
"port": 1812,
"secret": "testing123"
},
{
"host": "radius.internal",
"port": 1812,
"secret": "testing123"
},
{
"host": "radius2",
"port": 1812,
"secret": "testing123",
"keywrap_enabled": true, // enable keywrap algorithm. Default is false
"keywrap_format": "hex", // key format: hex or ascii
“keywrap_kek”: “1122334455", // Key encryption key
“keywrap_mack” “1122334455", // Message Authentication Code Key
},
],
"acct_servers": [
{
"host": "1.2.3.4",
"port": 1812,
"secret": "testing123"
},
{
"host": "radius2",
"port": 1812,
"secret": "testing123",
"keywrap_enabled": true, // enable keywrap algorithm. Default is false
"keywrap_format": "hex", // key format: hex or ascii
“keywrap_kek”: “1122334455", // Key encryption key
“keywrap_mack” “1122334455", // Message Authentication Code Key
},
],
"acct_interim_interval": 0,
"dynamic_vlan": {
"enabled": true,
"type": "airespace-interface-name",
"vlans": {
"131": "default",
"322": "fast,video"
}
"default_vlan_id": 999
"local_vlan_ids": []
},
"dns_server_rewrite": {
"enabled": true,
"radius_groups": {
"contractor": "172.1.1.1",
"guest": "8.8.8.8"
}
},
"coa_servers": [
{
"enabled": false,
"ip": "1.2.3.4",
"port": 3799,
"secret": "testing456",
"disable_event_timestamp_check": false
}
],
"radsec": {
// this schema applies to
// /api/v1/orgs/:org_id/wlans
// /api/v1/sites/:site_id/wlans
// /api/v1/sites/:site_id/devices/:device_id
"enabled": true,
// either specify the list of radsec servers
"server_name": "radsec.abc.com",
"servers": [
{
"host": "1.1.1.1",
"port": 1812
},
{
"host": "radsec",
"port": 1812
}
],
"idle_timeout": 60,
// or use mxedge(s) as radsecproxy
"use_mxedge": true,
"coa_enabled": true, // default is false
"mxcluster_ids": ["572586b7-f97b-a22b-526c-8b97a3f609c4"], // to use mxclusters.radsec.proxy_hosts
"use_site_mxedge": false, // else, to use radsec.proxy_hosts; default is false
"proxy_hosts": ["mxedge1.local"], // default is site.mxedge.radsec.proxy_hosts which must be a superset of all wlans[*].radsec.proxy_hosts
// when radsec.proxy_hosts are not used, tunnel peers (org or site mxedges) are used irrespective of use_site_mxedge
},
"mist_nac": {
// when enabled
// - auth_servers ignored
// - acct_servers ignored
// - coa_servers ignored
// - radsec ignored
"enabled": true,
"auth_servers_timeout": 5,
"auth_servers_retries": 3,
"fast_dot1x_timers": true,
"acct_interim_interval": 1,
"coa_enabled": true,
"coa_port": 2880
"network": "guest",
"source_ip": "1.2.3.4",
},
"airwatch": {
"enabled": true,
"console_url": "https://hs1.airwatchportals.com",
"api_key": "aHhlbGxvYXNkZmFzZGZhc2Rmc2RmCg==",
"username": "user1",
"password": "test123"
},
"cisco_cwa": {
"enabled": false,
"allowed_subnets": [
"63.5.3.0/24"
],
"blocked_subnets": [
"192.168.0.0/16",
"172.16.0.0/12"
],
"allowed_hostnames": [
"snapchat.com",
"ibm.com"
]
},
// band is deprecated and kept for backward compability. Use bands instead.
"band": "24",
// for a tri-band AP
"bands": ["24", "5", "6"],
"band_steer": true,
"band_steer_force_band5": true,
"rateset": {
"24": {
"min_rssi": 0,
"template": "default"
"legacy": [ "1", "2b", "5.5", "11", "6", "9", "12", "18", "24", "36", "48", "54" ],
"ht": "00ff00ff00ff",
},
"5": {
"min_rssi": -70,
"template": "custom",
"legacy": [ "6", "9", "12", "18", "24b", "36", "48", "54" ],
"ht": "00ff00ff00ff",
"vht": "03ff03ff03ff01ff",
"he": "0fff0fff0fff0fff",
"eht": "3fff0fff0fff03ff",
}
},
// no-legacy (no 11b, copied from Cisco):
// 2.4: 6(B), 9, 12, 18, 24, 36, 48, 54 + HT + VHT
// 5: 6(B), 9, 12(B), 18, 24(B), 36, 48, 54 + HT + VHT
// compatible (all, like before, default setting that Broadcom/Atheros used):
// 2.4: 1(B), 2(B), 5.5(B), 6, 9, 11(B), 12, 18, 24, 36, 48, 54 + HT + VHT
// 5: 6(B), 9, 12(B), 18, 24(B), 36, 48, 54 + HT + VHT
// high-density (no 11b, no low rates):
// 2.4: 24(B), 36, 48, 54 + HT/MCS3-7,11-15,19-23,27-31 + VHT/MCS3-9
// 5: 24(B), 36, 48, 54 + HT/MCS3-7,11-15,19-23,27-31 + VHT/MCS3-9
// for disable ht or vht rates (boolean)
"disable_ht_vht_rates": true,
// for model supporting 11AX only
"disable_11ax": false,
// for Wi-Fi 7
"disable_11be": true, // default is false
// if interface is all / eth0 / eth1 / eth2 / eth3, vlan can be specified
"interface": "all",
"vlan_enabled": false,
"vlan_id": 3,
// vlan pooling allows AP to place client on different VLAN using a deterministic algorithm
"vlan_pooling": false,
"vlan_ids": [3, 4, 5],
// data tunnel - L2TP/IPSec tunnel
"interface": "wxtunnel",
"wxtunnel_id": "7dae216d-7c98-a51b-e068-dd7d477b7216",
"wxtunnel_remote_id": "wifiguest"
// data tunnel - Mist Tunnel
"interface": "mxtunnel",
"mxtunnel_ids": [ "08cd7499-5841-51c8-e663-fb16b6f3b45e" ],
// disable the WLAN if
"disable_when_mxtunnel_down": false, // default is false
// when different mxcluster is on different subnet, we'd want to disconnect clients (so they'll reconnect and get new IPs)
"reconnect_clients_when_roaming_mxcluster": false, // default is false
// data tunnel = Mist Tunnel over Site MXEdges
"interface": "site_mxedge",
"mxtunnel_names": [ "default" ],
// whether to hide SSID
"hide_ssid": false,
// other advanced options
"dtim": 2,
"disable_wmm": false,
"disable_uapsd": false,
"use_eapol_v1": false,
"legacy_overds": false,
"hostname_ie": false,
// enable AP-AP keycaching via multicast
"enable_local_keycaching": true, // default is false
"max_num_clients": 0, // 0 (default is unlimited), 1-128
// filters
"isolation": false,
"l2_isolation": false,
"arp_filter": true
"limit_bcast": false,
"allow_mdns": false,
"allow_ssdp": false,
"allow_ipv6_ndp": true,
"no_static_ip": false,
"no_static_dns": false,
"limit_probe_response": false,
// by default, we'd inspect all DHCP packets and drop those unrelated to the wireless client itself
// in the case where client is a wireless bridge (DHCP packets for other MACs will need to be forwarded), wireless_bridging can be enabled
"enable_wireless_bridging": false,
// if the client bridge is doing DHCP on behalf of other devices (L2-NAT), enable dhcp_tracking will cut down DHCP response packets to be forwarded to wireless
"enable_wireless_bridging_dhcp_tracking": false,
// when any of the following is true, this WLAN will be disabled
// - cannot get IP
// - cannot obtain default gateway
// - cannot reach default gateway
"disable_when_gateway_unreachable": false, // default is false
// access control,
"block_blacklist_clients": false,
// apply_to
"apply_to": "site",
"wxtag_ids": [],
"ap_ids": [],
// bandwidth limiting
"wlan_limit_up_enabled": true,
"wlan_limit_up": 10240,
"wlan_limit_down_enabled": true,
"wlan_limit_down": 20480,
"client_limit_up_enabled": true,
"client_limit_up": 512,
"client_limit_down_enabled": true,
"client_limit_down": 1024,
"schedule": {
"enabled": true,
"hours": {
"mon": "09:00-17:00",
"fri": "09:00-17:00"
}
},
"qos": {
"overwrite": true,
// same access class for all traffic
"class": "best_effort"
},
"app_limit": {
"enabled": true,
"apps": {
"netflix": 60,
"dropbox": 300
},
"wxtag_ids": {
"f99862d9-2726-931f-7559-3dfdf5d070d3": 30
}
},
"app_qos": {
"enabled": true,
"apps": {
"skype-business-voice": {
// all optional
"dscp": 46, // a reasonable default will be used if omitted
},
"skype-business-video": {
// all optional
"dscp": 32,
"src_subnet": "10.2.0.0/16", // subnet filter is not required but helps AP to only inspect certain traffic (thus reducing AP load)
"dst_subnet": "10.2.0.0/16"
}
},
"others": [
{
"protocol": "udp",
"src_subnet": "10.2.0.0/16",
"dst_subnet": "10.2.0.0/16",
"port_ranges": "80,1024-65535",
"dscp": 32
}
]
},
// bonjour support is draft/experimental/subject to change
"bonjour": {
"enabled": true,
"services": {
"airprint": {
"scope": "same_map", // same_ap, same_map, same_site (default)
},
"airplay": {
"scope": "same_ap",
// optional
"radius_groups": ["teachers"]
}
},
"additional_vlan_ids": [80],
// to prevent wireless clients to discover bonjour devices on the same WLAN
"disable_local": false
},
“hotspot20”: {
“enabled”: true,
“operators”: ["google", "att"],
“venue_name”: ”some_name”,
"domain_name": ["mist.com"],
"rcoi": ["5A03BA0000"],
"nai_realms":[
{
"id":"mistsys.com",
"eap_type":"tls"
}
]
},
// whether to inject option 82 when forwarding DHCP packets
"inject_dhcp_option_82": {
"enabled": true,
"circuit_id": "{{SSID}}:{{AP_MAC}}",
},
"max_idletime": 1800,
"sle_excluded": false,
"disable_v1_roam_notify": true,
"disable_v2_roam_notify": false,
// portal - none / password / multi
"portal": {
"enabled": true,
"bypass_when_cloud_down": false,
"auth": "multi",
"passphrase_enabled": true,
"passphrase_expire": none,
"password": "let me in",
"forward": true,
"forward_url": "http://abc.com/promotions",
"expire": 1440,
"privacy": false,
"facebook_enabled": true,
"facebook_client_id": ...,
"facebook_client_secret": .....,
"facebook_email_domains": [],
"facebook_expire": none,
"google_enabled": true,
"google_email_domains": ["mydomain.edu", "mydomain.org"],
"google_expire": none,
"amazon_enabled": false,
"amazon_client_id": ...,
"amazon_client_secret": .....,
"amazon_email_domains": [],
"amazon_expire": none,
"microsoft_enabled": false,
"microsoft_client_id": ....,
"microsoft_client_secret": .....,
"microsoft_email_domains": [],
"microsoft_expire": none,
"azure_enabled": true,
"azure_tenant_id": .....,
"azure_client_id": ....,
"azure_client_secret": .....,
"azure_expire": none,
"sponsor_enabled": false,
"sponsor_email_domains": ["reserved.net", "reserved.org"],
"sponsors": {"sponsor1@company.com": "FirstName1 LastName1", "sponsor2@company.com": "FirstName2 LastName2"}
"sponsor_link_validity_duration": 30,
"sponsor_notify_all": false,
"sponsor_expire": none,
"predefined_sponsors_enabled": true, // will show sponsor emails as dropdown list
"predefined_sponsors_hide_email": false, // if enabled, hides sponsor's email from list
"sponsor_auto_approve": false, // automatically approve guest, sponsor will receive an email and can reject the access
"sponsor_status_notify": false, // if enabled, guest will get email about sponsor's action (approve/deny)
"sms_enabled": true,
"sms_provider": "twilio",
"sms_expire": none,
"twilio_sid": "AC72ec6ba0ec5af30e6731c5e47abcdefgh",
"twilio_auth_token": "af9dac44c344a875ab5d31cb7abcdefg",
"twilio_phone_number": "+18548888888",
"broadnet_user_id": "juniper",
"broadnet_password": "password",
"broadnet_sid": "string", //default is 'MIST'
"clickatell_api_key": "string",
"puzzel_service_id": "string",
"puzzel_username": "string",
"puzzel_password": "string",
"gupshup_userid": "string",
"gupshup_password": "string",
"telstra_client_id": "string",
"telstra_client_secret": "string",
"smsglobal_api_key": "string",
"smsglobal_api_secret": "string",
"email_enabled": false,
"cross_site": false,
},
"portal_template_url": "https://......",
"portal_image": "https://url/to/image.png",
"thumbnail": "https://url/to/image.png",
// portal - external
"portal": {
"enabled": true,
"auth": "external",
"external_portal_url": "http://myportal.abc.com"
},
"portal_api_secret": "EIfPMOykI3lMlDdNPub2WcbqT6dNOtWwmYHAd6bY"
// portal - sso
"portal": {
"enabled": true,
"auth": "sso",
"sso_issuer": "https://app.onelogin.com/saml/metadata/138130"
"sso_idp_cert": "-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----",
"sso_idp_sign_algo": "sha256",
"sso_idp_sso_url": "https://yourorg.onelogin.com/trust/saml2/http-post/sso/138130",
"sso_nameid_format": "email",
// optional
"sso_forced_role": "desired", // ignore any Role attributes and use this instead
"sso_default_role": "guest" // use this role if Role attribute not returned (when sso_forced_role is not defined)
},
"portal_sso_url": "https://portal.mist.com/saml/be22bba7-8e22-e1cf-5185-b880816fe2cf/login"
// portal - none / multi / external
"portal_allowed_subnets": [
"63.5.3.0/24"
],
"portal_allowed_hostnames": [
"snapchat.com",
"ibm.com"
],
"portal_denied_hostnames": [
"msg.snapchat.com"
]
}
N.B portal_template will be forked out of wlan objects soon. To fetch portal_template, please query portal_template_url. To update portal_template, use Wlan Portal Template.
| Name | Type | Description |
|---|---|---|
ssid |
string |
the name of the SSID |
enabled |
boolean |
if this wlan is enabled, default is True |
auth |
object |
authentication/security policies |
type |
string |
open / psk / wep / eap / eap192 / psk-tkip / psk-wpa2-tkip, default is open |
pairwise |
list |
when type=psk / eap, one of more of wpa2-ccmp / wpa1-tkip / wpa1-ccmp / wpa2-tkip, default is [“wpa2-ccmp”] |
psk |
string |
when type=psk, 8-64 characters, or 64 hex characters |
wep_as_secondary_auth |
boolean |
enable WEP as secondary auth |
keys |
list |
when type=wep, four 10-character or 26-character hex string, null can be used. All keys, if provided, have to be in the same length |
key_idx |
int |
when type=wep, 1 to 4, default is 1 |
multi_psk_only |
boolean |
whether to only use multi_psk, default is false |
private_wlan |
boolean |
whether private wlan is enabled. only applicable to multi_psk mode |
enable_mac_auth |
boolean |
whether to enable MAC Auth, uses the same auth_servers, default is false |
eap_reauth |
boolean |
whether to trigger EAP reauth when the session ends, default is false |
roam_mode |
string |
none (default) / OKC / 11r |
apply_to |
string |
site / wxtags / aps |
wxtag_ids |
list |
list of wxtag_ids |
ap_ids |
list |
list of device ids |
band |
string |
which radio the wlan should apply to, both (default) / 24 / 5 |
bands |
list |
list of radios that the wlan should apply to. one of more of 24 / 5 / 6. Default is 24 and 5 if not specified. |
band_steer |
boolean |
whether to enable band_steering, this works only when band==both, default is false |
band_steer_force_band5 |
boolean |
force dual-band capable client to connect to 5G, default is false |
isolation |
boolean |
whether to stop clients to talk to each other, default is false |
l2_isolation |
boolean |
if isolation is enabled, whether to deny clients to talk to L2 on the LAN, default is false |
arp_filter |
boolean |
whether to enable smart arp filter, default is false |
limit_bcast |
boolean |
whether to limit broadcast packets going to wireless (i.e. only allow certain bcast packets to go through), default is false |
allow_mdns |
boolean |
only applicable when limit_bcast==true, which allows mDNS / Bonjour packets to go through, default is false |
allow_ssdp |
boolean |
only applicable when limit_bcast==true, which allows SSDP, default is false |
allow_ipv6_ndp |
boolean |
only applicable when limit_bcast==true, which allows or disallows ipv6 Neighbor Discovery packets to go through, default is true |
no_static_ip |
boolean |
whether to only allow client that we’ve learned from DHCP exchange to talk, default is false |
no_static_dns |
boolean |
whether to only allow client to use DNS that we’ve learned from DHCP response, default is false |
enable_wireless_bridging |
boolean |
whether to enable wireless bridging, which allows more broadcast packets to go through |
limit_probe_response |
boolean |
limit probe response base on some heuristic rules |
block_blacklist_clients |
boolean |
whether to block the clients in the blacklist (up to first 256 macs) |
vlan_enabled |
boolean |
if vlan tagging is enabled, default is false |
vlan_id |
int |
1-4094 |
vlan_pooling |
boolean |
vlan pooling allows AP to place client on different VLAN using a deterministic algorithm, default is false |
vlan_ids |
list |
list of VLAN ids |
hide_ssid |
boolean |
whether to hide SSID in beacon, default is false |
schedule |
object |
WLAN operating schedule, default is disabled |
hours |
object |
time ranges, the key is mon / tue / wed / thu / fri / sat / sun, the value is time range in “HH:MM-HH:MM” (24-hour format), the minimum resolution is 30 minute |
max_idletime |
int |
max idle time in seconds, default is 1800. valid range is 60-86400 |
sle_excluded |
boolean |
whether to exclude this WLAN from SLE metrics, default is false |
disable_v1_roam_notify |
boolean |
disable sending v1 roam notification messages |
disable_v2_roam_notify |
boolean |
disable sending v2 roam notification messages |
NOTE: specifically, enable_wireless_bridging allows forwarding of DHCP response to client not associated with the AP
| Name | Type | Description |
|---|---|---|
auth_servers_nas_id |
string |
optional, up to 48 bytes, will be dynamically generated if not provided. used only for authentication servers |
auth_servers_nas_ip |
string |
optional, NAS-IP-ADDRESS to use |
auth_servers_timeout |
int |
radius auth session timeout, default is 5. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10. |
auth_servers_retries |
int |
radius auth session retries, default is 2. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3. |
fast_dot1x_timers |
boolean |
if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’. |
acct_immediate_update |
boolean |
if set to true, it will enable coa-immediate-update and address-change-immediate-update on the access profile. |
auth_server_selection |
string |
ordered (default) / unordered. When ordered, AP will prefer and go back to the first server if possible |
auth_servers |
list |
list of RADIUS authentication servers, at least one is needed if auth type == eap, order matters where the first one is treated as primary |
host |
string |
ip / hostname of RADIUS server |
port |
int |
port of RADIUS server, default is 1812 for auth server and 1813 for acct server |
secret |
string |
secret of RADIUS server |
acct_servers |
list |
list of RADIUS accounting servers, optional, order matters where the first one is treated as primary |
acct_interim_interval |
int |
how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from RADIUS Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled |
coa_servers |
list |
list of COA (change of authorization) servers, optional |
disable_event_timestamp_check |
boolean |
whether to disable Event-Timestamp Check, which is used to replay-protection, default is false (i.e. for better security) |
dynamic_vlan |
object |
for 802.1x |
enabled |
boolean |
whether to enable dynamic vlan, default is false |
type |
string |
standard (using Tunnel-Private-Group-ID, widely supported), airespace-interface-name (Airespace/Cisco) |
vlans |
object |
map between vlan_id (as string) to airespace interface names (comma-separated) or null for stndard mapping |
default_vlan_id |
int |
vlan_id to use when there’s no match from RADIUS, default is 999 |
default_vlan_ids |
list |
vlan_ids to use when there’s no match from RADIUS, default is [“999”] |
local_vlan_ids |
list |
vlan_ids to be locally bridged |
radsec |
object |
RadSec related, once enabled, auth_servers / acct_servers / coa_servers will be ignored |
server_name |
string |
name of the server to verify (against the cacerts in Org Setting) |
use_mxedge |
string |
mxedge can be used as radsecproxy, see Mist Edge Cluster and Site Setting |
dns_server_rewrite |
object |
for radius_group-based DNS server (rewrite DNS request depending on the Group RADIUS server returns) |
radius_groups |
object |
map between radius_group and the desired DNS server (IPv4 only) |
dynamic_psk |
object |
for dynamic PSK where we get per-user PSK from Radius / Cloud WLC |
default_psk |
string |
default PSK to use if cloud WLC is not available, 8-63 characters |
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
whether to enable mist nac |
auth_servers_timeout |
int |
radius auth session timeout, default is 5. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘quite-period’ and ‘transmit-period’ are set to half the value of auth_servers_timeout. ‘supplicant-timeout’ is also set when setting auth_servers_timeout and is set to default value of 10. |
auth_servers_retries |
int |
radius auth session retries, default is 2. Following fast timers are set if “fast_dot1x_timers” knob is enabled. ‘retries’ are set to value of auth_servers_retries. ‘max-requests’ is also set when setting auth_servers_retries and is set to default value to 3. |
fast_dot1x_timers |
boolean |
if set to true, sets default fast-timers with values calculated from ‘auth_servers_timeout’ and ‘auth_server_retries’. |
acct_interim_interval |
int |
how frequently should interim accounting be reported, 60-65535. default is 0 (use one specified in Access-Accept request from Server). Very frequent messages can affect the performance of the radius server, 600 and up is recommended when enabled |
coa_enabled |
boolean |
allows a RADIUS server to dynamically modify the authorization status of a user session |
coa_port |
int |
the communication port used for “Change of Authorization” (CoA) messages |
network |
string |
which network the mist nac server resides in |
source_ip |
string |
In case there is a static IP for this network, we can specify it using source ip |
| Name | Type | Description |
|---|---|---|
airwatch |
object |
Airwatch related |
console_url |
string |
console URL |
api_key |
string |
API Key |
username |
string |
username |
password |
string |
password |
Cisco CWA (central web authentication) required RADIUS with COA in order to work. See CWA for more details.
| Name | Type | Description |
|---|---|---|
cisco_cwa |
object |
Cisco CWA Related |
enabled |
boolean |
whether to enable CWA, |
allowed_subnets |
list |
list of CIDRs |
blocked_subnets |
list |
list of blocked CIDRs |
allowed_hostnames |
list |
list of hostnames without http(s):// (matched by substring) |
| Name | Type | Description |
|---|---|---|
overwrite |
boolean |
whether to overwrite QoS |
class |
string |
background / best_effort (default) / video / voice |
| Name | Type | Description |
|---|---|---|
bonjour |
object |
bonjour-related |
enabled |
boolean |
whether to enable bonjour for this WLAN, default is false. Once enabled, limit_bcast is assumed true, allow_mdns is assumed false |
services |
object |
what services are allowed |
scope |
string |
how bonjour services should be discovered for the same WLAN, same_site (default) / same_map / same_ap |
disable_local |
boolean |
whether to prevent wireless clients to discover bonjour devices on the same WLAN, default is false |
radius_groups |
list |
optional, if the service is further restricted for certain RADIUS groups |
additional_vlan_ids |
list |
additional VLAN IDs (on the LAN side or from other WLANs) should we be forwarding bonjour queries/responses |
Note: bonjour settings supercedes allow_mdns
| Name | Type | Description |
|---|---|---|
interface |
string |
where this WLAN will be connected to. all (all external ports, default) / eth0 / eth1 / eth2 / eth3 / wxtunnel / mxtunnel / site_mxedge |
wxtunnel_id |
string |
when interface=wxtunnel, id of the WXLAN Tunnel |
wxtunnel_remote_id |
string |
when interface=wxtunnel, remote tunnel identifier |
mxtunnel_id |
string |
(deprecated, use mxtunnel_ids instead) when interface=mxtunnel, id of the Mist Tunnel |
mxtunnel_ids |
list |
when interface=mxtunnel, ids of the Mist Tunnels |
mxtunnel_name |
string |
when interface=site_medge, name of the mxtunnel that in mxtunnels under Site Setting, default is default |
mxtunnel |
object |
when interface=site_medge, the definition of the Mist Tunnels (key is the name) |
| Name | Type | Description |
|---|---|---|
dtim |
int |
dtim, default is 2 |
disable_wmm |
boolean |
whether to disable WMM, default is false |
disable_uapsd |
boolean |
whether to disable U-APSD, default is false |
use_eapol_v1 |
boolean |
if auth.type==’eap’ or ‘psk’, should only be set for legacy client, such as pre-2004, 802.11b devices |
legacy_overds |
boolean |
legacy devices requires the Over-DS (for Fast BSS Transition) bit set (while our chip doesn’t support it). Warning! Enabling this will cause problem for iOS devices. |
hostname_ie |
boolean |
include hostname inside IE in AP beacons / probe responses, default is false |
enable_local_keycaching |
boolean |
enable AP-AP keycaching via multicast, default is false |
| Name | Type | Description |
|---|---|---|
rateset |
object |
rateset (data rates to support) |
min_rssi |
int |
Minimum RSSI for client to connect, 0 means not enforcing |
template |
string |
no-legacy (basically no 11b and only supports 6 or 12 and up for 11a/g) / compatible (allow more, the default for now) / high-density (only 11n and 11ac) / custom / legacy-only (disable HT/VHT IEs) |
legacy |
list |
list of supported rates (IE=1) and extended supported rates (IE=50) for custom template, append ‘b’ at the end to indicate a rate being basic/mandatory. If template=custom is configured and legacy does not define at least one basic rate, it will use no-legacy default values |
ht |
string |
MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 00ff 00f0 001f limits HT rates to MCS 0-7 for 1 stream, MCS 4-7 for 2 stream (i.e. MCS 12-15), MCS 1-5 for 3 stream (i.e. MCS 16-20) |
vht |
string |
MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit), e.g. 03ff 01ff 00ff limits VHT rates to MCS 0-9 for 1 stream, MCS 0-8 for 2 streams, and MCS 0-7 for 3 streams. |
he |
string |
HE MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) |
eht |
string |
EHT MCS bitmasks for 4 streams (16-bit for each stream, MCS0 is least significant bit) |
disable_11be |
boolean |
disable Wi-Fi 7 EHT IEs, default is false |
disable_11ax |
boolean |
some old WLAN drivers may not be compatible , default is false |
disable_ht_vht_rates |
object |
disable ht or vht rates |
| Name | Type | Description |
|---|---|---|
wlan_limit_up_enabled |
boolean |
if uplink limiting for whole wlan is enabled, default is false |
wlan_limit_up |
int |
kbps |
wlan_limit_down_enabled |
boolean |
if downlink limiting for whole wlan is enabled, default is false |
wlan_limit_down |
int |
kbps |
client_limit_up_enabled |
boolean |
if uplink limiting per-client is enabled, default is false |
client_limit_up |
int |
kbps |
client_limit_down_enabled |
boolean |
if downlink limiting per-client is enabled, default is false |
client_limit_down |
int |
kbps |
app_limit |
object |
bandwidth limiting for apps (applies to up/down) |
apps |
object |
map from app key to bandwidth in kbps. app key defined in Get Application List |
wxtag_ids |
object |
map from wxtag_id of Hostname Wxlan Tags to bandwidth in kbps |
| Name | Type | Description |
|---|---|---|
hotspot20 |
object |
hotspot 2.0 |
enabled |
boolean |
whether to enable hotspot 2.0 config |
operators |
list |
list of operators to support, options: att, google, tmobile, charter, boingo, hughes_systique, single_digits, global_reach |
venue_name |
string |
venue name, default is site name |
domain_name |
list |
list of domain names to overwrite default template, optional |
rcoi |
list |
list of roaming consortium to overwrite default template, optional |
nai_realms |
list |
list of NAI Realm to overwrite default template, optional, eap_type options: tls, aka, ttls |
| Name | Type | Description |
|---|---|---|
portal |
object |
portal-related configurations |
enabled |
boolean |
whether guest portal is enabled, default is false |
auth |
string |
authentication scheme, none (default, supporting multi auth) / external (external portal) / sso |
forward |
boolean |
whether to forward the user to another URL after authorized, default is false, this takes precedence |
forward_url |
string |
the URL to forward the user to |
external_portal_url |
string |
external portal URL (e.g. https://host/url) where we can append our query parameters to |
privacy |
boolean |
if enabled, personal information will not be stored (email, name, fields*), default is false |
password |
string |
passphrase |
passphrase_expire |
long |
interval for which guest remains authorized using passphrase auth (in minutes), default is none, if not provided, uses expire |
sms_enabled |
boolean |
when auth=multi, whether sms is enabled |
sms_expire |
long |
interval for which guest remains authorized using sms auth (in minutes), default is none, if not provided, uses expire |
passphrase_enabled |
boolean |
whether password is enabled |
facebook_enabled |
boolean |
whether facebook is enabled as a login method |
facebook_client_id |
string |
facebook OAuth2 app id. This is mandatory, if facebook_enabled is true |
facebook_client_secret |
string |
facebook OAuth2 app secret. This is mandatory, if facebook_enabled is true |
facebook_email_domains |
list |
Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. |
facebook_expire |
long |
interval for which guest remains authorized using facebook auth (in minutes), default is none, if not provided, uses expire |
google_enabled |
boolean |
whether google is enabled as login method |
google_email_domains |
list |
Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. |
google_expire |
long |
interval for which guest remains authorized using google auth (in minutes), default is none, if not provided, uses expire |
amazon_enabled |
boolean |
whether amazon is enabled as a login method |
amazon_client_id |
string |
amazon OAuth2 client id. This is optional. If not provided, it will use a default one. |
amazon_client_secret |
string |
amazon OAuth2 client secret. If amazon_client_id was provided, provide a correspoinding value. Else leave blank. |
amazon_email_domains |
list |
Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. |
amazon_expire |
long |
interval for which guest remains authorized using amazon auth (in minutes), default is none, if not provided, uses expire |
microsoft_enabled |
boolean |
whether microsoft 365 is enabled as a login method |
microsoft_client_id |
string |
microsoft 365 OAuth2 client id. This is optional. If not provided, it will use a default one. |
microsoft_client_secret |
string |
microsoft 365 OAuth2 client secret. If microsoft_client_id was provided, provide a correspoinding value. Else leave blank. |
microsoft_email_domains |
list |
Matches authenticated user email against provided domains. If null or [], all authenticated emails will be allowed. |
microsoft_expire |
long |
interval for which guest remains authorized using microsoft auth (in minutes), default is none, if not provided, uses expire |
azure_enabled |
boolean |
whether Azure Active Directory is enabled as a login method |
azure_tenant_id |
string |
azure active directory tenant id. This is mandatory if azure_enabled is true. |
azure_client_id |
string |
azure active directory app client id.This is mandatory if azure_enabled is true. |
azure_client_secret |
string |
azure active directory app client secret. This is mandatory if azure_enabled is true. |
azure_expire |
long |
interval for which guest remains authorized using azure auth (in minutes), default is none, if not provided, uses expire |
sms_enabled |
boolean |
whether sms is enabled as a login method |
email_enabled |
boolean |
whether email (access code verification) is enabled as a login method |
email_expire |
long |
interval for which guest remains authorized using email auth (in minutes), default is none, if not provided, uses expire |
sms_provider |
string |
how the sms is routed. choices are manual, twilio,broadnet,clickatell, puzzel, gupshup, telstra, smsglobal. default is manual, where user has to select carrier. |
twilio_sid |
string |
Account SID provided by Twilio |
twilio_auth_token |
string |
Auth token account with twilio account |
twilio_phone_number |
string |
Twilio phone number associated with the account. See example for accepted format. |
broadnet_user_id |
string |
User name supplied by BroadNet |
broadnet_password |
string |
Password supplied by BroadNet |
broadnet_sid |
string |
Sender Id for BroadNet (default is ‘MIST’) |
clickatell_api_key |
string |
API key provided by Clickatell |
puzzel_service_id |
string |
Service ID provided by Puzzel |
puzzel_username |
string |
Username provided by Puzzel |
puzzel_password |
string |
Password provided by Puzzel |
gupshup_userid |
string |
User id provided by Gupshup |
gupshup_password |
string |
Password provided by Gupshup |
telstra_client_id |
string |
Client ID provided by Telstra |
telstra_client_secret |
string |
Client secret provided by Telstra |
smsglobal_api_key |
string |
Api key provided by SMSGlobal |
smsglobal_api_secret |
string |
Api secret provided by SMSGlobal |
expire |
long |
how long to remain authorized, in minutes, default is 1440 (24 hours) |
sponsor_enabled |
boolean |
whether sponsor is enabled |
sponsor_email_domains |
list |
list of domain allowed for sponsor email. Required if sponsor_enabled is true and sponsors is empty. |
sponsors |
object |
object of allowed sponsors email with name. Required if sponsor_enabled is true and sponsor_email_domains is empty. |
sponsor_link_validity_duration |
int |
how long to remain valid sponsored guest request approve/deny link received in email, in minutes, default is 60 minutes, min is 5 minutes and max is 60 minutes. |
sponsor_notify_all |
boolean |
whether to notify all sponsors that are mentioned in sponsors object. Both sponsor_notify_all and predefined_sponsors_enabled should be true in order to notify sponsors. If true, email sent to 10 sponsors in no particular order. |
predefined_sponsors_enabled |
boolean |
whether to show list of sponsor emails mentioned in sponsors object as a dropdown. If both sponsor_notify_all and predefined_sponsors_enabled are false, behaviour is acc to sponsor_email_domains |
sponsor_auto_approve |
boolean |
whether to automatically approve guest and allow sponsor to revoke guest access, needs predefined_sponsors_enabled enabled and sponsor_notify_all disabled |
predefined_sponsors_hide_email |
boolean |
whether to hide sponsor’s email from list of sponsors, default is false |
sponsor_status_notify |
boolean |
whether to notify guest about sponsor’s status via email |
sponsor_expire |
long |
interval for which guest remains authorized using sponsor auth (in minutes), default is none, if not provided, uses expire |
portal_api_secret |
string |
api secret (auto-generated) that can be used to sign guest authorization requests |
portal_image |
string |
Url of portal background image |
thumbnail |
string |
Url of portal background image thumbnail |
portal_allowed_subnets |
list |
list of CIDRs |
portal_allowed_hostnames |
list |
list of hostnames without http(s):// (matched by substring) |
portal_denied_hostnames |
list |
list of hostnames without http(s):// (matched by substring), this takes precedence over portal_allowed_hostnames |
bypass_when_cloud_down |
boolean |
whether to bypass the guest portal when cloud not reachable (and apply the default policies), default is false |
sso_issuer |
string |
IDP issuer URL |
sso_idp_cert |
string |
IDP Cert (used to verify the signed response) |
sso_idp_sso_url |
string |
IDP Single-Sign-On URL |
sso_idp_sign_algo |
string |
signing algorithm for SAML Assertion |
sso_nameid_format |
string |
email (default) / unspecified |
sso_default_role |
string |
default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched |
portal_sso_url |
string |
for SAML, this is used as the ACS URL |
cross_site |
boolean |
whether to allow guest to roam between WLANs (with same WLAN.ssid, regardless of variables) of different sites of same org without reauthentication. default is false. (disable random_mac for seamless roaming) |
Upload background image for Portal
POST /api/v1/sites/:site_id/wlans/:wlan_id/portal_image
A multi-part POST
"json": a JSON string describing your upload
"file": a binary file
Delete background image for Portal
DELETE /api/v1/sites/:site_id/wlans/:wlan_id/portal_image
If image is not uploaded or is deleted, portal will use default image.
Portal template will be separated from Wlan object and storage of portal_template object in Wlan object will soon be deprecated
PUT /api/v1/sites/:site_id/wlans/:wlan_id/portal_template
{
"pageTitle": "Welcome",
"message": "Please enjoy the complimentary Wifi",
"authLabel": "Connect to WIFI with",
"color": "#1074bc",
"colorDark": "#0b5183",
"colorLight": "#3589c6",
"alignment": "left",
"passphraseCancel": "Cancel",
"passphraseLabel": "Passphrase",
"passphraseError": "Invalid Passphrase",
"passphraseMessage": "Enter the secret passphrase to access the WiFi network.",
"passphraseSubmit": "Sign In",
"passphraseTitle": "Sign in with Passphrase",
"tos": true,
"tosText": "terms of service",
"tosAcceptLabel": "I accept the Terms of Service",
"tosLink": "Terms of Service",
"backLink": "Back to Sign In",
"tosError": "Please review and accept terms of service",
"optout": false,
"optoutDefault": true,
"optoutLabel": "Do not store"
"email": true,
"emailLabel": "Email",
"emailError": "Please provide valid email",
"emailCodeCancel": "I did not receive the code",
"emailCodeFieldLabel": "Access Code",
"emailCodeMessage": "Enter the access number that was sent to your email address.",
"emailCodeSubmit": "Sign In",
"emailCodeTitle": "Access Code",
"name": true,
"nameLabel": "Name",
"nameError": "Please provide your name",
"company": true,
"companyLabel": "Company",
"companyError": "Please provide company name",
"field1": true,
"field1Label": "Custom1",
"field1Required": true,
"field1Error": "Please provide field1",
"field2": true,
"field2Label": "Custom1",
"field2Required": false,
"field2Error": "Please provide field2",
"field3": true,
"field3Label": "Custom1",
"field3Required": false,
"field3Error": "Please provide field3",
"field4": true,
"field4Label": "Custom1",
"field4Required": false,
"field4Error": "Please provide field4",
"requiredFieldLabel": "required",
"signInLabel": "Sign In",
"poweredBy": true,
"authButtonAmazon": "Sign in with Amazon",
"authButtonAzure": "Sign in with Azure",
"authButtonEmail": "Sign in with Email",
"authButtonMicrosoft": "Sign in with Microsoft",
"authButtonPassphrase": "Sign in with Passphrase",
"authButtonGoogle": "Sign in with Google",
"authButtonFacebook" : "Sign in with Facebook",
"authButtonSms": "Sign in with Text Message",
"emailAccessDomainError": "Access is restricted by email domain",
"smsNumberFieldLabel": "Mobile Number",
"smsCarrierFieldLabel": "Mobile Carrier",
"smsCarrierDefault": "Please Select",
"smsCarrierError": "Please select a mobile carrier",
"smsNumberSubmit": "Sign In",
"smsNumberCancel": "Cancel",
"smsNumberTitle": "Text Message Confirmation",
"smsCodeMessage": "Enter the confirmation code",
"smsCodeFieldLabel": "Confirmation Code",
"smsCodeSubmit": "Sumbit Code",
"smsCodeCancel": "Cancel",
"smsCodeError": "Invalid Access Code",
"smsCodeTitle": "Access Code",
"smsCountryFieldLabel": "Country Code",
"smsCountryFormat": "+1",
"smsHaveAccessCode": "I have an access code",
"smsValidityDuration": 5,
"smsMessageFormat": "Code {{code}} expires in {{duration}} minutes.",
"smsNumberError": "Invalid Mobile Number",
"smsNumberFormat": "2125551212 (digits only)",
"smsNumberMessage": "We will send an access code to your mobile number which you can use to "
"connect to the WiFi network. Message and data rates may apply.",
"smsUsernameFormat": "username",
"emailTitle": "Sign in with Email",
"emailMessage": "We will email you an authentication code which you can use to connect to the WiFi network.",
"accessCodeAlternateEmail": "Use alternate email address",
"emailFieldLabel": "Enter your email address" ,
"emailSubmit": "Send Access Code",
"emailCancel": "Cancel",
"emailCodeError": "Please provide valid alternate email",
"authButtonSponsor": "Sign in as Guest",
"sponsorEmailError": "Please provide valid sponsor email",
"sponsorNameError": "Please provide sponsor name",
"sponsorBackLink": "Go back and edit request form",
"sponsorCancel": "Cancel",
"sponsorEmail": "Sponsor Email",
"sponsorName": "Sponsor Name",
"sponsorInfoApproved": "Your request was approved by",
"sponsorInfoDenied": "Your request was denied by",
"sponsorInfoPending": "Your notification has been sent to",
"sponsorsInfoApproved": "Your request was approved,
'sponsorsInfoDenied': 'Your request was denied',
'sponsorsInfoPending': 'Your notification has been sent to the sponsors',
"sponsorNotePending": "Please wait for them to acknowledge.",
"sponsorRequestAccess": "Request Wifi Access",
"sponsorSelectEmail": "Select Sponsor",
'sponsorsError': 'Please select a sponsor',
"sponsorStatusApproved": "Your request was approved",
"sponsorStatusDenied": "Your request was denied",
"sponsorStatusPending": "Notification Sent",
'sponsorAutoApproved': 'Your request was approved.',
'sponsorAutoApprovedNote': "Your notification has been sent to",
'sponsorsAutoApprovedNote': "Your notification has been sent to the sponsors.",
"sponsorSubmit": "Notify Sponsor",
// Email Customization
"sponsorEmailTemplate": "<html template to replace/override default sponsor email template>",
"privacyPolicy": false,
"privacyPolicyText": "privacy notice content",
"privacyPolicyAcceptLabel": "I accept the Privacy Notice",
"privacyPolicyLink": "Privacy Notice",
"privacyPolicyError": "Please review and accept privacy notice",
"marketingPolicyOptIn": false,
"marketingPolicyOptInText": "Marketing policy content",
"marketingPolicyOptInLabel": "I wish to receive Marketing notifications",
"marketingPolicyLink": "Marketing Policy"
}
| Name | Type | Description |
|---|---|---|
pageTitle |
string |
“Welcome” |
message |
string |
“Please enjoy the complimentary Wifi” |
color |
string |
“#1074bc” |
colorDark |
string |
“#0b5183” |
colorLight |
string |
“#3589c6” |
alignment |
string |
defines alignment on portal. “left” is default. |
passphraseLabel |
string |
Passphrase |
passphraseError |
string |
error message when invalid passphrase is provided |
tos |
boolean |
default is true |
tosText |
string |
text of the Terms of Service |
tosAcceptLabel |
string |
prefix of the label of the link to go to /tos |
tosLink |
string |
label of the link to go to /tos |
tosError |
string |
error message when tos not accepted |
backLink |
string |
label of the link to go back to /logon |
signInLabel |
string |
label of the button to /signin |
poweredBy |
string |
whether to show “Powered by Mist”, default is true |
email |
boolean |
whether email field is required, default is false |
emailLabel |
string |
label of email field |
emailError |
string |
error message when email not provided |
name |
boolean |
whether name field is required, default is false |
nameLabel |
string |
label of name field |
nameError |
string |
error message when name not provided |
company |
boolean |
whether company field is required, default is false |
companyLabel |
string |
label of company field |
companyError |
string |
error message when company not provided |
requiredFieldLabel |
string |
label to denote required field |
field1 |
boolean |
whether to ask field1 |
field1Label |
string |
label of field1 |
field1Required |
boolean |
whether field1 is required field |
field1Error |
string |
error message when field1 not provided |
field2 |
boolean |
whether to ask field2 |
field2Label |
string |
label of field2 |
field2Required |
boolean |
whether field2 is required field |
field2Error |
string |
error message when field2 not provided |
field3 |
boolean |
whether to ask field3 |
field3Label |
string |
label of field3 |
field3Required |
boolean |
whether field3 is required field |
field3Error |
string |
error message when field3 not provided |
field4 |
boolean |
whether to ask field4 |
field4Label |
string |
label of field4 |
field4Required |
boolean |
whether field4 is required field |
field4Error |
string |
error message when field4 not provided |
optout |
boolean |
whether to display “Do Not Store My Personal Information” |
optoutLabel |
string |
label for “Do Not Store My Personal Information” |
authButtonPassphrase |
string |
label for passphrase auth button |
passphraseTitle |
string |
Title for passphrase details page |
passphraseMessage |
string |
“Login using passphrase” |
passphraseSubmit |
string |
“Sign in” |
passphraseCancel |
string |
“Cancel” |
authButtonGoogle |
string |
label for Google auth button |
authButtonFacebook |
string |
label for Facebook auth button |
authButtonSms |
string |
label for SMS auth button |
emailAccessDomainError |
string |
error message when a user has valid social login but doesn’t match specified email domains. |
smsNumberFieldLabel |
string |
label for field to provide mobile number |
smsCarrierFieldLabel |
string |
label for mobile carrier drop-down list |
smsNumberSubmit |
string |
label for submit button for code generation |
smsNumberCancel |
string |
label for canceling mobile details for SMS auth |
smsNumberTitle |
string |
Title for phone number details |
smsCodeMessage |
string |
“Enter the confirmation code” |
smsCodeFieldLabel |
string |
“Confirmation Code” |
smsCodeSubmit |
string |
Label for confirmation code submit button |
smsCodeCancel |
string |
Label for cancel confirmation code submission |
smsCodeError |
string |
error message when confirmation code is invalid |
smsHaveAccessCode |
string |
Label for checkbox to specify that the user has access code |
smsValidityDuration |
int |
how long confirmation code should be considered valid (in minutes) |
smsMessageFormat |
string |
format of access code sms message. {{code}} and {{duration}} are place holders and should be retained as is. |
sponsorEmail |
string |
label for Sponsor Email |
sponsorName |
string |
label for Sponsor Name |
sponsorRequestAccess |
string |
‘submit button label request Wifi Access and notify sponsor about guest request |
sponsorSubmit |
string |
submit button label to notify sponsor about guest request |
sponsorStatusDenied |
string |
text to display when sponsor denies request |
sponsorStatusApproved |
string |
text to display if sponsor approves request |
sponsorStatusPending |
string |
text to display if request is still pending |
sponsorEmailError |
string |
“Please provide valid sponsor email” |
sponsorNameError |
string |
“Please provide sponsor’s name” |
sponsorBackLink |
string |
“Go back and edit request form” |
sponsorCancel |
string |
“Cancel” |
sponsorInfoApproved |
string |
“Your request was approved by” |
sponsorInfoDenied |
string |
“Your request was denied by” |
sponsorInfoPending |
string |
“Your notification has been sent to” |
sponsorsInfoApproved |
string |
“Your request was approved” |
sponsorsInfoDenied |
string |
“Your request was denied” |
sponsorsInfoPending |
string |
“Your notification has been sent to the sponsors” |
sponsorNotePending |
string |
“Please wait for them to acknowledge.” |
sponsorSelectEmail |
string |
“Select Sponsor” |
sponsorsError |
string |
“Please select a sponsor” |
authButtonSponsor |
string |
label for Sponsor auth button |
authButtonAmazon |
string |
label for Amazon auth button |
authButtonAzure |
string |
label for Azure auth button |
authButtonEmail |
string |
label for Email auth button |
authButtonMicrosoft |
string |
label for Microsoft auth button |
smsCarrierDefault |
string |
“Please Select” |
smsCarrierError |
string |
“Please select a mobile carrier” |
smsCodeTitle |
string |
“Access Code” |
smsCountryFieldLabel |
string |
“Country Code” |
smsCountryFormat |
string |
“+1” |
smsNumberError |
string |
“Invalid Mobile Number” |
smsNumberFormat |
string |
“2125551212 (digits only)” |
smsNumberMessage |
string |
“We will send an access code to your mobile number which you can use to connect to the WiFi network. Message and data rates may apply.” |
smsUsernameFormat |
string |
“username” |
accessCodeAlternateEmail |
string |
“Use alternate email address” |
emailMessage |
string |
“We will email you an authentication code which you can use to connect to the WiFi network.” |
emailCodeError |
string |
“Please provide valid alternate email” |
emailCancel |
string |
“Cancel” |
emailFieldLabel |
string |
“Enter your email address” |
emailTitle |
string |
“Sign in with Email” |
emailSubmit |
string |
Label for confirmation code submit button using email auth |
emailCodeCancel |
string |
Label for cancel confirmation code submission using email auth |
emailCodeFieldLabel |
string |
“Confirmation Code”, |
emailCodeMessage |
string |
“Enter the access number that was sent to your email address.”, |
emailCodeSubmit |
string |
“Sign In”, |
emailCodeTitle |
string |
“Access Code”, |
authLabel|string|”Connect to WiFi with”
sponsorEmailTemplate|string|html template to replace/override default sponsor email template; See Sponsor Email Template for more details
privacyPolicy|boolean|default is false
privacyPolicyText|string|privacy notice text
privacyPolicyAcceptLabel|string|prefix of the label of the link to go to /privacy_notice,
privacyPolicyLink|string|label of the link to go to /privacy_notice,
privacyPolicyError|string|error message when privacy notice is not accepted”,
marketingPolicyOptIn|boolean| whether marketing policy optin is enabled,
marketingPolicyOptInText|string| marketing policy text,
marketingPolicyOptInLabel|string| label for marketing optin,
marketingPolicyLink|string| label of the link to go to /marketing_policy
Sponsor Email Template supports following template variables:
| Name | Description |
|---|---|
approve_url |
Renders URL to approve the request; optionally &minutes=N query param can be appended to change the Authorization period of the guest, where N is a valid integer denoting number of minutes a guest remains authorized |
deny_url |
Renders URL to reject the request |
guest_email |
Renders Email ID of the guest |
guest_name |
Renders Name of the guest |
field1 |
Renders value of the Custom Field 1 |
field2 |
Renders value of the Custom Field 2 |
company |
Renders value of the Company field |
sponsor_link_validity_duration |
Renders validity time of the request (i.e. Approve/Deny URL) |
auth_expire_minutes |
Renders Wlan-level configured Guest Authorization Expiration time period (in minutes), If not configured then default (1 day in minutes) |
GET /api/v1/sites/:site_id/wlans/derived?resolve=false&wlan_id=:wlan_id
| Name | Type | Description |
|---|---|---|
resolve |
boolean |
whether to resolve SITE_VARS, default is false (as filter, optional) |
wlan_id |
string |
filter by UUID of wlan |
[
{
"ssid": "Guest",
"for_site": false,
"template_id": "867860f2-dd82-3677-54a5-4d6b139c96ca",
"template_name" "west coast",
...
}
]
| Name | Type | Description |
|---|---|---|
for_site |
boolean |
whether this is a site-level WLAN |
template_id |
string |
the template id (if this is an org-level wlan with template_id) |
template_name |
string |
name of the template |
GET /api/v1/sites/:site_id/guests/derived?cross_site=false
| Name | Type | Description |
|---|---|---|
cross_site |
boolean |
whether to get org level guests, default is false i.e get site level guests |
[
{
"ssid": "Guest",
"auth_method": "passphrase",
"wlan_id": "867860f2-dd82-3677-54a5-4d6b139c96ca"
...
}
]
POST /api/v1/utils/resize_image
A multi-part POST
"json": a JSON string
"file": a binary file
// for the JSON payload
{
"width": 300,
"height": 200",
"topleft": [ 10, 50 ],
"bottomright: [100, 100 ]
}
Allows validation of twilio setup
POST /api/v1/utils/test_twilio
{
"twilio_sid": "AC5f4366878d193fb4865ab151739999eb",
"twilio_auth_token": "2135be04736a1a0a314bce432d61721a",
"from": "+185051234567",
"to": "+19999999999"
}
| Name | Type | Definition |
|---|---|---|
twilio_sid |
string |
Twilio Account SID |
twilio_auth_token |
string |
Auth Token associated with twilio account |
from |
string |
One of the numbers you have in your Twilio account |
to |
string |
Phone number of the recipient of SMS |
In case of success, a text message confirming successful setup should be received. In case of error, twilio error code and message are returned.
Allows validation of broadnet setup
POST /api/v1/utils/test_broadnet
{
"broadnet_user_id": "juniper",
"broadnet_password": "sherlocked",
"broadnet_sid": "MIST",
"to": "+911122334455"
}
| Name | Type | Definition |
|---|---|---|
broadnet_user_id |
string |
Broadnet account user id |
broadnet_password |
string |
Broadnet account password |
broadnet_sid |
string |
Sender Id, for the sms (default is ‘MIST’, if not provided) |
to |
string |
Phone number of the recipient of SMS with country code |
In case of success, a text message confirming successful setup should be received. In case of error, broadnet error message are returned.
Allows validation of Clickatell setup
POST /api/v1/utils/test_clickatell
{
"clickatell_api_key": "Hk-ZWX4ZStWR29yS1pMvBQ=+",
"to": "+911122334455"
}
| Name | Type | Definition |
|---|---|---|
clickatell_api_key |
string |
Api Key for clickatell account |
to |
string |
Phone number of the recipient of SMS with country code |
In case of success, a text message confirming successful setup should be received. In case of error, clickatell error message are returned.
Allows validation of puzzel setup
POST /api/v1/utils/test_puzzel
{
"puzzel_service_id": "2210",
"puzzel_username": "puzzel",
"puzzel_password": "sherlocked",
"to": "+911122334455"
}
| Name | Type | Definition |
|---|---|---|
puzzel_service_id |
string |
Puzzel account service id |
puzzel_username |
string |
Puzzel account username |
puzzel_password |
string |
Puzzel account password |
to |
string |
Phone number of the recipient of SMS with country code |
In case of success, a text message confirming successful setup should be received. In case of error, puzzel error message are returned.
Allows validation of gupshup setup
POST /api/v1/utils/test_gupshup
{
"gupshup_userid": "juniper",
"gupshup_password": "sherlocked",
"to": "+911122334455"
}
| Name | Type | Definition |
|---|---|---|
gupshup_userid |
string |
Gupshup account user id |
gupshup_password |
string |
Gupshup account password |
to |
string |
Phone number of the recipient of SMS with country code |
In case of success, a text message confirming successful setup should be received. In case of error, gupshup error message are returned.
Allows validation of Telstra sms gateway credentials
POST /api/v1/utils/test_telstra
{
"telstra_client_id": "123456",
"telstra_client_secret": "abcdef",
"to": "+911122334455"
}
| Name | Type | Definition |
|---|---|---|
telstra_client_id |
string |
Telstra client id |
telstra_client_secret |
string |
Telstra client secret |
to |
string |
Phone number of the recipient of SMS with country code |
In case of success, a text message confirming successful setup should be received. In case of error, telstra error message are returned.
Allows validation of SMSGlobal sms gateway credentials
POST /api/v1/utils/test_smsglobal
{
"smsglobal_api_key": "123456",
"smsglobal_api_secret": "abcdef",
"to": "+911122334455"
}
| Name | Type | Definition |
|---|---|---|
smsglobal_api_key |
string |
SMSGlobal api key |
smsglobal_api_secret |
string |
SMSGlobal api secret |
to |
string |
Phone number of the recipient of SMS with country code |
In case of success, a text message confirming successful setup should be received. In case of error, smsglobal error message are returned.
Maps may represent multiple floor one on top of another or just a collections of maps where the user decide to put into a single site.
/api/v1/sites/:site_id/maps
For a map with type==’image’, use multi-part POST to insert a map as well as the image. To update attributes without updating image, PUT without the image. GET will contain an ‘url’ attribute with an URL to the image
// for image map
{
"name": "Mist Office",
"type": "image",
"ppm": 40.94,
"width": 1250,
"height": 1500,
"origin_x": 35,
"origin_y": 60,
"orientation": 30,
"locked": false,
"wayfinding": {
"snap_to_path": true,
"micello": {
"account_key": "adasdf",
"map_id": "c660f81dd250c",
"default_level_id": 5
}
},
"wayfinding_path": {
"coordinate": "actual",
"nodes": [
{
"name": "N1",
"position": {
"x": 746,
"y": 104
},
"edges": {
"N2": "1"
}
},
{
"name": "N2",
"position": {
"x": 740,
"y": 318
},
"edges": {
"N1": "1",
}
}
]
},
"wall_path": {
"coordinate": "actual",
"nodes": [
{
"name": "N1",
"position": {
"x": 746,
"y": 104
},
"edges": {
"N2": "1"
}
},
{
"name": "N2",
"position": {
"x": 740,
"y": 318
},
"edges": {
"N1": "1",
}
}
]
},
"sitesurvey_path": [
{
"coordinate": "actual",
"nodes": [
{
"name": "W0",
"position": {
"x": 372,
"y": 192
},
"edges": {
"W1": 1
}
},
{
"name": "W1",
"position": {
"x": 485,
"y": 205
},
"edges": {
"W2": 1
}
},
{
"name": "W2",
"position": {
"x": 400,
"y": 295
},
"edges": {
"W0": 1
}
},
],
"name": "Default",
"id": "cbdb7f0b-3be0-4872-88f9-58790b509c23-j68kows8"
}
],
"flags": {
"assetHoldTime": 5,
"storeTime": 10
},
"url": "https://url/to/image.png",
"thumbnail_url": "https://url/to/image.png"
}
// for google map
{
"name": "Oakridge Mall",
"type": "google",
"view": "roadmap",
"origin_x": -122.033010,
"origin_y": 37.295080,
"latlng_tl": { "lat": 37.295057, "lng": -122.033095 },
"latlng_br": { "lat": 37.295285, "lng": -122.032789 }
}
| Name | Type | Description |
|---|---|---|
name |
string |
The name of the map |
type |
string |
image / google, default is image |
ppm |
float |
when type=image, pixels per meter |
width |
int |
when type=image, width of the image map |
height |
int |
when type=image, height of the image map |
url |
string |
when type=image, the url |
thumbnail_url |
string |
when type=image, the url for the thumbnail image / preview |
view |
string |
when type=google. roadmap / satellite / hybrid / terrain |
origin_x |
int |
the user-annotated x origin, pixels |
origin_y |
int |
the user-annotated y origin, pixels |
orientation |
int |
orientation of the map, 0 means up is north, 90 means up is west. default is 0 |
latlng_tl |
latlng |
when type=google, latitude / longitude of the top-left corner |
latlng_br |
latlng |
when type=google, latitude / longitude of the bottom-right corner |
wayfinding |
object |
properties related to wayfinding |
wayfinding_path |
object |
a JSON blob for wayfinding (using Dijkstra’s algorithm) |
wall_path |
object |
a JSON blob for wall definition (same format as wayfinding_path) |
sitesurvey_path |
list |
a list of JSON blob for site survey path (same format as wayfinding_path) |
locked |
boolean |
whether this map is considered locked down |
flags |
list |
name/val pair objects for location engine to use |
Add image map is a multipart POST which has an file (Image) and an optional json parameter
POST /api/v1/sites/:site_id/maps/:map_id/image
"json": a JSON string describing your upload
"file": a binary file
Delete image added to the map
DELETE /api/v1/sites/:site_id/maps/:map_id/image
Import data from files is a multipart POST which has a file, a json, and an optional csv, to create floorplan and place matching ap automatically if supported, name ap if not exists
POST /api/v1/sites/:site_id/maps/import
A multi-part POST
"json": a JSON string, includes vendor options: ekahau, ibwave, import_all_floorplans: optional, false by default,
import_height: optional, default: true, import_orientation: optional, default: true
"file": a binary file, option: .esx file (ekahau)
"csv": a csv file for ap name mapping, optional
// for the JSON payload
{
"vendor_name": "ekahau",
"import_all_floorplans": true // optional
"import_height": true, // optional
"import_orientation": false // optional
}
Vendor AP name,Mist AP Mac
US Office AP-2 - 5c:5b:35:00:00:02,5c5b35000002
{
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"aps": [
{
"mac": "5c5b35000001",
// placed
"action": "placed"
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5"
// named and placed
"action": "named-placed"
// if we ignore it (did nothing with it)
"action": "ignored",
"reason": "not found on current site",
// floorplan id, height, orientation for ignored ap
"floorplan_id": "cbdb7f0b-3be0-4872-88f9-58790b509c23-j68kows8"
"orientation": 45,
"height": 3
}
],
"floorplans": [
{
// whatever ID vendor has
"id": "cbdb7f0b-3be0-4872-88f9-58790b509c23-j68kows8",
"name": "map1",
"action": "imported",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5"
}
],
"summary": {
"num_ap_assigned": 1,
"num_map_assigned": 1
}
}
This imports the vendor map meta data into the Map JSON. This is required by the SDK and App in order to access/render the vendor Map properly.
POST /api/v1/sites/:site_id/maps/:map_id/wayfinding/import
{
"vendor_name": "micello",
"account_key": "adasdf",
"map_id": "c660f81dd250c",
"default_level_id": 5
}
| Name | Type | Description |
|---|---|---|
vendor_name |
string |
the vendor ‘micello’ |
account_key |
string |
the account key that has access to the map |
map_id |
string |
micello map id |
default_level_id |
int |
micello floor/level id |
This imports the vendor map meta data into the Map JSON. This is required by the SDK and App in order to access/render the vendor Map properly.
POST /api/v1/sites/:site_id/maps/:map_id/wayfinding/import
{
"vendor_name": "jibestream",
"venue_id": 123,
"map_id": "123",
"ppm": 4.479186910505666,
"client_id": "199d6770-0f6f-407a-9bd5-fc33c7840194",
"client_secret": "/9Nog3yDzcYj0bY91XJZQLCt+m9DXaIVhx+Ghk3ddd",
"customer_id": 123,
"endpoint_url": "https://api.jibestream.com",
"mmpp": 223.2548049411735
}
| Name | Type | Description |
|---|---|---|
vendor_name |
string |
the vendor ‘jibestream’ |
venue_id |
int |
the venue or organization id |
map_id |
string |
the jibestream map id |
ppm |
float |
pixel per meter, same as the map JSON value. |
client_id |
int |
the client id |
client_secret |
string |
the client secret |
customer_id |
string |
the jibestream customer record id |
endpoint_url_url |
string |
the map contents endpoint host |
mmpp |
float |
millimeter per pixel |
This works like an PUT where the image will be replaced. If transform is provided, all the locations of the objects on
the map (AP, Zone, Vbeacon, Beacon) will be transformed as well (relative to the new Map)
POST /api/v1/sites/:site_id/maps/:map_id/replace
"json": a JSON string of
{
// for a 600x400 src image, 400x200 new image
// this means the new image is positioned at (200, 150) with the same scale, no rotation
"transform": {
"x": 200,
"y": 150,
"scale": 1.0,
"rotate": 0
}
}
"file": a binary file
| Name | Type | Description |
|---|---|---|
transform |
object |
The name of the map, optional |
x |
float |
where the (0, 0) of the new image is relative to the original map, default is 0 |
y |
float |
where the (0, 0) of the new image is relative to the original map, default is 0 |
scale |
float |
whether to scale the replacing image, default is 1 |
rotation |
int |
whether to rotate the replacing image, default is 0, in degrees |
POST /api/v1/sites/:site_id/maps/:map_id/set_map
This API can be used to assign a list of AP Macs associated with site_id to the specified map_id. Note that map_id must be associated with corresponding site_id.
This API obeys the following rules
1. if AP is unassigned to any Map, it gets associated with map_id
2. Any moved APs are returned in the response
3. If the AP is considered a locked AP, no action will be taken
{
"macs": [
"5c5b35000001",
"5c5b35584a6f"
]
}
Assigns the devices present in input list of devices to :map_id
{
"moved": ["5c5b35584a6f"],
"locked": ["5c5b35000001"]
}
Zones are areas on a map defined by the admin for different purposes. e.g. different Wlans, occupancies, policies.
/api/v1/sites/:site_id/zones
{
"name": "Board Room",
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"vertices": [
{ "x":1119, "y":518 },
{ "x":1393, "y":518 },
{ "x":1393, "y":740 },
{ "x":1119, "y":740 }
]
}
| Name | Type | Description |
|---|---|---|
name |
string |
The name of the zone |
map_id |
string |
map where this zone is defined |
vertices |
list |
vertices used to define an area. It’s assumed that the last point connects to the first point and forms an closed area |
x |
float |
x in pixel |
y |
float |
y in pixel |
Virtual beacons appear to consumer of our VBLE Mobile SDK as regular BLE beacons.
/api/v1/sites/:site_id/vbeacons
{
"uuid": "31375aeb-b8d3-1ea6-83bf-a31eb04e1c38",
"major": 1356,
"minor": 21,
"power_mode": "default",
"message": "Welcome to Mist",
"url": "http://www.mist.com/any",
"wayfinding_nodename": "node1",
"name": "conference room",
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"x": 53.5,
"y": 173.1
}
| Name | Type | Description |
|---|---|---|
uuid |
string |
bluetooth tag UUID |
major |
int |
bluetooth tag major |
minor |
int |
bluetooth tag minor |
power_mode |
string |
default / custom |
power |
int |
required if power_mode==custom, -30 - 100, in dBm. For default power_mode, power = 4 dBm. |
name |
string |
name / label of the device |
message |
string |
a message that can be displayed when the sdkclient gets near the vbeacon |
url |
string |
URL to show, optional |
wayfinding_nodename |
string |
the name to be used in wayfinding_path or wayfinding_grid blob |
map_id |
string |
map where the device belongs to |
x |
float |
x in pixel |
y |
float |
y in pixel |
RSSI Zone is RSSI-based
/api/v1/sites/:site_id/rssizones
{
"name": "Board Room",
"devices": [
{
"device_id": "00000000-0000-0000-1000-5c5b35bd76bb",
"rssi": -80
}
]
}
| Name | Type | Description |
|---|---|---|
name |
string |
The name of the zone |
devices |
list |
List of devices and the respective RSSI values to be considered in the zone |
rssi |
int |
RSSI threshold |
Beacons represents a physical 3rd-party beacon. The customer will need to tell us the properties of this BLE beacon. So we can use it in our locationing.
/api/v1/sites/:site_id/beacons
{
// for iBeacon
"type": "ibeacon",
"ibeacon_uuid": "31375aeb-b8d3-1ea6-83bf-a31eb04e1c38",
"ibeacon_major": 1356,
"ibeacon_minor": 21,
// for Eddystone using UID
"type": "eddystone-uid",
"eddystone_namespace": "2818e3868dec25629ede",
"eddystone_instance": "5c5b35000001",
// for Eddystone using URL
"type": "eddystone-url",
"eddystone_url": "https://www.abc.com",
"power": 4,
"name": "conference room",
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"x": 53.5,
"y": 173.1,
"mac": "c4887201b5a8",
}
| Name | Type | Description |
|---|---|---|
type |
string |
default is eddystone-uid |
ibeacon_uuid |
string |
bluetooth tag UUID |
ibeacon_major |
int |
bluetooth tag major |
ibeacon_minor |
int |
bluetooth tag minor |
eddystone_namespace |
string |
Eddystone-UID namespace (10 bytes) in hexstring format |
eddystone_instance |
string |
Eddystone-UID instance (6 bytes) in hexstring format |
eddystone_url |
string |
Eddystone-URL url |
power |
int |
in dBm, default is -12 |
name |
string |
name / label of the device |
map_id |
string |
map where the device belongs to |
x |
float |
x in pixel |
y |
float |
y in pixel |
mac |
string |
optiona, MAC of the beacon, currently used only to identify battery voltage |
GET /api/v1/sites/:site_id/stats/beacons
[
{
"mac": "c4887201b5a8",
"name": "conference room",
"type": "eddystone-uid",
"eddystone_namespace": "2818e3868dec25629ede",
"eddystone_instance": "5c5b35000001",
"power": 4,
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"x": 53.5,
"y": 173.1,
"battery_voltage": 3370,
"last_seen": 1492110810
}
]
| Name | Type | Description |
|---|---|---|
battery_voltage |
int |
battery voltage, in mV |
/api/v1/sites/:site_id/assetfilters
{
// required
"name": "Visitor Tags",
"disabled": false,
// must contain at-least one of the following filter properties
"ibeacon_uuid": "f3f17139-704a-f03a-2786-0400279e37c3",
"ibeacon_major": 13,
"eddystone_uid_namespace": "2818e3868dec25629ede",
"eddystone_url": "https://www.abc.com",
"mfg_company_id": 935,
"service_uuid": "0000fe6a-0000-1000-8000-0030459b3cfb"
}
| Name | Type | Description |
|---|---|---|
name |
string |
asset filter name |
disabled |
boolean |
optional; whether the asset filter is disabled, default is false |
ibeacon_uuid |
string |
optional; ibeacon uuid used to filter assets |
ibeacon_major |
int |
optional; ibeacon major value used to filter assets |
eddystone_uid_namespace |
string |
optional; eddystone uid namespace used to filter assets |
eddystone_url |
string |
optional; eddystone url used to filter assets |
mfg_company_id |
int |
optional; ble manufacturing-specific company-id used to filter assets |
service_uuid |
string |
optional; ble service data uuid used to filter assets |
Get the list of all BLE asset filters for the given site. Each asset filter in the list operates independently. For a filter object to match an asset, all of the filter properties must match (logical ‘AND’ of each filter property). For example, the “Visitor Tags” filter below will match an asset when both the “ibeacon_uuid” and “ibeacon_major” properties match the asset. All non-matching assets are ignored.
GET /api/v1/sites/:site_id/assetfilters
[
{
// Filter #1: each filter can contain any subset of filter properties
"name": "Visitor Tags",
"ibeacon_uuid": "f3f17139-704a-f03a-2786-0400279e37c3",
"ibeacon_major": 13
},
{
// Filter #2: each filter can contain any subset of filter properties
"name": "Company Tags",
"eddystone_uid_namespace": "2818e3868dec25629ede",
"eddystone_url": "https://www.abc.com",
"mfg_company_id": 935
}
]
Gets a single asset filter by id.
GET /api/v1/sites/:site_id/assetfilters/:filter_id
Creates a single BLE asset filter for the given site. Any subset of filter properties can be included in the filter. A matching asset must meet the conditions of all given filter properties (logical ‘AND’).
POST /api/v1/sites/:site_id/assetfilters
{
"name": "Visitor Tags",
"ibeacon_uuid": "f3f17139-704a-f03a-2786-0400279e37c3",
"ibeacon_major": 13,
"eddystone_uid_namespace": "2818e3868dec25629ede",
"eddystone_url": "https://www.abc.com",
"mfg_company_id": 935,
"service_uuid": "0000fe6a-0000-1000-8000-0030459b3cfb"
"disabled": False,
}
| Name | Type | Description |
|---|---|---|
name |
string |
name of Asset Filter |
ibeacon_uuid |
string |
ibeacon_uuid |
ibeacon_major |
int |
ibeacon_major |
eddystone_uid_namespace |
string |
eddystone_uid_namespace |
eddystone_uid_namespace |
string |
eddystone_uid_namespace |
mfg_company_id |
int |
mfg_company_id |
service_uuid |
string |
service_uuid |
disabled |
bool |
whether to disable Asset Filter |
Status: 200 OK
Status: 400 At least one filter must be specified
Updates an existing BLE asset filter for the given site.
PUT /api/v1/sites/:site_id/assetfilters/:filter_id
Deletes an existing BLE asset filter for the given site.
DELETE /api/v1/sites/:site_id/assetfilters/:filter_id
/api/v1/sites/:site_id/assets
{
"name": "Expensive Instrument",
"mac": "a31eb04e1c38"
}
| Name | Type | Description |
|---|---|---|
name |
string |
name / label of the device |
mac |
string |
bluetooth MAC |
API will replace the assets with same mac if provided upsert=True, otherwise will report in errors in response.
POST /api/v1/sites/:sites_id/assets/import?upsert=True
"file": CSV File
name,mac
"asset_name",5c5b53010101
[
{
"name": "Expensive Instrument",
"mac": "a31eb04e1c38"
},
{
"name": "Cheap Instrument",
"mac": "a31eb04e1c37"
}
]
GET /api/v1/sites/:site_id/stats/assets
[
{
"name": "Expensive Instrument",
"mac": "a31eb04e1c38",
// populated automatically
"last_seen": 1492110810,
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"x": 60,
"y": 80,
"ibeacon_uuid": "f3f17139-704a-f03a-2786-0400279e37c3",
"ibeacon_major": 13,
"ibeacon_minor": 138,
"eddystone_uid_namespace": "2818e3868dec25629ede",
"eddystone_uid_instance": "5c5b35000001",
"eddystone_url_url": "https://www.abc.com",
"battery_voltage": 3370
}
]
| Name | Type | Description |
|---|---|---|
name |
string |
name / label of the device |
mac |
string |
bluetooth MAC |
last_seen |
int |
last seen timestamp |
map_id |
string |
map where the device belongs to |
x |
float |
x in pixel |
y |
float |
y in pixel |
battery_voltage |
int |
battery voltage, in mV |
GET /api/v1/sites/:site_id/stats/assets/:asset_id
{
"name": "Expensive Instrument",
"mac": "a31eb04e1c38",
// populated automatically
"last_seen": 1492110810,
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"x": 60,
"y": 80
"battery_voltage": 3370
// only send this for individual asset stat
"zones": [
{
"id": "8ac84899-32db-6327-334c-9b6d58544cfe",
"since": 1428939600
}
],
"rssizones": [
{
"id": "b2af5d7b-c3d0-c5c9-57e9-4d740871db47",
"since": 1428939600
}
]
}
Get a list of BLE beacons that matches Asset or AssetFilter
GET /api/v1/sites/:site_id/stats/filtered_assets?duration=1d
[
{
"mac": "5c5b350eaaaa",
"curr_site": "67970e46-4e12-11e6-9188-0242ac11aaaa",
"device_name": "",
"manufacture": "Mist Systems",
"id": "3c0c8abc-aaaa-4070-9dd0-b9a18e7ec6fa",
"name": "asset4",
"by": "asset",
"last_seen": 1643837316.760462,
"map_id": "f5d26c7f-1670-4921-a79d-09f887f4aaaa",
"_checkpoint_preparer": 1635888509,
"_checkpoint_scan": 1636148467,
"_checkpoint_prep": 1636148467,
"_timestamp": 1643837316,
"_ttl": 86349,
"_id": "5c5b350eaaaa",
"ap_mac": "5c5bbbbeaaaa",
"beam": 6,
"rssi": -30
}
]
Get a list of Discovered Assets that doesn’t match any of the Asset / Assetfilters
GET /api/v1/sites/:site_id/stats/discovered_assets
Get a list of BLE beacons that we discovered (whether they’re defined as assets or not)
GET /api/v1/sites/:site_id/stats/maps/:map_id/discovered_assets
[
{
"mac": "6fa474be7ae5",
"device_name": "[TV] UN65JU670D",
"x": 60,
"y": 80,
"manufacture": "Apple",
"last_seen": 1428939600,
// optionally populated
"ibeacon_uuid": "f3f17139-704a-f03a-2786-0400279e37c3",
"ibeacon_major": 13,
"ibeacon_minor": 138,
"eddystone_uid_namespace": "2818e3868dec25629ede",
"eddystone_uid_instance": "5c5b35000001",
"eddystone_url_url": "https://www.abc.com",
"mfg_company_id": 935,
"mfg_data": "648520a1020000",
"duration": 120
}
]
| Name | Type | Description |
|---|---|---|
mac |
string |
mac address of the (unconnected) client |
map_id |
string |
map_id of the sdk client (if known), or null |
x |
int |
x (in pixels) of user location on the map (if known) |
y |
int |
y (in pixels) of user location on the map (if known) |
manufacture |
string |
device manufacture, through fingerprinting or OUI |
ibeacon_uuid |
string |
bluetooth tag UUID |
ibeacon_major |
int |
bluetooth tag major |
ibeacon_minor |
int |
bluetooth tag minor |
eddystone_namespace |
string |
Eddystone-UID namespace (10 bytes) in hexstring format |
eddystone_instance |
string |
Eddystone-UID instance (6 bytes) in hexstring format |
eddystone_url |
string |
Eddystone-URL url |
last_seen |
long |
last seen timestamp |
mfg_company_id |
int |
optional, BLE manufacturing company ID |
mfg_data |
string |
optional, BLE manufacturing data in hex byte-string format (ie: “112233AABBCC”) |
duration |
int |
optional (60-86400; default=60); time duration TTL filter (secs) for each returned asset |
GET /api/v1/sites/:site_id/stats/assets/search
GET /api/v1/sites/:site_id/stats/assets/search?mac='fbc721cc3022'
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
query |
string |
mac,map_id,ibeacon_uuid,ibeacon_major,ibeacon_minor, eddystone_uid_namespace, eddystone_uid_instance, eddystone_url, by, name, device_name, ap_mac,beam,rssi |
{
"results": [
{
"battery_voltage": "283",
"eddystone_uid_namespace": "f7826da6bc5b71e0893e",
"last_seen": 1633971808,
"eddystone_uid_instance": "424c43527039",
"eddystone_url": "eddystone_url",
"mac": "fbc721cc3022",
"manufacture": "Unknown",
"timestamp": 1633971808667,
"map_id": "map_id",
"org_id": "org_id",
"by": "assetfilter",
"site_id": "site_id",
"name": "name",
"temperature": "0.0",
"ap_mac": "fbc721ccaaaa",
"rssi": -30,
"beam": "7"
},
],
"start": 1633367108.3799882,
"end": 1633971908.3799632,
"limit": 100,
"total": 1
}
GET /api/v1/sites/:site_id/stats/assets/count
GET /api/v1/sites/:site_id/stats/assets/count?distinct=ibeacon_uuid
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
distinct |
string |
mac,map_id,ibeacon_uuid,ibeacon_major,ibeacon_minor, eddystone_uid_namespace, eddystone_uid_instance, eddystone_url, by, name, device_name, default is site_id |
{
"results": [
{
"site_id": "site_id",
"count": 19
}
],
"start": 1633368208.7445683,
"end": 1633973008.7445416,
"limit": 100,
"distinct": "site_id",
"total": 1,
}
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/stats/maps/:map_id/discovered_assets"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/stats/maps/63eda950-c6da-11e4-a628-60f81dd250cc/discovered_assets",
"data": {
"mac": "4a0222000e31",
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"x": 51.0,
"y": 29.0,
"manufacture": "Unknown",
"last_seen": 1480716946
}
}
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/stats/maps/:map_id/assets"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/stats/maps/63eda950-c6da-11e4-a628-60f81dd250cc/assets",
"data": {
"mac": "4a0222000e31",
"x": 51.0,
"y": 29.0,
"last_seen": 1480716946
}
}
## Subscribe to MxEdges Stream
WS /api-ws/v1/stream
### Request
{
"subscribe": "/sites/:site_id/mxedges"
}
### Response
{
"event": "data",
"channel": "/sites/67970e46-4e12-11e6-9188-0242ac110007/mxedges",
"data": {
"device_id": "00000000-0000-0000-1000-5c5b3524500b",
"event_type": "fwupdate",
"detail": {
"timestamp": 1485381027,
"status": "inprogress",
"progress": 45
}
}
}
### Definition
| Name | Type | Description |
|---|---|---|
device_id |
string |
device_id of the device corresponding to the event |
event_type |
string |
type of the event that occurred. currently, on device updates are reported on the stream. |
detail |
object |
detail will be specific to the event_type. |
WS /api-ws/v1/stream
{
{subscribe: "/sites/:site_id/pcaps"}
}
{
"event": "data"
"channel": "/sites/:site_id/pcaps"
"data": {
"capture_id": "6b1be4fb-b239-44d9-9d3b-cb1ff3af1721"
"pcap_dict": {
"channel_frequency": 2412,
"channel": "1",
"datarate": "1.0 Mbps",
"rssi": -75,
"dst": "78:bd:bc:ca:0b:0a",
"src": "18:b8:1f:4c:91:c0",
"bssid": "18:b8:1f:4c:91:c0",
"frame_type": "Management",
"frame_subtype": "Probe Response",
"proto": "802.11",
"ap_mac": "d4:20:b0:81:99:2e",
"direction": "tx",
"timestamp": 1652246543,
"length": 416.0,
"interface": "radiotap",
"info": "1652246544.467733 1683216786us tsft 1.0 Mb/s 2412 MHz 11g -75dBm signal -82dBm noise antenna 0 Probe Response (ATTKmsWiVS) [1.0*
2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0 Mbit] CH: 2, PRIVACY\\n",
},
"pcap_raw": "1MOyoQIABAAAAAAAAAAAAP//AAABAAAAEEh7Yh5VBwCgAQAAoAEAAAAAKwBvCADAAQAAAIw7reCS2VNkAAAAABACbAmABLWuAAEAEBgAAwACAABQADoBeL28ygsKGLgfTJHAGLgfTJHAcIZ2WDlBJQAAAGQAERUACkFUVEttc1dpVlMBCIKEi5YkMEhsAwECBwZVUyABCx4gAQAjAhkAKgEEMgQMEhhgMBQBAAAPrAQBAAAPrAQBAAAPrAIMAAsFAQAbAABGBTIIAQAALRqtCR////8AAAAAAAAAAAAAAAAAAAAAAAAAAD0WAggVAAAAAAAAAAAAAAAAAAAAAAAAAH8IBAAIAAAAAEDdkwBQ8gQQSgABEBBEAAECEDsAAQMQRwAQn2481frn3KT+uGod2ERx+RAhAAtBcnJpcywgSW5jLhAjAApCR1cyMTAtNzAwECQACkJHVzIxMC03MDAQQgAKQkdXMjEwLTcwMBBUAAgABgBQ8gQAARARAA5BcnJpcyBXaXJlbGVzcxAIAAIgCBA8AAEBEEkABgA3KgABIN0JABAYAgEQHAAA3RgAUPICAQGEAAOkAAAnpAAAQkNeAGIyLwAzjakr\"
}
{
"event": "data"
"channel": "/sites/67970e46-4e12-11e6-9188-0242ac110007/pcaps"
"data": {
"capture_id": "f039b1b4-a23e-48b2-906a-0da40524de73",
"pcap_dict": {
"dst_mac": "68:ec:c5:09:2e:87",
"src_mac": "8c:3b:ad:e0:47:40",
"vlan": 1,
"src_ip": "34.224.147.117",
"dst_ip": "192.168.1.55",
"dst_port": 51635,
"src_port": 443,
"proto": "TCP",
"ap_mac": "d4:20:b0:81:99:2e",
"direction": "tx",
"timestamp": 1652247615,
"length": 159.0,
"interface": "wired",
"info": "1652247616.007409 IP ec2-34-224-147-117.compute-1.amazonaws.com.https > ip-192-168-1-55.ec2.internal.51635: Flags [P.], seq
2192123968:2192124057, ack 4035166782, win 12, options [nop,nop,TS val 597467050 ecr 740580660], length 89\\n",
},
"pcap_raw": "1MOyoQIABAAAAAAAAAAAAP//AAABAAAAQEx7YhMzAACfAAAAnwAAAGjsxQkuh4w7reBHQIEAAAEIAEUAAI1bLEAAKAZ/CiLgk3XAqAE3AbvJs4KpKEDwg8I+gBgADFf9AAABAQgKI5yfqiwkXTQXAwMAVKY5JopoKQrVEn0/3ld4YntctGEH/rTZuwtCvzSncFw71QJveJi9uxHs57KC8w9Apph3YvXJrmWg7M37+o+YV0KH/xmr626s5Bkhb3QhKOu+NoNEmA==\"
}
}
{
"event": "data"
"channel": "/sites/67970e46-4e12-11e6-9188-0242ac110007/pcaps"
"data": {
"capture_id": "a2f7374d-6a70-41fd-8a3f-71e42573baaf",
"pcap_dict": null
}
}
| Name | Type | Description |
|---|---|---|
event |
string |
what type of event is received. |
channel |
string |
from which channel the data is received |
capture_id (common) |
string |
Capture id for the current PCAP. |
tcpdump (common) |
string |
PCAP content recieved after running tcpdump. (can be deprecated as it no longer used by UI) |
pcap_dict (common) |
json |
contains json data for PCAP content. If null capture has been stopped. |
dst_mac |
string |
destination mac address |
src_mac |
string |
source mac address |
vlan |
int |
vlan id |
src_ip |
string |
source ip address |
dst_ip |
string |
destination ip address |
dst_port |
string |
destination port |
src_port |
string |
source port |
proto (common) |
string |
Application / Transport layer protocol associated with the packet |
ap_mac |
string |
Packet belongs to which AP |
mac |
string |
Packet belongs to which device (gateway, switch) |
mxedge_id |
string |
Packet belongs to which Mist Edge |
direction (common) |
string |
tx/rx based on device |
timestamp (common) |
float |
precision upto milliseconds. i.e (1652247616.740) |
length (common) |
int |
length of the packet |
lost_messages (common) |
int |
number of messages lost before sending this packets |
channel_frequency (Radiotap) |
int |
radio band used for sending the packet |
channel (Radiotap) |
string |
an int value representing the channel |
datarate (Radiotap) |
string |
internet speed , represented in Mbps |
rssi (Radiotap) |
int |
rssi value can range from 0 - 255. |
dst (Radiotap) |
string |
destination mac address (Can change to dst_mac) |
src (Radiotap) |
string |
source mac address (Can change to src_mac) |
bssid (Radiotap) |
string |
it’s the MAC physical address of the access point |
frame_type (Radiotap) |
string |
will represent packet belongs to which frame, possible values are management, control, and data. |
frame_subtype (Radiotap) |
string |
will represent packet belongs to which subtype, multiple values are possible. |
info (common) |
string |
PCAP content recieved after running tcpdump. |
interface (common) |
string |
Used to identify whether packet belongs to wired or radiotap. or anyother interface. |
/api/v1/sites/:site_id/psks
Add psk on the site. Required: ssid, passphrase.
POST /api/v1/sites/:site_id/psks
Get list of psks on the site. If provided, name or ssid or role query param, psks with exact name/ssid/role match will be
returned.
GET /api/v1/sites/:site_id/psks?name=Common
{
"name": "Common",
"passphrase": "foryoureyesonly",
"ssid": "warehouse",
"usage": "single",
"vlan_id": 417, // optional
"mac": "5684dae9ac8b", // optional
"expire_time": 1614990263 // optional, epoch time in seconds, default is null, as no expiration
"notes": "notes" // optional
"notify_expiry": true // optional
"expiry_notification_time": 2 // optional, unit days
"notify_on_create_or_edit": true // optional
"email": "admin@test.com" // email to send psk expiring notifications to
}
| Name | Type | Description |
|---|---|---|
name |
string |
a name for the PSK |
passphrase |
string |
passphrase of the PSK (8-63 character or 64 in hex) |
ssid |
string |
SSID this PSK should be applicable to |
usage |
string |
multi (default) / single |
vlan_id |
int |
VLAN for this PSK key |
mac |
string |
if usage==single, the mac that this PSK ties to, empty if auto-binding |
expire_time |
int |
default is half year, max is 5 year |
notes |
string |
notes |
notify_expiry |
boolean |
If set to true, reminder notification will be sent when psk is about to expire |
expiry_notification_time |
int |
Number of days before psk is expired. Used as to when to start sending reminder notification when the psk is about to expire |
notify_on_create_or_edit |
boolean |
If set to true, notification will be sent when psk is created or edited |
email |
string |
Email to send psk expiring notifications to |
Delete psks on site. If provided, name or ssid param, psks with exact name/ssid match will be deleted.
DELETE /api/v1/sites/:site_id/psks?ssid=warehouse
PUT /api/v1/sites/:site_id/psks
[
{
"id": "2f64a022-9422-4fa3-92aa-ff6559a9f7f9", //psk_id, required
"name": "common123",
},
{
"id": "110c59ae-d7b2-40f9-9bf2-82367370e55a", //psk_id, required
"usage": "single",
"name": "common12",
"passphrase": "foryoureyesonly1",
"role": "teacher",
}
]
Devices are things we manufacture. They are traceable to a manufactured entry. They will be added into inventory and they will need to be assigned to a site in order to be functional.
Get list of devices on the site.
GET /api/v1/sites/:site_id/devices?name=ap-001
| Name | Type | Description |
|---|---|---|
name |
string |
optional, device name |
type |
string |
ap, switch, gateway, all, default is ap |
[
{
"model": "AP41",
"hw_rev": "0",
"map_id": "01b04bbe-9687-11e8-a5a9-346895ed1b7d",
"orientation": 0,
"org_id": "476057fe-cebb-4be9-9c15-caf1f09d95e0",
"site_id": "eaa6b2b7-88cd-41ea-8150-9b46b6779235",
"mac": "5c5b350e0001",
"modified_time": 1533206823,
"created_time": 1533196761,
"tag_id": 107,
"tag_uuid": "9c557d6a-8a5e-11e6-b1db-0242ac110004",
"serial": "1002710010001",
"type": "ap",
"id": "00000000-0000-0000-1000-5c5b350e0001",
"name": "ap-001"
}
]
PUT /api/v1/sites/:site_id/devices/:device_id
{
"name": "conference room",
"notes": "slightly off center",
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"x": 53.5,
"y": 173.1,
"orientation": 45,
"height": 3,
"locked": false,
"radio_config": {
"band_24": {
"disabled": false,
"channel": 0,
"bandwidth": 20,
"power": 1,
"antenna_mode": "1x1",
"allow_rrm_disable": false,
},
"band_5": {
"disabled": false,
"channel": 0,
"bandwidth": 40,
"power": 0,
"antenna_mode": "default"
},
"band_6": {
"disabled": false,
"channel": 0,
"bandwidth": 40,
"power": 0,
"antenna_mode": "default"
},
"ant_gain_24": 4, // for models with external antenna
"ant_gain_5": 5, // for models with external antenna
"ant_gain_6": 5, // for models with external antenna
// for some AP models (e.g. AP43), 2.4G radio can operation in 5G band
"band_24_usage": "5", // 24 (default) / auto
// if band_24_usage == "5", by default, band_5 properties is used, if specific channel/bandwidth/power/...
// is desired, use the following
"band_5_on_24_radio": {
"disabled": false,
"channel": 0,
"bandwidth": 40,
"power": 0,
"antenna_mode": "default"
},
// to make an outdoor operate indoor, default is false
// for an outdoor-ap, some channels are disallowed by default, this allows the user
// to use it as an indoor-ap
"indoor_use": false,
// to switch antenna mode, for models with switchable antennas
"ant_mode": "external", // external / internal
"scanning_enabled": true
},
"ip_config": {
"type": "static",
"ip": "10.2.1.1",
"netmask": "255.255.255.0",
"gateway": "10.2.1.254",
"type6": "static",
"ip6": "2607:f8b0:4005:808::2004",
"netmask6": "/32",
"gateway6": "2607:f8b0:4005:808::1",
"dns": [ "8.8.8.8", "4.4.4.4" ],
"dns_suffix": [ ".mist.local", ".mist.com" ],
"vlan_id": 1,
"mtu": 0
},
"ble_config": {
"power_mode": "custom",
"power": 10,
"beacon_enabled": true,
"beacon_rate_mode": "custom",
"beacon_rate": 3,
"beam_disabled": [ 1, 3, 6 ],
// ibeacon
"ibeacon_enabled": true,
"ibeacon_uuid": "f3f17139-704a-f03a-2786-0400279e37c3",
"ibeacon_major": 13,
"ibeacon_minor": 138,
"ibeacon_adv_power": -65,
"ibeacon_beams": "2-4,7", // or 'default' to auto-set
"eddystone_uid_enabled": false,
"eddystone_uid_namespace": "2818e3868dec25629ede",
"eddystone_uid_instance": "5c5b35000001",
"eddystone_uid_freq_msec": 200,
"eddystone_uid_adv_power": -65,
"eddystone_uid_beams": "2-4,7", // or 'default' to auto-set
"eddystone_url_enabled": false,
"eddystone_url_url": "https://www.abc.com",
"eddystone_url_freq_msec": 1000,
"eddystone_url_adv_power": -65,
"eddystone_url_beams": "2-4,7", // or 'default' to auto-set
// custom packet
"custom_ble_packet_enabled": true,
"custom_ble_packet_freq_msec": 300,
"custom_ble_packet_frame": "0x........"
},
"usb_config": {
"enabled": true,
// imagotag
"type": "imagotag",
"host": "1.1.1.1",
"channel": 3,
"port": 0,
"verify_cert": false,
"cacert": ""
// Solum or Hanshow
"type": "solum", // or "hanshow"
"vlan_id": 1, // default is 1
},
"esl_config": {
"enabled": true,
// usb_config is ignored if esl_config enabled
"type": "imagotag", // imagotag / hanshow / solum / native
// imagotag, native: AP imagotage native solution
// note: ble_config will be ingored if esl_config is enabled and with native mode.
"type": "imagotag", // or "native"
"host": "1.1.1.1",
"channel": 3,
"port": 0,
"verify_cert": false,
"cacert": ""
// Solum or Hanshow
"type": "solum", // or "hanshow"
"vlan_id": 1, // default is 1
}
"aeroscout": {
"enabled": true,
"host": "aero.pvt.net",
"locate_connected": true
},
"centrak": {
"enabled": true,
},
"airista: {
"enabled": true,
"host": "10.10.10.41",
"port": 1144
}
"led": {
"enabled": true,
"brightness": 255
},
"mesh": {
"enabled": true,
"role": "base", // base / relay
"group": 0,
"bands": ["5", "6"] // default is ["5"], for relay, the first viable one will be picked
},
"client_bridge": {
// when acted as client bridge
// - only 5G radio can be used
// - will not serve as AP on any radios
"enabled": true,
"ssid": "Uplink-SSID",
"auth": {
"type": "psk", // psk (default) / open
"psk": "foryoureyesonly",
// - wpa2-ccmp is assumed when `psk` is choosed
}
},
"uplink_port_config": {
// whether to do 802.1x against uplink switch
// when enaled, AP cert will be used to do EAP-TLS
// and the Org's CA Cert has to be provisioned at the switch
"dot1x": false,
"keep_wlans_up_if_down": false // by default, WLANs are disabled when uplink is down. In some scenario, like SiteSurvey, one would want the AP to keep sending beacons.
},
"port_config": {
// eth0 is not allowed here
// if spcified, this takes predecence over switch_config (switch_config requires user to configure all vlans manually, which is error-prone. thus deprecated)
"eth1,eth2": {
"forwarding": "all", // all (vlans as eth0) / limited / wxtunnel / mxtunnel / site_mxedge
// if forwrding == limited
"vlan_ids": [1, 10, 50],
"port_vlan_id": 1,
// if forwarding == wxtunnel, the port is bridged to the vlan of the session
"wxtunnel_id": "7dae216d-7c98-a51b-e068-dd7d477b7216",
"wxtunnel_remote_id": "wifiguest",
// if forwarding == mxtunnel, vlan_ids comes from mxtunnel
"mxtunnel_id": "08cd7499-5841-51c8-e663-fb16b6f3b45e",
// optional to specify the vlan id for a tunnel if forwarding is for wxtunnel, mxtunnel and site_mxedge.
// if vlan_id is not specified then it will use first one in vlan_ids[] of the mxtunnel
"vlan_id": 9,
// if forwarding == site_mxedge, vlan_ids comes from site_mxedge (`mxtunnels` under site setting)
"mxtunnel_name": "default",
"vlan_id": 9, // optional
// other common attributes
// whether to do port auth
"port_auth": "dot1x", // none (default)
"enable_mac_auth": true,
"mac_auth_protocol": "eap-md5",
"mac_auth_preferred": false, // when enable_mac_auth=true, we'll do dot1x then mac_auth. enable this to prefer mac_auth
// whether simply disabled
"disabled": false,
// site setting will be used unless overwriten here
"radius_config": {
// if per-device overwrite is desired. see site setting for schema
},
// or radsec can be used
"radsec": {
// see WLAN radsec config for schema
},
"mist_nac": {
"enabled": true,
},
// optional dynamic vlan
"dynamic_vlan": {
"enabled": true,
"type": "standard",
"vlans": {
"1-10": null,
"user": null,
},
"default_vlan_id": 999
}
}
},
"iot_config": {
"DO": {
"enabled": true,
"value": 1
},
// 'DI1', 'DI2' pins can only be configured as inputs with an external pull-up
"DI1": {
"name": "motion",
"enabled": true,
},
"A1": {
"name": "pulled-up analog",
"enabled": true
}
},
"lacp_config": {
"enabled": true,
},
"disable_eth1": false,
// disable_eth2 and disable_eth3 are applied for some specific models, e.g. AP12
"disable_eth2": false,
"disable_eth3": false,
"disable_module": false,
"poe_passthrough": false,
// for some AP models, flow_control can be enabled to address some switch compatibility issue
"flow_control": {
"enabled": true, // default is false
}
"pwr_config": {
"base": 2000,
"prefer_usb_over_wifi": false
},
"vars": {
"RADIUS_SECRET": "11s64632d",
"RADIUS_IP1": "172.31.2.5"
},
"ntp_servers": [], // optional
"deviceprofile_id": "6f4bf402-45f9-2a56-6c8b-7f83d3bc98e9",
"image1_url": "https://url/to/image.png"
}
| Name | Type | Description |
|---|---|---|
name |
string |
name / label of the device |
notes |
string |
any notes about this AP |
map_id |
string |
map where the device belongs to |
x |
float |
x in pixel |
y |
float |
y in pixel |
orientation |
int |
orientation, 0-359, in degrees, up is 0, right is 90. |
height |
float |
height, in meters, optional |
locked |
boolean |
whether this AP is considered locked (placement / orientation has been vetted) |
vars |
object |
a dictionary of name->value, the vars can then be used in Wlans. This can overwrite those from Site Vars |
* orientation: AP orientation, netural to user’s perspective, LED always points to antenna 1 |
| Name | Type | Description |
|---|---|---|
radio_config |
object |
radio configs |
band_24 |
object |
radio config for 2.4G |
band_5 |
object |
radio config for 5G |
band_6 |
object |
radio config for 6G |
band_24_usage |
string |
24 / 5 / 6 / auto, default is 24 |
scanning_enabled |
boolean |
whether scanning radio is enabled |
disabled |
boolean |
whether to disable the radio |
channel |
int |
(primary) channel for the band, 0 means using the Site Setting |
power |
int |
tx power of the radio, null or 0 means auto, when power_min=power_max=power=0 to indicate power=0 |
ant_gain_24 |
int |
antenna gain for 2.4G - for models with external antenna only |
ant_gain_5 |
int |
antenna gain for 5G - for models with external antenna only |
bandwidth |
int |
channel width for the band, 20 / 40 / 80 / 160, 80 is only applicable for band_5 and 160 is only for band_6, ignored if channel is 0 |
channels |
list |
list of channels, null or empty array means auto |
antenna_mode |
string |
default / 1x1 / 2x2 / 3x3 / 1x4 |
power_min |
int |
when power=0, min tx power to use, HW-specific values will be used if not set |
power_max |
int |
when power=0, max tx power to use, HW-specific values will be used if not set |
preamble |
string |
short / long / auto, default is short |
usage |
string |
for band_24 radio, 24 / 5 / rrm, default is 24 |
| Name | Type | Description |
|---|---|---|
ip_config |
object |
ip config |
type |
string |
static / dhcp (default) |
ip |
string |
required if type==static |
netmask |
string |
required if type==static |
gateway |
string |
required if type==static |
dns |
list |
required if type==static |
dns_suffix |
list |
if type==static |
vlan_id |
int |
management vlan id, default is 1 (untagged) |
| Name | Type | Description |
|---|---|---|
ble_config |
object |
BLE config |
power_mode |
string |
default / custom |
power |
int |
required if power_mode==custom, 2-7; else use power_mode as default |
beacon_enabled |
boolean |
whether Mist beacons is enabled, default is true |
beacon_rate_mode |
string |
default / custom |
beacon_rate |
int |
required if beacon_rate_mode==custom, 1-10, in number-beacons-per-second |
beam_disabled |
list |
list of AP BLE location beam numbers (1-8) which should be disabled at the AP and not transmit location information (where beam 1 is oriented at the top the AP, growing counter-clock-wise, with 9 being the omni BLE beam) |
ibeacon_enabled |
boolean |
can be enabled if beacon_enabled=true, whether to send iBeacon, default is false |
ibeacon_uuid |
string |
optional, if not specified, the same UUID as the beacon will be used |
ibeacon_major |
int |
Major number for iBeacon |
ibeacon_minor |
int |
Minor number for iBeacon |
ibeacon_freq_msec |
int |
Frequency (msec) of data emmit for iBeacon |
ibeacon_adv_power |
int |
advertised TX Power, -100 to 20 (dBm), omit this attribute to use default |
eddystone_uid_enabled |
boolean |
only if beacon_enabled=false, Whether Eddystone-UID beacon is enabled |
eddystone_uid_namespace |
string |
Eddystone-UID namespace |
eddystone_uid_instance |
string |
Eddystone-UID instance for the device |
eddystone_uid_freq_msec |
int |
Frequency (msec) of data emmit by Eddystone-UID beacon |
eddystone_uid_adv_power |
int |
advertised TX Power, -100 to 20 (dBm), omit this attribute to use default |
eddystone_url_enabled |
boolean |
only if beacon_enabled=false, Whether Eddystone-URL beacon is enabled |
eddystone_url_url |
string |
URL pointed by Eddystone-URL beacon |
eddystone_url_freq_msec |
int |
Frequency (msec) of data emit by Eddystone-UID beacon |
eddystone_url_adv_power |
int |
advertised TX Power, -100 to 20 (dBm), omit this attribute to use default |
custom_ble_packet_enabled |
boolean |
can be enabled if beacon_enabled=true, whether to send custom packet, default is false |
custom_ble_packet_freq_msec |
int |
Frequency (msec) of data emitted by custom ble beacon |
custom_ble_packet_frame |
string |
The custom frame to be sent out in this beacon. The frame must be a hexstring |
| Name | Type | Description |
|---|---|---|
usb_config |
object |
USB config |
enabled |
boolean |
whether to enable any usb config |
type |
string |
usb config type, option: imagotag |
channel |
int |
channel selection, 0-10, not needed by default, required for manual channel override only |
host |
string |
required if type==imagotag |
port |
int |
port, default 0 |
verify_cert |
boolean |
whether to turn on SSL verification |
cacert |
string |
ca certs |
Note: if native imagotag is enabled, BLE will be disabled automatically Note: legacy, new config moved to ESL Config.
| Name | Type | Description |
|---|---|---|
usb_config |
object |
USB config |
enabled |
boolean |
whether to enable any usb config |
type |
string |
usb config type, option: solum, hanshow |
vlan_id |
int |
vlan id for type as solum or hanshow, default is 1 |
| Name | Type | Description |
|---|---|---|
esl_config |
object |
ESL config |
enabled |
boolean |
whether to enable any esl config |
type |
string |
esl config type, option: imagotag |
channel |
int |
channel selection, 0-10, not needed by default, required for manual channel override only |
host |
string |
required if type==imagotag |
port |
int |
port, default 0 |
verify_cert |
boolean |
whether to turn on SSL verification |
cacert |
string |
ca certs |
Note: if native imagotag is enabled, BLE will be disabled automatically
| Name | Type | Description |
|---|---|---|
esl_config |
object |
ESL config |
enabled |
boolean |
whether to enable any esl config |
type |
string |
usb config type, option: solum, hanshow |
vlan_id |
int |
vlan id for type as solum or hanshow, default is 1 |
| Name | Type | Description |
|---|---|---|
aeroscout |
object |
aeroscout config |
enabled |
boolean |
whether to enable aeroscout config |
host |
string |
required if enabled, aeroscout server host |
locate_connected |
boolean |
whether to enable the feature to allow wireless clients data received and sent to AES server for location calculation |
| Name | Type | Description |
|---|---|---|
centrak |
object |
centrak config |
enabled |
boolean |
whether to enable centrak config |
| Name | Type | Description |
|---|---|---|
airista |
object |
airista config |
enabled |
boolean |
whether to enable airista config |
host |
string |
required if enabled, airista server host |
port |
int |
required if enabled |
| Name | Type | Description |
|---|---|---|
led |
object |
LED control |
| Name | Type | Description |
|---|---|---|
mesh |
object |
mesh-related |
enabled |
boolean |
whether mesh is enabled on this AP, default is false |
role |
string |
base / remote |
group |
int |
mesh group, base AP(s) will only allow remote AP(s) in the same mesh group to join, 1-9, optional |
bands |
list |
list of bands that the mesh should apply to. For relay, the first viable one will be picked |
| Name | Type | Description |
|---|---|---|
disable_eth1 |
boolean |
whether to disable eth1 port, default is false |
disable_eth2 |
boolean |
whether to disable eth2 port, default is false |
disable_eth3 |
boolean |
whether to disable eth3 port, default is false |
disable_module |
boolean |
whether to disable module port, default is false |
| Name | Type | Description |
|---|---|---|
poe_passthrough |
boolean |
whether to enable power out through module port (for APH) or eth1 (for APL/BT11), default is false |
pwr_config |
object |
power related configs |
base |
int |
additional power to request during negotiating with PSE over PoE, in mW, default is 0 |
prefer_usb_over_wifi |
boolean |
whether to enable power out to peripheral, meanwhile will reduce power to wifi (only for AP45 at power mode), default is false |
| #### Port Config |
Configuration of IoT pins. By default, all the pins are disabled
| Name | Type | Description |
|---|---|---|
iot_config |
object |
IoT port configuration |
name |
string |
optional; descriptive pin name |
enabled |
boolean |
whether to enable a pin, default is false |
value |
boolean |
output pin signal level, default 0 |
pullup |
string |
the type of pull-up the pin uses (internal, external, none), default none |
DO |
object |
Digital Output pin settings, value can be 0 / 1 |
DI1 |
object |
Digital Input-1 pin settings |
DI2 |
object |
Digital Input-2 pin settings |
A1 |
object |
Analog Input pin settings |
A2 |
object |
Analog Input pin settings |
A3 |
object |
Analog Input pin settings |
A4 |
object |
Analog Input pin settings |
output |
boolean |
whether the pin is configured as an output. DO and A1-A4 can be repurposed by changing |
{
"name": "corp-a135",
"role": "access", // switch role
"notes": "slightly off center",
"ip_config": {
// the default l3 interface of the switch
"type": "static",
"ip": "10.2.1.10",
"netmask": "255.255.255.0",
"gateway": "10.2.1.254",
"dns": [ "8.8.8.8", "4.4.4.4" ],
"dns_suffix": [ ".mist.local", ".mist.com" ],
// or the network where this mgmt IP reside, this will be used as default network for
// outbound-ssh, dns, ntp, dns, tacplus, radius, syslog, snmp
"network": "default"
},
"oob_ip_config": {
// out-of-band (vme/em0/fxp0) IP config
// same payload as `ip_config` except dns / dns_suffix / gateway
// for HA Cluster, node1 can have different IP Config
"node1": {
// same payload as `ip_config` except dns / dns_suffix / gateway
}
// if supported on the platform. If enabled, DNS will be using this routing-instance, too
"use_mgmt_vrf": false // false (default) / true
// for host-out traffic (NTP/TACPLUS/RADIUS/SYSLOG/SNMP), if alternative source network/ip is desired,
"use_mgmt_vrf_for_host_out": false, // false (default), whether to use `mgmt_junos`
},
// most of the time, it's better to use `port_usages` and `networks` in Site Setting to achieve better consistency
// and be able to re-use the same settings across switches
// entries defined here will "replace" those defined in Site Setting/Network Template
"networks": {
"guest": {
"vlan_id": 300,
"ospf_passive": true
}
},
"other_ip_configs": {
// optional, if it's required to have switch's L3 presense on a network/vlan
"guest": {
"type": "static",
"ip": "10.3.3.1",
"netmask": "255.255.255.0", // optional, `subnet` from `network` definition will be used if defined
// for EVPN, if anycast is desired
"evpn_anycast": false // default is false
"type6": "static", // disabled (default) / autoconf / dhcp / static
"ip6": "fdad:b0bc:f29e::3d16",
"netmask6": "/64",
"gateway6": "fdad:b0bc:f29e::1"
}
},
"ntp_servers": [
"pool.ntp.org",
"time.google.com"
],
// global dns settings. To keep compatibility, dns settings in ip_config and oob_ip_config
// will overwrite this setting
"dns_servers": [ "8.8.8.8", "4.4.4.4" ],
"dns_suffix": [ ".mist.local", ".mist.com" ],
"port_config": {
"ge-0/0/0": {
"usage": "uplink"
// if aggregated
"aggregated": true,
"ae_idx": 1, // optional. Users could force to use the designated AE name
"ae_disable_lacp": true, // optional. To disable LCP support for the AE interface
"description": "to dist-sw-01", // optional
"ae_lacp_slow": true, // optional, by default, fast timeout is used
// for esilag
"esilag": true
},
"ge-0/0/1": {
"usage": "default",
// Enable dynamic usage for this port
"dynamic_usage": "dynamic"
},
"ge-0/0/8-16,ge-1/0/0-47": {
"usage": "ap"
},
"ge-0/0/2-3": {
"usage": "evpn_uplink'
},
"ge-0/0/4": {
"usage": "inet",
"port_network": "guest",
// optional
// speed, duplex, disable_autoneg, mtu, poe_disabled
},
"ge-0/0/5": {
"usage": "vlan_tunnel",
"port_network": "customer1", // required
// optional
// speed, duplex, disable_autoneg, mtu, disabled, poe_disabled, storm_control
},
// this is assumed
"*": {
"usage": "default"
}
},
// per-device only, supported attributes:
// - description
// - poe_disabled
// - disabled
// - speed
// - duplex
// - mac_limit
// - port_network
"port_config_overwrite": {
"ge-0/0/9": {
"disabled": true
},
},
// static routes
"extra_routes": {
"it_mgmt": { // use names from `networks`
"via": "10.2.1.1",
// all optional
"metric": null, // 0-4294967295
"preference": 30, // 0-4294967295
"next_qualified": {
"10.3.1.1": {
"metric": null,
"preference": 40
},
},
"discard": false, // this takes precedence
"no_resolve": false
},
"172.16.3.0/24": {
"via": "10.2.1.1"
}
},
// for ipv6
"extra_routes6": {
"2a02:1234:420a:10c9::/64": {
"via": "2a02:1234:200a::100"
}
},
// aggregate routes
"aggregate_routes": {
"172.16.3.0/24": {
// all optional
"metric": null, // 0-4294967295
"preference": 30, // 0-4294967295
"discard": false
}
},
// for ipv6
"aggregate_routes6": {
"2a02:1234:420a:10c9::/64": {}
},
// used for ospf / bgp / ...
"router_id": "10.2.1.10",
// whether to use it for snmp / syslog / tacplus / radius
"use_router_id_as_source_ip": false,
"stp_config": {
"bridge_priority": "40k", // 32k (default), Range [0, 4k, 8k.. 60k] in steps of 4k. Bridge priority applies to both VSTP and RSTP.
}
// to enable OSPF on this device
"ospf_config": {
"enabled": true,
"reference_bandwidth": "100M", //Bandwidth for calculating metric defaults (9600..4000000000000), default is 100M
"areas": {
"0": {
"no_summary": false
}
},
// optional, for basic scenario, below can be specified and can be applied
// to all networks in all areas if not explicitly specified
"export_policy": "hello",
"import_policy": "test"
},
"dhcpd_config": {
"enabled": true,
"corp": {
"type": "local", // default
"ip_start": "192.168.70.100",
"ip_end": "192.168.70.200",
"gateway": "192.168.70.1",
// Maximum number of seconds the lease can be held
"lease_time": 86400, // in seconds, lease time has to be between 3600 [1hr] - 604800 [1 week], default is 86400 [1 day]
// optional, system one will be used
"dns_servers": [ "8.8.8.8", "4.4.4.4" ],
"dns_suffix": [ ".mist.local", ".mist.com" ],
// fixed binding
"fixed_bindings": {
"5684dae9ac8b": {
"name": "John",
"ip": "192.168.70.35",
"ip6": "2607:f8b0:4005:808::2"
}
}
// if using DHCP relay
"type": "relay",
"servers": ["11.2.3.4"],
// if using DHCPv6 server
"type6": "local" // none (default) / relay / local
"ip6_start": "2607:f8b0:4005:808::2",
"ip6_end": "2607:f8b0:4005:808::ff",
// if using DHCPv6 relay
"type6": "relay"
"serversv6": ["2607:f8b0:4005:808::64"]
// when defined in template, this allows device to override
"disabled": false
},
// it's common for many networks to use the same dhcp relay, comma-separated network names can be used here
"net1,net2": {
"type": "relay",
"servers": ["11.2.3.4"]
}
},
"dhcp_snooping": {
"enabled": true,
"all_networks": false,
// if all_networks = false
"networks": [ "corp" ],
// Enable for dynamic ARP inspection check
"enable_arp_spoof_check": true,
// Enable for check for forging source IP address
"enable_ip_source_guard": true,
},
// to enable VRRP on this device
"vrrp_config": {
"enabled": true,
"groups": {
"0": {
// optional
"priority": 200,
"preempt": true, // default false, allow preemption (a backup router can preempt a primary router)
}
}
},
"vrf_config": {
"enabled": true, // whether to enable VRF (when supported on the device)
},
"acl_tags": {
"iot": {
"type": "mac",
"network": "iot", // optional, default is any
"macs": ["010203040506", "abcdef*"],
},
"printer": {
"type": "subnet",
"network": "lan", // optional, default is any
"subnets": ["192.168.1.30/32"]
},
"guest": {
"type": "network",
"network": "guest"
},
"vip_from_filter_id": {
"type": "radius_group",
"radius_group": "VIP"
// optional
"subnets": ["192.168.1.30/32"],
"specs": [
{
"protocol": "tcp", // tcp / udp / icmp / gre / any / ":protocol_number", `protocol_number` is between 1-254, default is `any`
"port_range": "80" // matched dst port, "0" means any, default is "0"
}
]
},
"iot": {
"type": "port_usage",
"port_usgae": "iot",
// optional
"subnets": ["192.168.1.30/32"],
"specs": [
{
"protocol": "tcp", // tcp / udp / icmp / gre / any / ":protocol_number", `protocol_number` is between 1-254, default is `any`
"port_range": "80" // matched dst port, "0" means any, default is "0"
}
]
},
// implicit, cannot override
"any": {
// matching anything not identified
"type": "any"
},
"resource": {
// resource can only be used in `dst_tags`
"type": "resource",
"network": "dmz", // default is any
"subnets": ["192.168.0.5"], // default is any
"ether_types": ["arp"] // arp / ipv6. Default is any. Can only be used under dst tags.
"specs": [
{
"protocol": "tcp", // tcp / udp / icmp / gre / any / ":protocol_number", `protocol_number` is between 1-254, default is `any`
"port_range": "80" // matched dst port, "0" means any, default is "0"
}
] // empty means unrestricted, i.e. any
},
// GBP tags
"vip_tagged_by_radius": {
// from the gbp_tag received from RADIUS
"type": "dynamic_gbp",
"gbp_tag": 100,
},
"vip_tagged_from_traffic": {
// applying gbp tag against matching conditions
"type": "static_gbp",
"gbp_tag": 100,
// or matching network (vlan)
"network": "employee",
// or subnet
"subnets": ["192.168.0.0/16"],
// or MAC
"macs": ["010203040506", "abcdef*"]
},
"gbp_resource": {
// can only be used in `dst_tags`
"type": "gbp_resource",
"gbp_tag": 100,
"specs": [
{
"protocol": "tcp", // tcp / udp / gre / icmp / icmp6
"port_range": "80" // matched dst port, "0" means any
}
]
},
},
"acl_policies": [
{
"name": "guest access",
"src_tags": ["macs"],
"actions": [
{
"dst_tag": "rfc1918",
"action": "deny"
},
{
"dst_tag": "corp",
"action": "allow"
}
]
},
{
"name": "corp"
"src_tags": ["corp-vip"],
"actions": [
{
"dst_tag": "corp",
"action": "allow"
},
{
"dst_tag": "corp-port-ranged",
"action": "deny"
}
]
}
// NOTES:
// 1. for GBP-based policy, all src_tags and dst_tags have to be gbp-based
// 2. for ACL-based policy, `network` is required in either the source or destination
// so that we know where to attach the policy to
],
// EVPN
see EVPN section
// optional, most of the times, `radius_config` comes from Site Settings; however, there are occasions where
// we may want to try experimental radius servers
"radius_config": {
"auth_servers_timeout": 5,
"auth_servers_retries": 3,
"auth_servers": [
{
"host": "1.2.3.4",
"port": 1812,
"secret": "testing123"
},
{
"host": "radius.internal",
"port": 1812,
"secret": "testing123"
}
],
"acct_servers": [
{
"host": "1.2.3.4",
"port": 1812,
"secret": "testing123"
}
],
"acct_interim_interval": 0,
// Enable COA. Default is false. When coa_port is not specified, 3799 is the default value.
“coa_enabled”: true,
“coa_port”: 3799,
// which network the RADIUS server resides, if there's static IP for this network,
// we'd use it as source-ip
"network": "default"
// or specifiy "source_ip" directly
"source_ip": "192.168.3.5"
},
// for an adopted switch, this can be enabled to make it fully-managed by mist
"managed": false,
// for a claimed switch, this can disable auto configuration
"disable_auto_config": false,
// additional CLI commands to append to the generated config
// NOTE: no check is done
"additional_config_cmds": [
"set snmp community public"
],
"vars": {
"RADIUS_SECRET": "11s64632d",
"RADIUS_IP1": "172.31.2.5"
},
"deviceprofile_id": "6f4bf402-45f9-2a56-6c8b-7f83d3bc98e9",
"image1_url": "https://url/to/image.png",
// port_mirroring
"port_mirroring": {
"port_mirror": {
// at least one of them should be specified
"ingress_port_ids": [ "ge-0/0/3" ],
"egress_port_ids": [ "ge-0/0/3" ],
"ingress_networks": [ "corp" ],
// exactly one of the output should be provided
"output_port_id": "ge-0/0/5",
"output_ip_address": "1.2.3.4"
"output_network": "analyze",
// future
"filter": { ... }
}
},
// IOT ports
"iot_config": {
// IN0 and IN1 triggered by input over 5v
"IN0": {
"name": "dry contact",
"enabled": true,
"alarm_class": "major", // minor (default) / major
},
"IN0": {
"name": "motion",
"enabled": true,
"alarm_class": "major", // minor (default) / major
},
// OUT can only be triggered by either IN0 or IN1
"OUT": {
"name": "output",
"enabled": true,
"input_src": "IN0", // IN0 (default) / IN1
"alarm_class": "minor", // minor (default) / major
}
// for VC
"1/IN0": {
"name": "dry contact",
"enabled": true,
"alarm_class": "major", // minor (default) / major
},
"1/OUT": {
"name": "output",
"enabled": true,
"input_src": "IN0", // IN0 (default) / IN1
"alarm_class": "minor", // minor (default) / major
}
},
}
| Name | Type | Description |
|---|---|---|
role |
string |
access / aggregation, default is access |
ip_config |
object |
ip config (for irb) |
oob_ip_config |
object |
OOB management ip settings (i.e. for vme) |
port_config |
object |
port configs |
ntp_servers |
list |
list of NTP servers specific to this device. By default, those in Site Settings will be used |
radius_config |
object |
per-switch radius_config overwrite, optional |
managed |
bool |
default is false, for an adopted switch, we don’t overwrite their existing configs automatically |
disable_auto_config |
bool |
default is false, for a claimed switch, we control the configs by default. This option (disables the behavior) |
| Name | Type | Description |
|---|---|---|
ip_config |
object |
ip config |
type |
string |
static / dhcp (default) |
ip |
string |
required if type==static |
netmask |
string |
required if type==static |
gateway |
string |
required if type==static |
dns |
list |
required if type==static |
dns_suffix |
list |
if type==static |
vlan_id |
int |
management vlan id, default is 1 (untagged) |
| Name | Type | Description |
|---|---|---|
dns_servers |
list |
required if type==static |
dns_suffix |
list |
if type==static |
| Name | Type | Description |
|---|---|---|
router_id |
string |
router-id used for OSPF/ BGP, required if ospf_config.enabled=true |
ospf_config |
object |
OSPF config |
enabled |
boolean |
whether to rung OSPF on this device |
areas |
object |
OSPF areas to run on this device and the corresponding per-area-specific configs |
no_summary |
boolean |
for a stub/nssa area, where to avoid forwarding type-3 LSA to this area |
reference_bandwidth |
string |
Bandwidth for calculating metric defaults (9600..4000000000000), default is 100M |
| Name | Type | Description |
|---|---|---|
extra_routes |
object |
key is the dest |
via |
string |
next-hop |
In the case where soemthing happens during/after ZTP, the root-password is modified (required for ZTP to set up outbound-ssh) but the user-defined password config has not be configured. This API can be used to retrieve the temporary password.
POST /api/v1/sites/:site_id/devices/:device_id/request_ztp_password
{
"root_password": "ef8070ef8f924edb592e1819ed64b31172ab8de9d5cde75d3f46acd9506202ab9b1cbb97e381c5aa11037f17e5ed7b4b609461cd813d944670549d410ef82f2e"
}
For a brown-field switch deployment where we adopted the switch through Adoption Command, we do not wipe out / overwrite the existing config automatically. Instead, we generate CLI commands that we would have generated. The user can inspect, modify, and incorporate this into their existing config manually.
Once they feel comfortable about the config we generate, they can enable allow_mist_config where we will take full
control of their config like a claimed switch
GET /api/v1/sites/:site_id/devices/:device_id/config_cmd
| Name | Type | Description |
|---|---|---|
sort |
boolean |
Make output cmds sorted (for better readability) or not. False by default |
{
"cli": [
"set system hostname corp-a135"
...
]
}
EVPN allows an alternative but more efficient LAN architecture utilizing VxLAN / MP-BGP - separating control plane (MAC / IP Learning) from forwarding plane.
In our implementation, following the steps to deploy EVPN topologies in a Site
While all the evpn_id / downlink_ips can be specified by hand, the easiest way is to call the build_vpn_topology API,
allowing you to examine the diff, and update it yourself. You can also simply call it with overwrite=true which will
apply the updates for you.
Notes:
core / distribution / access to create a CLOS topologycore / distribution to form a 2-tier EVPN topology where ESI-Lag is configured distribution to
connect to access switchescollapsed-core can be used where core switches are the inter-connected to do EVPNPOST /api/v1/sites/:site_id/evpn_topologies
{
"overwrite": true
"name": "CC",
"pod_names": {
"1": "default",
"2": "default"
},
// evpn topology options
"evpn_options": {
"overlay": {
// optional, these are defaults
"as": 65000
},
"underlay": {
"as_base": 65001,
"router_id_prefix": "/24",
"subnet": "10.255.240.0/20", // underlay subnet, by default, 10.255.240.0/20, or 'fd31:5700::/64' for ipv6
// if v6 is desired for underlay
"use_ipv6": true
},
// optional, where virtual-gateway should reside
"routed_at": "edge", // edge (default) / core / distribution
// optional, for ERB or CLOS, you can either use esilag to upstream routers or to also be the virtual-gateway
"core_as_border": false, // when routed != "core", whether to do virtual-gateway at core as well, default is false
// inband-ztp
// if the mangement traffic goes inbnd, during installation, only the border/core switches are connected to the Internet
// to allow initial configuration to be pushed down and leave the downstream access switches stay in the Factory Default state
// enabling inband-ztp allows upstream switches to use LLDP to assign IP and gives Internet to downstream switches in that state
"enable_inband_ztp": true, // default is false
// by default, JUNOS uses 00-00-5e-00-01-01 as the virtual-gateway-address's v4-mac and 00-00-5e-00-02-01 for v6-mac
"per_vlan_vga_v4_mac": false, // if enabled, 00-00-5e-00-0X-YY will be used (where X=vlan_id/256, YY=vlan_id%256),
"per_vlan_vga_v6_mac": false, // if enabled, 00-00-5e-00-1X-YY will be used (where X=vlan_id/256, YY=vlan_id%256),
// optional, this generates router_id automatically, if specified, `router_id_prefix` is ignored
"auto_router_id_subnet": "100.100.0.0/24", // optional
"auto_router_id_subnet6": "fd31:5700:1::/64", // subnet for lo0.0 v6 IP, default is 'fd31:5700:1::/64'
// optional, for dhcp_relay, unique loopback IPs are required for ERB or IPClos where we can set option-82 server-id-overrides
"auto_loopback_subnet": "100.101.0.0/24",
"auto_loopback_subnet6": "fd33:ab00:2::/64",
// optional, for EX9200 only to seggregate virtual-switches
"vs_instances": {
"guest": {
"networks": ["guest"]
},
"iot": {
"networks": ["iot-wifi", "iot-lan"]
}
}
},
"switches": [
{
"mac": "5c5b35000003",
"role": "collapsed-core",
// by default, core switches are assumed to be connecting all pods
// if you want to limit the pods, you can specify pods
"pods": [ 1, 2 ]
},
{
"mac": "5c5b35000004",
"role": "collapsed-core",
},
{
"mac": "5c5b3500000f",
"role": "esilag-access",
// optionally, for distribution / access / esilag-access, they can be placed into different pods
// e.g. for CLOS, to group dist / access switches into pods
// for ERB/CRB, to group dist / esilag-access into pods
"pod": 1 // 1-255 (default is 1)
}
],
// common configs for all switches in the topology
"config": {
// see switch related in [Site Setting]
},
// switch-specific configs
"switch_configs": {
"5c5b35000003": {
// see switch related in [Site Setting]
},
...
}
}
{
"id": "9197ec96-4c8d-529f-c595-035895e688b2",
"name": "CC",
"pod_names": {
"1": "default",
"2": "default"
},
"switches": [
{
"mac": "5c5b35000003",
"model": "QFX10002-36Q",
"role": "collapsed-core",
// below are generated
"evpn_id": 1,
// the links, if not specified in the request, suggested ones will be used
"uplinks": ["5c5b35000005", "5c5b35000006"],
"downlinks": ["5c5b35000007", "5c5b35000008"],
"esilaglinks": ["5c5b3500000f"],
"site_id": "1916d52a-4a90-11e5-8b45-1258369c38a9",
"deviceprofile_id": "6a1deab1-96df-4fa2-8455-d5253f943d06",
// all the required links for this topology
"suggested_uplinks": ["5c5b35000005", "5c5b35000006"],
"suggested_downlinks": ["5c5b35000007", "5c5b35000008"],
"suggested_esilaglinks": ["5c5b3500000f"]
},
...
{
"mac": "5c5b3500000f",
"model": "EX4300-48P",
"role": "esilag-access",
"esilaglinks": ["5c5b35000003", "5c5b35000004"]
}
]
}
PUT /api/v1/sites/:site_id/evpn_topologies/:evpn_topology_id
{
"overwrite": false,
"switches": [
// to add a new node to the topology, add it with the desired role
{
"mac": "5c5b35000003",
"role": "collapsed-core"
},
// to remove a node from the topology, set the role to 'none'
{
"mac": "5c5b35000004",
"role": "none"
}
]
// to add switches to topology
}
Specify the actual physical ports you have used (or plan to use) to inter-connect the switches.
PUT /api/v1/sites/:site_id/devices/:device_id
{
"port_config": {
"ge-0/0/10-11": {"usage": "evpn_uplink"},
"ge-0/0/20-21": {"usage": "evpn_downlink"},
"ge-0/0/30-31": {"usage": "esilag"},
}
}
Note: only use one entry for the same evpn_uplink/evpn_downlink as the order is improtant. For example, the above config will configure 5c5b35000003’s ge-0/0/10 to connect to 5c5b35000005.
In a small-medium campus, EVPN can also be enabled only at the core switches (up to 4) by assigning all participating switches
with collapsed-core role. When there are more than 2 switches, a ring-like topology will be formed.
If the access switchess does not have EVPN support, you can take advantage of EVPN by setting up ESI-Lag on distribution switches
In the following example, two distribution switches
// on two aggragation switches where both ge-0/0/10's are intended to connect to access#1 and
// ge-0/0/11's to access#2
{
"port_config": {
"ge-0/0/10": {
"usage": "esilag",
"ae_idx": 1
},
"ge-0/0/11": {
"usage": "esilag",
"ae_idx": 2
},
}
}
// on two access switches that simply treat do normal port aggregation
{
"port_config": {
"ge-0/0/1-2": {
"usage": "esilag",
"aggregate": true
},
}
}
For leaf nodes in a EVPN topology, you’d have to configure the IPs for networks that would participate in EVPN. Optionally, VRFs to isolate traffic from one tenant verus another
{
"other_ip_configs": {
"guest": {
"ip": "192.168.70.1"
},
"iot-wifi": {
"ip": "192.168.80.1"
},
"iot-lan": {
"ip": "192.168.81.1"
},
},
// optionally VRF (this can be defined in site settings / network templates)
"vrf_instances": {
"guest": {
"networks": ["guest"]
},
"iot": {
"networks": ["iot-wifi", "iot-lan"]
}
},
# for the device
"vrf_config": {
"enabled": true
}
}
Get the existing EVPN topology
GET /api/v1/sites/:site_id/evpn_topologies
Get the existing EVPN topology
GET /api/v1/sites/:site_id/evpn_topologies/:evpn_topology_id
Delete existing EVPN topology
DELETE /api/v1/sites/:site_id/evpn_topologies/:evpn_topology_id
Rebuild existing EVPN topology
PUT /api/v1/sites/:site_id/evpn_topologies/:evpn_topology_id
Gateway comes with a default configuration with WAN + LAN where * WAN port gets IP from DHCP * LAN port(s) has an IP of 192.168.1.1/24 with DHCP Server
This is determined by the missing of port_config for a Gateway where the following are assumed, matching Gateway’s
factory-default config
"port_config": {
"ge-0/0/0": { // model-dependent
"usage": "wan"
},
"ge-0/0/1-5": { // model-dependent
"usage": "lan",
"port_network": "default"
}
}
To start adding configs, say to use static IP on WAN and change the subnet on LAN side to use 192.168.30.0/24
"port_config": {
"ge-0/0/0": {
"usage": "wan",
"ip_config": {
"ip': "63.31.5.7",
"netmask": "/32",
"gateway": "63.31.5.254"
}
},
"ge-0/0/1-5": {
"usage": "lan",
"port_network": "default"
}
},
"ip_configs": {
"default": {
"type": "static",
"ip": "192.168.30.1",
"netmask": "/24"
}
},
// dhcpd_config is assumed to be enabled for `default` network and
Sample port-mirror config for SRX devices
"port_mirroring": {
"port_mirror": {
"run_length": 12,
"rate": 2,
"family_type": 'inet',
"ingress_port_ids": ["ge-0/0/3", "ge-0/0/4"],
"output_port_id": "ge-0/0/5",
}
}
see Networks
networks can be configured directly in Gateway Config directly for smaller deployemnt (e.g. Home, Testing)
see Services
services can also be configured directly in Gateway Config directly for smaller deployemnt (e.g. Home, Testing)
{
"name": "corp-a135",
// gateways use/share `networks` that switches uses
"networks": {
// see Gateway Template
},
"port_config": {
// see Gateway Template
},
"ip_configs": {
"corp": {
"type": "static",
"ip": "192.168.10.1"
}
},
"dhcpd_config": {
"enabled": true,
"corp": {
"type": "local", // local (default) / relay / none
"ip_start": "192.168.70.100",
"ip_end": "192.168.70.200",
"gateway": "192.168.70.1",
// optional, system one will be used
"dns_servers": [ "8.8.8.8", "4.4.4.4" ],
"dns_suffix": [ ".mist.local", ".mist.com" ],
// fixed binding
"fixed_bindings": {
"5684dae9ac8b": {
"name": "John",
"ip": "192.168.70.35"
}
},
// server_options
"options": {
"80": {
"type": "string", // string / boolean / ip / hex / int16 / int32 / uint16 / uint32
"value": "string", // string
"value": "686578", // hex
"value": "true", // single boolean
"value": "1.1.1.1,2.2.2.2" // list of ip addresses, comma-separated
}
},
"vendor_encapsulated": {
// <enterprise number>:<sub option code>
// enterprise number": 25300, // 1-65535 (https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers)
// sub option code": 8, // 1-255, sub-option code
"25300:8": {
"type": "string", // string / boolean / ip / hex / int16 / int32 / uint16 / uint32
"value": ... // see above
}
},
//
// if using DHCP relay
//
"type": "relay",
"servers": ["11.2.3.4"],
// server_id_override
// Default is false.
// True means the device, when acts as DHCP relay and forwards DHCP responses from DHCP server to clients,
// should overwrite the Sever Identifier option (i.e. DHCP option 54) in DHCP responses with its own IP address.
"server_id_override": true
}
},
"extra_routes": {
"0.0.0.0/0": {
"via": "10.2.1.1"
}
},
"oob_ip_config": {
// fxp0 IP config
"type": "static",
"ip": "192.168.50.3",
"netmask": "255.255.255.0",
// when there are 2 routing engines, re1 mgmt IP has to be set separately (if desired)
"re1": {
// same payload as `ip_config` except dns / dns_suffix / gateway
},
// if supported on the platform, whether to place OOB port into it's own RI (mgmt_junos)
// https://www.juniper.net/documentation/us/en/software/junos/junos-getting-started/topics/topic-map/management-interface-in-non-default-instance.html
"use_mgmt_vrf": false // false (default) / true
},
"ntp_servers": [
"pool.ntp.org",
"time.google.com"
],
// for an adopted gateway/switches, this can be enabled to make it fully-managed by mist
"managed": false,
// additional CLI commands to append to the generated config
// NOTE: no check is done
"additional_config_cmds": [
"set snmp community public"
],
"vars": {
"RADIUS_SECRET": "11s64632d",
"RADIUS_IP1": "172.31.2.5"
},
"deviceprofile_id": "6f4bf402-45f9-2a56-6c8b-7f83d3bc98e9",
"image1_url": "https://url/to/image.png"
}
Attach up to 3 images to a device
POST /api/v1/sites/:site_id/devices/:device_id/image1
POST /api/v1/sites/:site_id/devices/:device_id/image2
POST /api/v1/sites/:site_id/devices/:device_id/image3
A multi-part POST
"file": a binary file
Delete background image for Portal
DELETE /api/v1/sites/:site_id/devices/:device_id/image1
DELETE /api/v1/sites/:site_id/devices/:device_id/image2
DELETE /api/v1/sites/:site_id/devices/:device_id/image3
Locate a Device by blinking it’s LED, it’s a persisted state that has to be stopped by calling Stop Locating API
POST /api/v1/sites/:site_id/devices/:device_id/locate
Locate a Switch by blinking all port LEDs. By default, request is sent to ‘master’ switch and LEDs will keep flashing for 5 minutes. In case of virtual chassis (VC) the desired member mac has to be passed in the request payload. At anypoint, only one VC member can be requested to flash the LED. To stop LED flashing before the duration ends /unlocate API request can be made. If /unlocate API is not called LED will continue to flash on device for the given duration. Default duration is 5 minutes and 120 minutes is the maximum.
POST /api/v1/sites/:site_id/devices/:device_id/locate
{
"mac": "f01c2d4ff760", // optional: for virtual chassis, the MAC of the member
"duration": 5 // minutes (1 - 120, default is 5)
}
| Name | Type | Description |
|---|---|---|
mac |
string |
optional: member mac address, default is master mac address |
duration |
int |
optional: minutes the leds should keep flashing, default - 5 minutes, maximum 120 minutes |
Status: 200 OK - locating requested
Status: 400 couldn't find member mac
Stop Locate a Device
POST /api/v1/sites/:site_id/devices/:device_id/unlocate
Restart / Reboot a device
POST /api/v1/sites/:site_id/devices/:device_id/restart
{
// optional: for SSR, if node is not present, both nodes are restarted
// for other devices, node should not be present
"node": "node0",
// optional for VC member
"member": 1
}
Status: 200 OK
Note that only the devices that are connected will be restarted.
POST /api/v1/sites/:site_id/devices/restart
{
"device_ids": [
"00000000-0000-0000-1000-5c5b35584a6f",
"00000000-0000-0000-1000-5c5b350ea3b3"
]
// optional: for SSR, if node is not present, both nodes are restarted
// for other devices, node should not be present
"node": "node0"
}
Status: 200 OK
POST /api/v1/sites/:site_id/devices/:device_id/snapshot
Create recovery device snapshot (Available on Junos OS EX2300-, EX3400-, EX4400- devices)
Status: 200 OK
Status: 400 - snapshot not supported
Status: 400 - cannot snapshot an offline device
POST /api/v1/sites/:site_id/devices/:device_id/clear_pending_version
Clear device pending fw version (Available on Junos OS EX2300-, EX3400-, EX4000-, EX4100-, EX4400- devices)
Status: 200 OK
Status: 400 - clear-pending-fw-version not supported
Status: 400 - cannot clear pending version on an offline device
POST /api/v1/sites/:site_id/devices/clear_pending_version
Clear device pending fw version (Available on Junos OS EX2300-, EX3400-, EX4000-, EX4100-, EX4400- devices)
Status: 200 OK
Status: 400 - clear-pending-version not supported
Status: 400 - cannot clear pending version on an offline device
POST /api/v1/sites/:site_id/devices/:device_id/restore_backup_version
Restore device backup fw version (Available on Junos OS EX2300-, EX3400-, EX4000-, EX4100-, EX4400- devices)
Status: 200 OK
Status: 400 - restore-backup-fw-version not supported
Status: 400 - cannot restore backup version on an offline device
POST /api/v1/sites/:site_id/devices/restore_backup_version
Restore device backup fw version (Available on Junos OS EX2300-, EX3400-, EX4000-, EX4100-, EX4400- devices)
Status: 200 OK
Status: 400 - restore-backup-version not supported
Status: 400 - cannot restore backup version on an offline device
Support / Upload device support files
POST /api/v1/sites/:site_id/devices/:device_id/support
{
"info": "process"
"node": "node0"
}
| Name | Type | Description |
|---|---|---|
info |
string |
optional: full (default), see info param table for list of choices |
num_messages_files |
int |
optional: number of most recent messages files to upload, default is 1, max is 10 |
node |
string |
optional: for SSR, if node is not present, both nodes support files are uploaded |
| Name | Type | Description |
|---|---|---|
process |
string |
Upload 1 file with output of show system processes extensive |
outbound-ssh |
string |
Upload 1 file that concatenates all /var/log/outbound-ssh.log* files |
messages |
string |
Upload 1 to 10 /var/log/messages* files |
core-dumps |
string |
Upload all core dump files, if any found |
full |
string |
Upload 1 file with output of request support information, 1 file that concatenates all /var/log/outbound-ssh.log* files, all core dump files, the 5 most recent /var/log/messages* files, and Mist agent logs |
var-logs |
string |
Upload all non-empty files in the /var/log/ directory |
Status: 200 OK - uploading started
Status: 400 Device not online
POST /api/v1/sites/:site_id/devices/:device_id/synthetic_test
{
"type": "dns", // dns / arp / dhcp / curl / radius / speedtest / dhcp6 / lan_connectivity
"vlan_id": 30, // required for AP
"tenant": "lan_network1", // for curl/ lan_connectivity
// type = dns
"hostname": "google.com".
// type = arp
"ip": "192.168.3.5",
// type = curl
"url": "https://www.example.com",
"timeout": 60, // max_time, default is 60, Range 30-120
// type = radius
"username": "user",
"password": "test123",
// type = speedtest
"port_id": "wan0", // required for ssr
// type = lan_connectivity
"protocol": "ping", // ping / traceroute / ping+traceroute(default)
"host": "www.example.com",
"ping_details": false, // false(default) / true
"ping_count": 10, // default is 10, max 60
"ping_size": 56, // default is 56. Range 56-65535
"traceroute_udp_port": 33434, // SRX only, traceroute udp port (default is 33434),
}
Status: 200 OK - scheduled
Status: 400 Device not online
Status: 400 Device not supported
Status: 400 already in progress
GET /api/v1/sites/:site_id/devices/:device_id/synthetic_test
{
// TBD extra information populated
"start_time": 1675718807,
"device_type": "gateway",
"type": "speedtest",
"mac": "5c5b35584a6f",
"port_id": "ge-0/0/1.100",
"status": "inprogress"
}
POST /api/v1/sites/:site_id/devices/:device_id/upgrade_bios
Upgrade device bios
{
"version": "CDEN_P_EX1_00.20.01.00"
}
| Name | Type | Description |
|---|---|---|
version |
string |
specific bios version |
reboot |
boolean |
Reboot device immediately after upgrade is completed, default is false |
{
"timestamp": 1428949501,
"status": "inprogress",
}
POST /api/v1/sites/:site_id/devices/upgrade_bios
{
"version": "CDEN_P_EX1_00.15.01.00",
// filters that can be used, if no filter specified, it means entire site
"device_ids": [
"00000000-0000-0000-1000-5c5b35584a6f"
],
"models": [
"EX4400-48T"
]
}
| Name | Type | Description |
|---|---|---|
version |
string |
specific bios version |
reboot |
boolean |
Reboot device immediately after upgrade is completed. default is false |
device_ids |
list |
list of device id to upgrade bios |
models |
list |
list of device model to upgrade bios |
POST /api/v1/sites/:site_id/devices/:device_id/upgrade_fpga
Upgrade device bios
{
"version": "REV37"
}
| Name | Type | Description |
|---|---|---|
version |
string |
specific fpga version |
{
"timestamp": 1428949501,
"status": "inprogress",
}
POST /api/v1/sites/:site_id/devices/upgrade_fpga
{
"version": "REV37",
// filters that can be used, if no filter specified, it means entire site
"device_ids": [
"00000000-0000-0000-1000-5c5b35584a6f"
],
"models": [
"EX2300-24MP"
]
}
| Name | Type | Description |
|---|---|---|
version |
string |
specific fpga version |
device_ids |
list |
list of device id to upgrade fpga |
models |
list |
list of device model to upgrade fpga |
POST /api/v1/sites/:site_id/devices/:device_id/upgrade
Upgrade device firmware
{
"version": "3.1.5"
}
| Name | Type | Description |
|---|---|---|
version |
string |
specific version / stable, default is to use the latest |
reboot |
boolean |
Reboot device immediately after upgrade is completed, default is false (Available on Junos OS devices) |
snapshot |
boolean |
Perform recovery snapshot after device is rebooted, default is false (Available on Junos OS devices) |
{
"timestamp": 1428949501,
"status": "inprogress",
"status_id": 5
}
| Name | Type | Description |
|---|---|---|
timestamp |
float |
timestamp |
status |
string |
starting / inprogress / success / error / scheduled |
status_id |
int |
the internal status id |
Note that this call doesn’t guarantee the devices to be upgraded right away (they may be offline)
POST /api/v1/sites/:site_id/devices/upgrade
| Name | Type | Description |
|---|---|---|
reboot |
boolean |
Reboot device immediately after upgrade is completed. default is false (Available on Junos OS devices) |
snapshot |
boolean |
Perform recovery snapshot after device is rebooted. default is false (Available on Junos OS devices) |
{
"version": "3.1.5",
"enable_p2p": true,
"p2p_parallelism": 2,
"p2p_cluster_size": 10,
// filters that can be used, if no filter specified, it means entire site
"device_ids": [
"00000000-0000-0000-1000-5c5b35584a6f"
],
"models": [
"AP41"
],
"rules": [
{
// all AP63's in this site will be selected for upgrade
"match_model": "AP63"
},
{
// AP43's whose name has the word 'access' from character 2 to 7 will be selected for upgrade
"match_model": "AP43",
"match_name[2:8]": "access"
}
],
"strategy": "canary",
"canary_phases": [5,25,50,100],
"max_failures": [1,1,5,5], // will be used if provided, else max_failure_percentage will be used
"max_failure_percentage": 5
"start_time": 1624399840,
"reboot_at": 1624399840,
"force": True,
// rrm
"rrm_node_order": "fringe_to_center",
"rrm_slow_ramp": true,
"rrm_max_batch_percentage": 10,
"rrm_first_batch_percentage": 2,
"rrm_mesh_upgrade": "parallel"
}
| Name | Type | Description |
|---|---|---|
version |
string |
specific version / stable, default is to use the latest |
enable_p2p |
boolean |
whether to allow local AP-to-AP FW upgrade |
p2p_parallelism |
int |
number of parallel p2p download batches to create, default is 1 |
p2p_cluster_size |
int |
size to split the devices for p2p, default 10 |
device_ids |
array of strings |
id’s of devices which will be selected for upgrade |
models |
array of strings |
models which will be selected for upgrade |
rules |
array of objects |
rules used to identify devices which will be selected for upgrade. Device will be selected as long as it satisfies any one rule |
strategy |
string |
big_bang(upgrade all at once), serial(one at a time), canary or rrm, default is big_bang |
canary_phases |
array of ints |
phases for canary deployment. Each phase represents percentage of devices that need to be upgraded in that phase. default is [1, 10, 50, 100] |
max_failures |
array of ints |
number of failures allowed within each phase. Only applicable for canary. Array length should be same as canary_phases. Will be used if provided, else max_failure_percentage will be used |
max_failure_percentage |
int |
percentage of failures allowed across the entire upgrade(not applicable for big_bang), default is 5 |
rrm_node_order |
string |
fringe_to_center or center_to_fringe (default fringe_to_center). Used in rrm to determine whether to start upgrade from fringe or center AP’s |
rrm_slow_ramp |
boolean |
true will make rrm batch sizes slowly ramp up |
rrm_max_batch_percentage |
int |
max percentage of AP’s that need to be present in each rrm batch |
rrm_first_batch_percentage |
int |
percentage of AP’s that need to be present in the first rrm batch |
rrm_mesh_upgrade |
string |
sequential or parallel (default parallel). Whether to upgrade mesh AP’s parallelly or sequentially at the end of the upgrade |
start_time |
long |
firmware download start time in epoch seconds, default is now |
reboot_at |
long |
reboot start time in epoch seconds, default is start_time |
force |
bool |
true will force upgrade when requested version is same as running version |
| Name | Type | Description |
|---|---|---|
match_model |
string |
match devices of this model. Can optionally use offsets to select a substring. For eg: match_model[1:3] |
match_name |
string |
match devices with this name. Can optionally use offsets to select a substring. For eg: match_name[1:3] |
GET /api/v1/sites/:site_id/devices/upgrade
GET /api/v1/sites/:site_id/devices/upgrade?status=completed
{
[{
"id": "e110e3ef-5ce9-4c7c-a056-714f154f354f",
"target_version": "apfw-0.7.20216-gilly-d4fc",
"status": "downloading",
"strategy": "big_bang",
"enable_p2p": false,
"force": true,
"start_time": 1624499588,
"reboot_at": 1624499588,
"max_failure_percentage": 5,
"counts": {
"download_requested": 1,
"downloaded": 2,
"total": 3
}
},
{
"id": "57bf9d30-bd30-48e6-bb76-43c2efa375dc",
"target_version": "apfw-0.7.20216-gilly-d4fc",
"status": "completed",
"strategy": "serial",
"enable_p2p": false,
"force": false,
"start_time": 1624499588,
"reboot_at": 1624499588,
"max_failure_percentage": 5,
"counts": {
"upgraded": 2,
"failed": 1,
"total": 3
}
}
]
}
GET /api/v1/sites/:site_id/devices/upgrade/:upgrade_id
{
"id": "b040efc5-6bb0-423e-8f7d-66d80176aa71",
"target_version": "apfw-0.11.25907-kedge-9019",
"status": "completed",
"strategy": "big_bang",
"enable_p2p": true,
"force": true,
"start_time": 1648752756,
"reboot_at": 0,
"targets": {
"scheduled": [],
"download_requested": [],
"downloaded": [],
"reboot_in_progress": [],
"rebooted": [],
"upgraded": [
"5c5b354e35f7",
"5c5b353e537a"
],
"skipped": [],
"failed": [
"5c5b353e190a"
],
"total": 3
}
}
| Name | Type | Description |
|---|---|---|
id |
uuid |
unique id for the upgrade |
target_version |
string |
version to upgrade to |
status |
string |
status upgrade is in (created/downloading/downloaded/upgrading/completed/cancelled/failed) |
strategy |
string |
upgrade strategy |
enable_p2p |
bool |
whether to allow local AP-to-AP FW upgrade, default False |
p2p_cluster_size |
int |
size to split the devices for p2p, default 10 |
force |
bool |
whether to force upgrade when requested version is same as running version |
start_time |
int |
firmware download start time in epoch |
reboot_at |
int |
reboot start time in epoch |
max_failure_percentage |
int |
percentage of failures allowed |
max_failures |
array of ints |
number of failures allowed within a canary phase or serial rollout |
current_phase |
int |
current canary/rrm phase in progress |
upgrade_plan |
object |
a dictionary of canary/rrm phase number to devices part of that phase |
download_time |
string |
time taken to download firmware on all devices |
upgrade_time |
string |
time taken to upgrade firmware all devices |
counts.total |
int |
count of devices part of this upgrade |
counts.scheduled |
int |
count of devices which cloud has scheduled an upgrade for |
counts.download_requested |
int |
count of devices which cloud has requested to download firmware |
counts.downloaded |
int |
count of devices which have the firmware downloaded |
counts.reboot_in_progress |
int |
count of devices which are rebooting |
counts.rebooted |
int |
count of devices which have rebooted successfully |
counts.upgraded |
int |
count of devices which have upgraded successfully |
counts.skipped |
int |
count of devices which skipped upgrade since requested version was same as running version. Use force to always upgrade |
counts.failed |
int |
count of devices which have failed to upgrade |
Best effort to cancel an upgrade. Devices which are already upgraded wont be touched
POST /api/v1/sites/:site_id/devices/upgrade/:upgrade_id/cancel
To force every device to reprovision itself again. By default, only APs are reprovisioned
POST /api/v1/sites/:site_id/devices/reprovision
To force one device to reprovision itself again.
POST /api/v1/sites/:site_id/devices/:device_id/reprovision
POST /api/v1/sites/:site_id/devices/zerioze
{
"password": "NUKETHESITE"
}
| Name | Type | Description |
|---|---|---|
password |
string |
FIPS zeroize password |
Note that only the devices that are connected will be restarted.
POST /api/v1/sites/:site_id/devices/send_ble_beacon
{
// by default, all APs in the site will be considered
"macs": [
"5c5b35584a6f",
"5c5b350ea3b3"
],
"map_ids": [ "845a23bf-bed9-e43c-4c86-6fa474be7ae5" ],
"beacon_frame": "68b329da9893e34099c7d8ad5cb9c940",
"beacon_freq": 100,
"duration": 10, // 1 - 60
}
Ping test from the AP to confirm ‘reachability’ of the Radius server. Utilize Juniper EX switch(to which an AP is connected to) radius test capabilities to get details on the Radius Server ‘availability’.
POST /api/v1/sites/:site_id/devices/:device_id/check_radius_server
{
"user": "username",
"password": "password",
"profile": "profilename"
}
| Name | Type | Description |
|---|---|---|
user |
string |
Specify the subscriber username to test |
password |
string |
Specify the password associated with the username |
profile |
string |
(Optional) Specify the access profile associated with the subscriber. default is dot1x |
{
"session": "session_id"
}
Ping can be performed from the Device. The output will be available through websocket. As there can be multiple command
issued against the same AP at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/ping
{
"host": "1.1.1.1",
"count": 10
}
| Name | Type | Description |
|---|---|---|
host |
string |
host name |
count |
int |
(Optional) Supported only for ping. default is 10 |
size |
int |
(Optional) default is 56. Range 56-65535 |
egress_interface |
string |
(Optional) Interface through which packet needs to egress |
node |
string |
(Optional) node0 / node1 for HA |
{
"session": "session_id"
}
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/devices/:device_id/cmd"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/devices/00000000-0000-0000-1000-5c5b350e0060/cmd",
"data": {
"session": "session_id",
"raw": "64 bytes from 23.211.0.110: seq=8 ttl=58 time=12.323 ms\n"
}
}
Service Ping can be performed from the Device. The output will be available through websocket. As there can be multiple command
issued against the same device at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/service_ping
{
"host": "1.1.1.1",
"count": 10,
"service": "web-session"
}
| Name | Type | Description |
|---|---|---|
host |
string |
host name |
service |
string |
(Optional) ping packet takes the same path as the service |
tenant |
string |
tenant context in which the packet is sent |
count |
int |
(Optional) Supported only for ping. default is 10 |
size |
int |
(Optional) default is 56. Range 56-65535 |
node |
string |
(Optional) node0 / node1 for HA |
{
"session": "session_id"
}
Get routes from the Device. The output will be available through websocket. As there can be multiple command
issued against the same device at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/show_route
{
// all attributes are optional
"prefix": "192.168.0.5/30",
"protocol": "bgp", // bgp (default) / any / ospf / static / direct / evpn
"vrf": "default",
"neighbor": "192.168.4.1",
// if specified, dump both received and advertised
// for SSR, show bgp neighbors 10.250.18.202 received-routes/advertised-routes
// for SRX & Switches, show route receive-protocol/advertise-protocol bgp 192.168.255.12
"route"": "advertised"
}
| Name | Type | Description |
|---|---|---|
prefix |
string |
(optional) route prefix |
protocol |
string |
(optional) Supported only for bgp |
vrf |
string |
(optional) VRF name |
neighbor |
string |
(optional) IP of the neighbor |
route |
string |
if neighbor is specified, received / advertised, if not specified, both will be shown |
node |
string |
(Optional) node0 / node1 for HA |
interval |
int |
(Optional) rate at which output will refresh, default is 0 and valid range 0-10. |
duration |
int |
(Optional) duration in sec for which refresh is enabled, default is 0 and valid range 0-300 sec. Should be set only if interval is configured to non-zero value. |
{
"session": "session_id"
}
admin@labsystem1.fiedler# show bgp neighbors
BGP neighbor is 192.168.4.1, remote AS 4200000001, local AS 4200000128, external
link
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, up for 00:27:25
Last read 00:00:25, hold time is 90, keepalive interval is 30 seconds
Configured hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
4 Byte AS: advertised and received
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Graceful Restart Capabilty: advertised and received
Remote Restart timer is 120 seconds
Address families by peer:
none
...
Get bgp summary from the Device. The output will be available through websocket. As there can be multiple command
issued against the same device at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/show_bgp_summary
{
"node": "node0",
}
| Name | Type | Description |
|---|---|---|
node |
string |
(Optional) node0 / node1 for HA |
vrf |
string |
(Optional) VRF name |
{
"session": "session_id"
}
Tue 2024-04-23 16:36:06 UTC
Retrieving bgp entries...
BGP table version is 354, local router ID is 10.224.8.16, vrf id 0
Default local pref 100, local AS 65000
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 161.161.161.0/24
Get OSPF summary from the Device. The output will be available through websocket. As there can be multiple command
issued against the same device at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/show_ospf_summary
{
"vrf": "lan"
}
| Name | Type | Description |
|---|---|---|
vrf |
string |
(optional) VRF name |
node |
string |
(optional) node0 / node1 for HA |
{
"session": "session_id"
}
===== =========== ========== ============= ==================== ========= =========== =============
Vrf Router ID ABR Type ASBR Router External LSA Count Area ID Area Type Area Border
Router
===== =========== ========== ============= ==================== ========= =========== =============
1.0.0.2 cisco False 0 0.0.0.0
1.0.0.2 cisco False 0 0.0.0.4 default
Get OSPF interfaces from the Device. The output will be available through websocket. As there can be multiple command
issued against the same device at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/show_ospf_interfaces
{
"port_id": "ge-0/0/2",
"vrf": "lan"
}
| Name | Type | Description |
|---|---|---|
port_id |
string |
(optional) The nework interface |
vrf |
string |
(optional) VRF name |
node |
string |
(optional) node0 / node1 for HA |
{
"session": "session_id"
}
===== ================== =================== ============== =============== =========== ========= ===========
Vrf Device Interface Network Interface Interface Up IP Address OSPF Type Area ID Area Type
===== ================== =================== ============== =============== =========== ========= ===========
net1 g1 True 172.16.1.2/24 Broadcast 0.0.0.0 default
net3 g3 True 172.16.3.2/24 Broadcast 0.0.0.0 default
net4 g4 True 172.16.4.2/24 Broadcast 0.0.0.4 default
Get OSPF Neighbors from the Device. The output will be available through websocket. As there can be multiple command
issued against the same device at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/show_ospf_neighbors
{
"neighbor": "10.1.1.1",
"port_id": "ge-0/0/3",
"vrf": "lan"
}
| Name | Type | Description |
|---|---|---|
neighbor |
string |
(optional) IP address |
port_id |
string |
(optional) The nework interface |
vrf |
string |
(optional) VRF name |
node |
string |
(optional) node0 / node1 for HA |
{
"session": "session_id"
}
===== ==================== ========== ======= ======== ================ =================== =================
Vrf Neighbor Router ID Priority State Uptime Dead Timer Due Interface Address Interface State
===== ==================== ========== ======= ======== ================ =================== =================
1.0.0.3 1 Full 852 38 172.16.3.2 Backup
1.0.0.4 1 Full 811 33 172.16.3.2 DROther
1.0.0.3 1 Full 852 38 172.16.4.2 Backup
1.0.0.4 1 Full 811 34 172.16.4.2 DROther
Get OSPF Database from the Device. The output will be available through websocket. As there can be multiple command
issued against the same device at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/show_ospf_database
{
"self_originate": true, // default is false
"vrf": "lan"
}
| Name | Type | Description |
|---|---|---|
self_originate |
boolean |
(optional) show originating info, default is false |
vrf |
string |
(optional) VRF name |
node |
string |
(optional) node0 / node1 for HA |
{
"session": "session_id"
}
===== ========= ========== ============ ==================== ====== =================
Vrf Area ID LSA Type LSA ID Advertising Router Age Sequence Number
===== ========= ========== ============ ==================== ====== =================
0.0.0.0 Router 1.0.0.2 1.0.0.2, (self) 1264 2147483657
0.0.0.0 Router 1.0.0.3 1.0.0.3 1265 2147483657
0.0.0.0 Router 1.0.0.4 1.0.0.4 1264 2147483654
0.0.0.0 Network 172.16.3.2 1.0.0.2, (self) 1264 2147483650
0.0.0.0 Summary 172.16.2.0 1.0.0.4 1265 2147483649
0.0.0.0 Summary 172.16.4.0 1.0.0.2, (self) 1410 2147483649
0.0.0.0 Summary 172.16.4.0 1.0.0.3 1310 2147483649
0.0.0.0 Summary 172.16.4.0 1.0.0.4 1255 2147483649
0.0.0.4 Router 1.0.0.2 1.0.0.2, (self) 1264 2147483654
0.0.0.4 Router 1.0.0.3 1.0.0.3 1265 2147483654
0.0.0.4 Router 1.0.0.4 1.0.0.4 1230 2147483657
0.0.0.4 Network 172.16.4.2 1.0.0.2, (self) 1264 2147483650
0.0.0.4 Summary 172.16.1.0 1.0.0.2, (self) 1410 2147483649
0.0.0.4 Summary 172.16.1.0 1.0.0.3 1286 2147483649
0.0.0.4 Summary 172.16.1.0 1.0.0.4 1255 2147483649
0.0.0.4 Summary 172.16.3.0 1.0.0.2, (self) 1410 2147483649
0.0.0.4 Summary 172.16.3.0 1.0.0.3 1310 2147483649
0.0.0.4 Summary 172.16.3.0 1.0.0.4 1255 2147483649
Get service path information of the Device. The output will be available through websocket. As there can be multiple command
issued against the same device at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/show_service_path
{
// all attributes are optional
"service_name": "any"
}
| Name | Type | Description |
|---|---|---|
service_name |
string |
(Optional) The exact service name for which to display the service path |
node |
string |
(Optional) node0 / node1 for HA |
{
"session": "session_id"
}
show service-path
Service Service-route Type Destination Next-Hop Interface Vector Cost Rate Capacity State
Web web-route1 service-agent 4.4.4.4 1.1.1.2 lan red 10 1 200/3000 Up*
Web web-route1 service-agent 4.4.4.4 1.1.1.3 lan red 10 1 200/3000 Up
Web web-route2 service-agent 5.5.5.5 2.2.2.2 lan blue 20 2 50/unlimited Down
Login <None> BgpOverSVR 10.1.1.1 1.2.3.4 wan red 10 3 - Up
Login <None> BgpOverSVR 11.1.1.1 1.2.3.4 wan red 10 1 - Up
App1 <None> Routed - - - - - - - -
App1 learned-routed Routed - - - - - - - -
Get active sessions passing through the Device. The output will be available through websocket. As there can be multiple command
issued against the same device at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/show_session
{
// all attributes are optional
"service_name": "any"
}
| Name | Type | Description |
|---|---|---|
service_name |
string |
(Optional) The exact service name for which to display the active sessions |
session_id |
string |
(Optional) Show session details by session_id |
node |
string |
(Optional) node0 / node1 for HA |
{
"session": "session_id"
}
admin@ssr.node# show sessions
Fri 2020-04-17 16:55:34 UTC
Node: node1
====================================== ===== ============= =========== ========== ====== ======= ================= ========== ================= =========== ================= ========== =================== ========= =================
Session Id Dir Service Tenant Dev Name VLAN Proto Src IP Src Port Dest IP Dest Port NAT IP NAT Port Payload Encrypted Timeout Uptime
====================================== ===== ============= =========== ========== ====== ======= ================= ========== ================= =========== ================= ========== =================== ========= =================
01187fb8-765a-45e5-ae90-37d77f15e292 fwd Internet lanSubnet lan 0 udp 192.168.0.28 44674 35.166.173.18 9930 96.230.191.130 19569 false 154 0 days 0:00:28
01187fb8-765a-45e5-ae90-37d77f15e292 rev Internet lanSubnet wan 0 udp 35.166.173.18 9930 96.230.191.130 19569 0.0.0.0 0 false 154 0 days 0:00:28
0859a4ae-bcff-4aa6-b812-79a5236a6c13 fwd Internet lanSubnet lan 0 tcp 192.168.0.41 60843 17.249.171.246 443 96.230.191.130 51941 false 2 0 days 0:00:10
admin@node0.90ec7732e327# show sessions by-id 262900cd-bca8-443a-8aab-e5c93d147ab5
Wed 2024-06-26 20:37:48 UTC
Retrieving session information...
=======================================================================================================================================================================================
90ec7732e327.node0 Session ID: 262900cd-bca8-443a-8aab-e5c93d147ab5
=======================================================================================================================================================================================
Service Name: Internet
Service Route Name: Internet-sr-local-breakout-1-node0
Session Source: SourceType: PUBLIC
Session Type: HTTPS
Service Class: service-class-0-low
Source Tenant: LAN
Peer Name: N/A
Inter Node: N/A
Inter Router: N/A
Ingress Source Nat: N/A
Payload Security Policy: internal
Payload Encrypted: True
Common Name Info: N/A
Tcp Time To Establish: 76
Tls Time To Establish: 76
Domain Name: N/A
Uri: N/A
Category: N/A
...
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/devices/:device_id/cmd"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/devices/00000000-0000-0000-1000-5c5b350e0060/cmd",
"data": {
"session": "session_id",
"raw": "64 bytes from 23.211.0.110: seq=8 ttl=58 time=12.323 ms\n"
}
}
ARP can be performed on the Device. The output will be available through websocket. As there can be multiple command
issued against the same AP at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/arp
| Name | Type | Description |
|---|---|---|
node |
string |
(Optional) node0 / node1 for HA |
{
"session": "session_id"
}
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/devices/:device_id/cmd"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/devices/00000000-0000-0000-1000-5c5b350e0060/cmd",
"data": {
"session": "session_id",
"raw": "Output": "\tMAC\t\tDEV\tVLAN\tRx Packets\t\t Rx Bytes\t\tTx Packets\t\t Tx Bytes\tFlows\tIdle..."
}
}
Traceroute can be performed from the Device. The output will be available through websocket. As there can be multiple
command issued against the same AP at the same time and the output all goes through the same websocket stream, session
is introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/traceroute
{
"host": "1.1.1.1",
"protocol": "udp",
"port": 33434,
"timeout": 120,
// for SSR, optional, the source to initiate traceroute from. by default, host internal is assumed
"network": "corp"
// for SRX, optional, the source to initiate traceroute from. by default, master VRF/RI is assumed
"vrf": "lan"
}
| Name | Type | Description |
|---|---|---|
host |
string |
host name |
protocol |
string |
udp (default) /icmp (only supported in AP/MxEdge) |
port |
int |
when protocol=udp, the udp port to use (default is 33434), not supported in SSR |
timeout |
uint |
maximum time in seconds to wait for the response (default is 60, not supported in SSR) |
network |
string |
The network on behalf of whom the traceroute is to be run (default is ‘internal’). |
node |
string |
(Optional) node0 / node1 for HA |
Show ARP Table. The output will be available through websocket.
POST /api/v1/sites/:site_id/devices/:device_id/show_arp
{
// all optional
"ip": "192.168.30.7”,
"port_id": "ge-0/0/0.0",
"vrf": "guest"
}
| Name | Type | Description |
|---|---|---|
ip |
string |
(optional) IP address |
port_id |
string |
(optional) port id |
vrf |
string |
(Optional) vrf name |
interval |
int |
(Optional) rate at which output will refresh, default is 0 and valid range 0-10. |
duration |
int |
(Optional) duration in sec for which refresh is enabled, default is 0 and valid range 0-300 sec. Should be set only if interval is configured to non-zero value. |
Status: 200 OK
{
"session": "session_id"
}
Show MAC Table. The output will be available through websocket.
POST /api/v1/sites/:site_id/devices/:device_id/show_mac_table
{
"mac": "112233445566”,
"vlan_id": 1,
"port_id": "ge-0/0/0.0"
}
| Name | Type | Description |
|---|---|---|
mac |
string |
(optional) mac address |
vlan_id |
int |
(optional) vlan id |
port_id |
string |
(optional) port id |
interval |
int |
(Optional) rate at which output will refresh, default is 0 and valid range 0-10. |
duration |
int |
(Optional) duration in sec for which refresh is enabled, default is 0 and valid range 0-300 sec. Should be set only if interval is configured to non-zero value. |
Clear MAC Table. The output will be available through websocket.
POST /api/v1/sites/:site_id/devices/:device_id/clear_mac_table
{
"mac": "112233445566”,
"vlan_id": 1,
"port_id": "ge-0/0/0.0"
}
| Name | Type | Description |
|---|---|---|
mac |
string |
(optional) mac address |
vlan_id |
int |
(optional) vlan id |
port_id |
string |
(optional) port name |
Status: 200 OK
{
"session": "session_id"
}
Show EVPN Database. The output will be available through websocket.
POST /api/v1/sites/:site_id/devices/:device_id/show_evpn_database
{
// all optional
"mac": "f8c1165c6400”,
"port_id": "ge-0/0/0.0"
}
| Name | Type | Description |
|---|---|---|
mac |
string |
(optional) client mac filter |
port_id |
string |
(optional) interface name |
interval |
int |
(Optional) rate at which output will refresh, default is 0 and valid range 0-10. |
duration |
int |
(Optional) duration in sec for which refresh is enabled, default is 0 and valid range 0-300 sec. Should be set only if interval is configured to non-zero value. |
Status: 200 OK
{
"session": "session_id"
}
Show Dot1x Table. The output will be available through websocket.
POST /api/v1/sites/:site_id/devices/:device_id/show_dot1x
{
// optional
"port_id": "ge-0/0/0.0",
}
| Name | Type | Description |
|---|---|---|
port_id |
string |
(Optional) port id |
interval |
int |
(Optional) rate at which output will refresh, default is 0 and valid range 0-10. |
duration |
int |
(Optional) duration in sec for which refresh is enabled, default is 0 and valid range 0-300 sec. Should be set only if interval is configured to non-zero value. |
Status: 200 OK
{
"session": "session_id"
}
Clear Dot1x Session. The output will be available through websocket.
POST /api/v1/sites/:site_id/devices/:device_id/clear_dot1x
{
// optional
"port_id": "ge-0/0/0.0",
}
| Name | Type | Description |
|---|---|---|
port_id |
string |
(Optional) port id |
Status: 200 OK
{
"session": "session_id"
}
DNS resolutions are performed on the Device. The output will be available through websocket. As there can be multiple command
issued against the same SSR at the same time and the output all goes through the same websocket stream, session is
used for demux.
POST /api/v1/sites/:site_id/devices/:device_id/resolve_dns
{
"session": "session_id"
}
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/devices/:device_id/cmd"
}
| Router | Hostname | Resolved | Last Resolved | Expiration |
|---|---|---|---|---|
| test-device | xxx.yyy.net | Y | 2022-03-28T03:56:49Z | 2022-03-28T03:57:49Z |
Get forwarding table from the Device. The output will be available through websocket. As there can be multiple command
issued against the same device at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/show_forwarding_table
{
// all optional
"prefix": "3.1.1.0/24",
"vrf": "guest",
"node": "node0",
// ssr forwarding table has service related information either
// by service, or
"service_name": "internet-wan_and_lte"
// by matching (all parameters below needs to be specified)
"service_tenant": "branch1-wifi-mgt",
"service_ip": "3.1.1.10",
"service_port": "32768",
"service_protocol": "udp"
}
| Name | Type | Description |
|---|---|---|
node |
string |
(Optional) node0 / node1 for HA |
vrf |
string |
(Optional) VRF name |
prefix |
string |
(Optional) IP prefix |
service_name |
string |
(Optional) service name, only supported in SSR |
service_tenant |
string |
(Optional) service tenent, only supported in SSR |
service_ip |
string |
(Optional) service destination ip, only supported in SSR |
service_port |
int |
(Optional) service destination port, only supported in SSR |
service_protocol |
string |
(Optional) service protocol, only supported in SSR |
prefix or/and service_name must be used for filtering forwarding table{
"session": "session_id"
}
Mon 2024-05-20 16:47:30 UTC
Retrieving fib entries...
Entry Count: 3268
Capacity: 22668
==================== ====== ======= ================== ===== ====================== =========== =========== ======
IP Prefix Port Proto Tenant VRF Service Next Hops Vector Cost
==================== ====== ======= ================== ===== ====================== =========== =========== ======
0.0.0.0/0 0 None Old_Mgmt - internet-wan_and_lte 1-2.0 broadband 1
1-4.0 lte 10
branch1-Kiosk - internet-wan_and_lte 1-2.0 broadband 1
1-4.0 lte 10
branch1-MGT - internet-wan_and_lte 1-2.0 broadband 1
1-4.0 lte 10
3.1.1.0/24 0 None Old_Mgmt - internet-wan_and_lte 1-2.0 broadband 1
1-4.0 lte 10
branch1-Kiosk - internet-wan_and_lte 1-2.0 broadband 1
1-4.0 lte 10
branch1-MGT - internet-wan_and_lte 1-2.0 broadband 1
1-4.0 lte 10
TDR can be performed from the Switch. The output will be available through websocket. As there can be multiple command
issued against the same Switch at the same time and the output all goes through the same websocket stream, session is
introduced for demux.
POST /api/v1/sites/:site_id/devices/:device_id/cable_test
{
"port": "ge-0/0/0"
}
| Name | Type | Description |
|---|---|---|
port |
string |
the port to run the cable test |
{
"session": "session_id"
}
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/devices/:device_id/cmd"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/devices/00000000-0000-0000-1000-5c5b350e0060/cmd",
"data": {
"session": "session_id",
"raw": "Interface TDR detail:\nTest status : Test successfully executed ge-0/0/0\n"
}
}
POST /api/v1/sites/:site_id/devices/:device_id/shell
{
"node": "node0"
}
| Name | Type | Description |
|---|---|---|
node |
string |
(Optional) node0 / node1 for SSR HA |
{
"session': "19e73828-937f-05e6-f709-e29efdb0a82b",
"url": "wss://api-ws.mist.com/ssh?jwt=xxxx"
}
Monitor traffic on switches and SRX.
POST /api/v1/sites/:site_id/devices/:device_id/monitor_traffic
{
"port": "ge-0/0/1"
}
| Name | Type | Description |
|---|---|---|
port |
string |
(optional) port name, if no port input is provided then all ports will be monitored |
JUNOS uses cmd "monitor interface <port>" to monitor traffic on particular <port>
JUNOS uses cmd "monitor interface traffic" to monitor traffic on all ports
{
"session': "19e73828-937f-05e6-f709-e29efdb0a82b",
"url": "wss://api-ws.mist.com/ssh?jwt=xxxx"
}
Run top command on switches and SRX.
POST /api/v1/sites/:site_id/devices/:device_id/run_top
{
"session': "19e73828-937f-05e6-f709-e29efdb0a82b"
"url": "wss://api-ws.mist.com/ssh?jwt=xxxx"
}
Clear routes associated with one or all BGP neighbors
POST /api/v1/sites/:site_id/devices/:device_id/clear_bgp
{
"neighbor": "all",
"type": "soft",
"vrf": "TestVrf"
}
| Name | Type | Description |
|---|---|---|
neighbor |
string |
neighbor ip-address or ‘all’ |
type |
string |
hard (default) / soft / in / out |
vrf |
string |
(Optional) vrf name |
node |
string |
(Optional) node0 / node1 for HA |
Status: 200 OK
Status: 400 - parameter neighbor absent
{
"session": "session_id"
}
Clear application policy hit counts for all the policies
POST /api/v1/sites/:site_id/devices/:device_id/clear_policy_hit_count
Status: 200 - OK
Status: 400 - Bad Request
{
"session": "session_id"
}
Releases an active DHCP lease for SSR wan network interface.
POST /api/v1/sites/:site_id/devices/:device_id/release_dhcp
{
"port_id": "ge-0/0/1.10"
}
| Name | Type | Description |
|---|---|---|
port_id |
string |
The nework interface on which to release the current DHCP release |
node |
string |
(Optional) node0 / node1 for HA |
Status: 200 OK
Status: 400 - parameter port_id absent
{
"session": "session_id"
}
Shows DHCP leases. POST /api/v1/sites/:site_id/devices/:device_id/show_dhcp_leases
{
"network": "guest"
}
| Name | Type | Description |
|---|---|---|
network |
string |
(Optional) DHCP network for the leases, returns full table if not specified |
node |
string |
(Optional) node0 / node1 for HA |
Status: 200 OK
{
"session": "session_id"
}
Releases active leases from DHCP server. POST /api/v1/sites/:site_id/devices/:device_id/release_dhcp_leases
{
// all optional
"port_id": "ge-0/0/1",
"macs": ["90ec77aabbcc", "90ec77aabbdd"],
"network": "guest,
}
| Name | Type | Description |
|---|---|---|
network |
string |
(Optional) The network for the leases IPs to be released |
port_id |
string |
(Optional) The nework interface on which to release the current DHCP release |
macs |
list |
A list of client macs to be released |
node |
string |
(Optional) node0 / node1 for HA |
port_id, macs+network],
for SSR: [port_id, macs+network, port_id+macs, port_id+network, network]
2. if network or port_id is specified and macs is empty, it means all clients under network or port_idClear the entire ARP cache or a subset if arguments are provided.
POST /api/v1/sites/:site_id/devices/:device_id/clear_arp
{
"port_id": "wan",
"vlan" : 1000,
"ip" : "10.1.1.1",
"vrf": "guest"
}
| Name | Type | Description |
|---|---|---|
port_id |
string |
The device interface on which to clear the ARP cache. |
vlan |
int |
The VLAN on which to clear the ARP cache. port_id must be specified. |
ip |
string |
The IP address for which to clear an ARP entry. port_id must be specified. |
vrf |
string |
The vrf for which to clear an ARP entry. applicable for switch. |
node |
string |
(Optional) node0 / node1 for HA |
port_id is optional if neither vlan nor ip is specifiedStatus: 200 OK
Status: 400 - port_id must be specified with vlan or ip
{
"session": "session_id"
}
Clear session
POST /api/v1/sites/:site_id/devices/:device_id/clear_session
{
// all optional
// session deletion by providing service_name to delete all sessions under the service,
"service_name": "internet-wan_and_lte",
// or by providing the session id to delete a particular session,
"session_ids" : [88776655-0123-4567-890a-112233445566],
| Name | Type | Description |
|---|---|---|
service_name |
string |
(Optional) service name, only supported in SSR |
session_ids |
array of strings |
List of id of the sessions to be cleared |
node |
string |
(Optional) node0 / node1 for HA |
Status: 200 OK
{
"session": "session_id"
}
Clear all learned MAC addresses, including persistent MAC addresses, on a port.
POST /api/v1/sites/:site_id/devices/:device_id/clear_macs
{
"ports": ["ge-0/0/0.0"]
}
| Name | Type | Description |
|---|---|---|
ports |
list |
a list of ports on which to clear mac addresses. must include logical unit number. |
Status: 200 OK
Status: 400 - logical unit number not specified
Status: 400 - ports not specified
Clear bridge protocol data unit (BPDU) error condition caused by the detection of a possible bridging loop from Spanning Tree Protocol (STP) operation that renders the port unoperational.
POST /api/v1/sites/:site_id/devices/:device_id/clear_bpdu_error
{
"ports": ["ge-0/0/2"]
}
{
"ports": ["all"]
}
| Name | Type | Description |
|---|---|---|
ports |
list |
the ports on which to clear the detected BPDU error, or ["all"] for all ports |
Status: 200 OK
Status: 400 - ports not specified
Port Bounce can be performed from the Switch/Gateway.
POST /api/v1/sites/:site_id/devices/:device_id/bounce_port
{
"ports": ["ge-0/0/0"]
}
{
"ports": ["ge-0/0/0", "ge-0/0/1"]
}
{
"ports": ["ge-0/0/1", "ge-0/0/2"]
}
| Name | Type | Description |
|---|---|---|
ports |
list |
list of ports to bounce |
Note: Ports starting with vme, ae, irb, and HA control ports (for SSR only) are not supported
{
"session": "session_id"
}
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/devices/:device_id/cmd"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/devices/00000000-0000-0000-1000-5c5b350e0060/cmd",
"data": {
"session": "session_id",
"raw": "Port bounce complete."
}
}
Sometimes HelpDesk Admin needs to change port configs. They can use the following APIs.
PUT /api/v1/sites/:site_id/devices/:device_id/local_port_config
DELETE /api/v1/sites/:site_id/devices/:device_id/local_port_config
{
"ge-0/0/5-7": { ... }
}
local_port_config will show up separately from the port_config so it can be easily identified (and cleared)
{
"local_port_config": {
"ge-0/0/5-7": {
...
"note": "force 100M for camera"
}
}
}
no_local_overwrite can be added in port_config. e.g.
{
"port_config": {
"ge-0/0/5-7": {
"usage": "uplink",
"no_local_overwrite": true
}
}
}
This API can be used to poll statistics from the Switch proactively once. After it is called, the statistics will be pushed back to the cloud within the statistics interval.
POST /api/v1/sites/:site_id/devices/:device_id/poll_stats
Status: 200 OK
For the octerm devices, the device ID must come from fpc0. However, for a VC, the users may change the original fpc0 from CLI. To fix the issue, the readopt API could be used to trigger the readopt process so the device would get the corret device ID to connect the cloud.
POST /api/v1/sites/:site_id/devices/:device_id/readopt
Status: 200 OK
Status: 400 - the device is not a virtual chassis
Note: For each IoT pin referenced…
PUT /api/v1/sites/:site_id/devices/:device_id/iot
{
"DO": 0,
"A1": 1
}
Status: 200 OK
Returns the current state of each enabled IoT pin configured as an output.
GET /api/v1/sites/:site_id/devices/:device_id/iot
{
"DO": 0,
"A1": 1
}
GET /api/v1/sites/:site_id/devices/versions
| Name | Type | Description |
|---|---|---|
type |
string |
fetch version for device type (E.g. switch) |
model |
string |
fetch version for device model, use/combine with type as needed (for switch and gateway devices) |
[
{
"model": "AP41",
"version": "v0.1.543",
"tag": "stable",
},
{
"model": "AP21",
"version": "v0.1.545",
},
...
]
| Name | Type | Description |
|---|---|---|
model |
string |
device model (as seen in the device stats) |
version |
string |
firmware version |
tag |
string |
annotation, stable / beta / alpha. Or it can be empty or nothing which is likely a dev build |
When the device is being upgraded, device stat will have the following.
{
"status": "upgrading",
"fwupdate": {
"timestamp": 1428949501,
"status": "inprogress",
"status_id": 5,
"progress": 10
},
"auto_upgrade_stat": {
"scheduled": true,
"scheduled_version": "1.2.3",
"scheduled_time": 1428949501
}
}
the status will be upgrading and a fwupdate object will be added
see also Device Stats
Get a list of allowed channels (per channel width)
GET /api/v1/sites/:site_id/devices/ap_channels?country_code=US
| Name | Type | Description |
|---|---|---|
country_code |
string |
country code for the site (for AP config generation), in two-character |
{
"key": "US",
"name": "United States"
"code": 840,
"band24_enabled": true,
"band24_channels": {
"20": [
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11
],
"40": [
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11
]
},
"band5_enabled": true,
"dfs_ok": true,
"band5_channels": {
"20": [
36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165
],
"40": [
36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 132, 136, 149, 153, 157, 161
],
"80": [
36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 132, 136, 149, 153, 157, 161
],
"dfs": [
52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140
],
"outdoor": [
"100, 104, 108, 112, 116, 132, 136, 140"
]
}
}
GET /api/v1/const/traffic_types
[
{
"name": "data_best_effort",
"failover_policy": "non-revertible",
"traffic_class": "low",
"dscp": 0
},
...
]
Get a list of AP device models for the Mist Site
GET /api/v1/const/device_models
[
{
"model": "AP41",
"display": "AP41",
"description": "AP-41",
"ap_type": "aph",
"fcc_dfs_ok": true,
"ce_dfs_ok": true,
"other_dfs_ok": true,
"has_scanning_radio": true,
"has_extio": true,
"extio": {
"DO": {
"input": true,
"default_dir": "OUT",
"output": true
},
"A1": {
"input": true,
"default_dir": "IN",
"output": true
},
"A3": {
"input": true,
"default_dir": "IN",
"output": true
},
"A2": {
"input": true,
"default_dir": "IN",
"output": true
},
"A4": {
"input": true,
"default_dir": "IN",
"output": true
},
"DI1": {
"input": true,
"default_dir": "IN",
"output": false
},
"DI2": {
"input": true,
"default_dir": "IN",
"output": false
}
},
"has_height": true,
"has_usb": true,
"has_wifi_band5": true,
"has_wifi_band24": true,
"band5": {
"max_clients": 128,
"max_power": 17,
"min_power": 8
},
"band24": {
"max_clients": 128,
"max_power": 19,
"min_power": 8
},
"max_poe_out": 6000,
"has_module_port": true,
"has_compass": true,
"has_vble": true,
"vble": {
"beacon_rate": 4,
"power": 8
}
}
]
| Name | Type | Description |
|---|---|---|
fcc_dfs_ok |
boolean |
US-only; whether DFS channels are allowed in US for the AP model |
ce_dfs_ok |
boolean |
EU-only; whether DFS channels are allowed in EU countries for the AP model |
other_dfs_ok |
boolean |
JP + all other countries; whether DFS channels are allowed in JP and other remaining countries for the AP model |
Get a list of model definitions (mapping model to its display name, etc)
GET /api/v1/const/device_models
[
{
"model": "APH",
"description": "AP-H, our initial AP with integrated antennas",
"display": "AP-Premium",
"has_wifi_band5": true,
"has_wifi_band24": true,
"has_scanning_radio": true,
"has_vble": true,
"outdoor": false,
"vble": {
"power": 8,
"beacon_rate": 4
},
"band24": {
"max_clients": 128,
"max_power": 17,
"min_power": 11
},
"band5": {
"max_clients": 128,
"max_power": 17,
"min_power": 11
},
"has_compass": true,
"has_height": true,
"fcc_dfs_ok": true,
"ce_dfs_ok": true,
"other_dfs_ok": true
}
]
| Name | Type | Description |
|---|---|---|
fcc_dfs_ok |
boolean |
US-only; whether DFS channels are allowed in US for the AP model |
ce_dfs_ok |
boolean |
EU-only; whether DFS channels are allowed in EU countries for the AP model |
other_dfs_ok |
boolean |
JP + all other countries; whether DFS channels are allowed in JP and other remaining countries for the AP model |
Note: min_power and max_power are limits that we consider operational (depending on the AP model and testing). And
AP may further limit it depending on country/regulatory/channel.
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/devices"
}
{
"event": "data",
"channel": "/sites/67970e46-4e12-11e6-9188-0242ac110007/devices",
"data": {
"site_id": "67970e46-4e12-11e6-9188-0242ac110007",
"device_id": "00000000-0000-0000-1000-5c5b3524500b",
"event_type": "fwupdate",
"detail": {
'timestamp': 1485381027,
'status': 'inprogress,
'status_id': 4,
'progress': 45
}
}
}
| Name | Type | Description |
|---|---|---|
ap_mac |
string |
mac of the device corresponding to the event |
event_type |
string |
type of the event that occurred. currently, on device updates are reported on the stream. |
detail |
object |
detail will be specific to the event_type. |
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/stats/devices"
}
{
"event": "data",
"channel": "/sites/67970e46-4e12-11e6-9188-0242ac110007/stats/devices",
"data": {
"mac": "5c5b350e1300",
"version": "0.1.11681",
"ip": "10.2.10.193",
"ext_ip": "73.92.124.103",
"power_src": "PoE 802.3af",
"uptime": 706659,
"last_seen": 1504917238,
"num_clients": 1,
"num_wlans": 3,
"ip_stat": {
// v4
"ip": "10.2.10.193",
"netmask": "255.255.192.0",
"gateway": "10.2.1.1",
// v6
"ip6": "2607:f8b0:4005:808::2004",
"netmask6": "/32",
"gateway6": "2607:f8b0:4005:808::1",
"dns": [
"8.8.8.8",
"8.8.4.4"
],
"ips": {
"vlan1": "10.2.1.1/24,2607:f8b0:4005:808::1/32"
}
},
"radio_stat": {
"band_5": {
"mac": "5c5b3500bc50",
"tx_pkts": 29790678,
"bandwidth": 40,
"channel": 149,
"power": 15,
"tx_bytes": 642844306,
"rx_pkts": 214935,
"rx_bytes": 28557893,
"num_wlans": 1,
"num_clients": 1
},
"band_24": {
"mac": "5c5b3500bc40",
"tx_pkts": 19831714,
"bandwidth": 20,
"channel": 11,
"power": 11,
"tx_bytes": 3118012867,
"rx_pkts": 3,
"rx_bytes": 298,
"num_wlans": 1,
"num_clients": 0
},
"band_6": {
"mac": "5c5b3500bc60",
"tx_pkts": 29790678,
"bandwidth": 40,
"channel": 53,
"power": 15,
"tx_bytes": 642844306,
"rx_pkts": 214935,
"rx_bytes": 28557893,
"num_wlans": 1,
"num_clients": 1
},
},
"port_stat": {
"module": {
"tx_pkts": 6413453,
"rx_pkts": 951238,
"rx_bytes": 877498272,
"tx_bytes": 1009414543,
"rx_peak_bps": 31116,
"tx_peak_bps": 42165,
"full_duplex": true,
"speed": 1000,
"up": true,
"rx_errors": 0
},
"eth3": {
"tx_pkts": 0,
"rx_pkts": 0,
"rx_bytes": 0,
"tx_bytes": 0,
"rx_peak_bps": 0,
"tx_peak_bps": 0,
"full_duplex": false,
"speed": 0,
"up": false,
"rx_errors": 0
},
"eth2": {
"tx_pkts": 0,
"rx_pkts": 0,
"rx_bytes": 0,
"tx_bytes": 0,
"rx_peak_bps": 0,
"tx_peak_bps": 0,
"full_duplex": false,
"speed": 0,
"up": false,
"rx_errors": 0
},
"eth1": {
"tx_pkts": 0,
"rx_pkts": 0,
"rx_bytes": 0,
"tx_bytes": 0,
"rx_peak_bps": 0,
"tx_peak_bps": 0,
"full_duplex": false,
"speed": 0,
"up": false,
"rx_errors": 0
},
"eth0": {
"tx_pkts": 2731519,
"rx_pkts": 8325448,
"rx_bytes": 3224888514,
"tx_bytes": 2116882740,
"rx_peak_bps": 482729,
"tx_peak_bps": 293857,
"full_duplex": true,
"speed": 1000,
"up": true,
"rx_errors": 0
}
},
"lldp_stat": {
"system_name": "TC2-OWL-Stack-01",
"system_desc": "HP J9729A 2920-48G-POE+ Switch",
"mgmt_addr": "10.1.5.2",
"lldp_med_supported": false,
"port_desc": "",
"port_id": "",
"power_request_count": 0,
"power_allocated": 0,
"power_draw": 0,
"power_requested": 0
},
"l2tp_stat": {
},
"rx_bytes": 28558191,
"rx_pkts": 214938,
"tx_pkts": 49622392,
"tx_bytes": 3760857173,
"tx_bps": 0,
"rx_bps": 0,
"cpu_stat": {
"system": 5,
"idle": 81,
"interrupt": 0,
"user": 14,
"load_avg": [
0.14,
0.23,
0.24
]
},
"memory_stat": {
"usage": 33
},
}
}
GET /api/v1/sites/:site_id/devices/search?ip=10.2.16.205
| Name | Type | Description |
|---|---|---|
hostname |
string |
partial / full hostname |
site_id |
string |
site id |
model |
string |
device model |
mac |
string |
AP mac |
version |
string |
version |
ip |
string |
ip address |
mxtunnel_status |
string |
MxTunnel status, up / down |
mxedge_id |
string |
Mist Edge id, if AP is connecting to a Mist Edge |
mxedge_ids |
list |
Mist Edge ids, if AP is connecting to a Mist Edge |
lldp_system_name |
string |
LLDP system name |
lldp_system_desc |
string |
LLDP system description |
lldp_port_id |
string |
LLDP port id |
lldp_mgmt_addr |
string |
LLDP management ip address |
sort |
string |
sort options, timestamp/mac/model/sku, -prefix represents DESC order, default is -timestamp |
stats |
boolean |
whether to return device stats, default is false |
{
"results": [
{
"mac": "5c5b353e5299",
"model": "AP41",
"sku": "AP41-US",
"ip": "10.2.16.205",
"version": "0.7.20216",
"uptime": 85280,
"org_id": "6748cfa6-4e12-11e6-9188-0242ac110007",
"site_id": "a8178443-ecb5-461c-b854-f16627619ab3",
"mxedge_id": "00000000-0000-0000-1000-43a81f238391",
"mxedge_ids": [
"00000000-0000-0000-1000-43a81f238391"
],
"mxtunnel_status": "down",
"hostname": [
"AP41-STB-3E5299-WH-2001",
"AP41-STB-3E5299-WH-50",
"AP41-STB-3E5299",
"5c5b353e5299"
],
"lldp_port_desc": "GigabitEthernet1/0/1",
"lldp_mgmt_addr": "10.2.10.139",
"lldp_system_desc": "Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.2(1)E1, RELEASE SOFTWARE (fc2)\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2013 by Cisco Systems, Inc.\nCompiled Fri 22-Nov-13 07:10 by prod_rel_team",
"lldp_system_name": "ME-DC-1-ACC-SW",
"lldp_port_id": "Gi1/0/1",
"timestamp": 1596588619.007
}
]
}
| Name | Type | Description |
|---|---|---|
type |
string |
Required. switch, gateway (default is ap) |
hostname |
string |
partial / full hostname |
site_id |
string |
site id |
model |
string |
device model |
mac |
string |
device mac |
version |
string |
version |
ip |
string |
ip address |
last_hostname |
string |
last hostname |
cpu |
string |
max cpu usage |
node |
string |
node0 / node1 |
node0_mac |
string |
mac for node0 |
node1_mac |
string |
mac for node1 |
ext_ip |
string |
external ip |
clustered |
string |
true / false |
t128agent_version |
string |
version of 128T agent |
evpntopo_id |
string |
EVPN topology id |
last_config_status |
string |
last configuration status of the switch/gateway |
radius_stats |
object |
Key-value pairs where the key is the RADIUS server address and the value contains authentication statistics |
| Name | Type | Description |
|---|---|---|
<server_address> |
string |
IP address of the RADIUS server as the key |
auth_accepts |
long |
Number of accepted authentication requests |
auth_rejects |
long |
Number of rejected authentication requests |
auth_timeouts |
long |
Number of authentication timeouts |
auth_server_status |
string |
Status of the server. Possible values: “up”, “down”, “unreachable” |
{
"results": [
{
"ip": "192.168.86.22",
"type": "switch",
"version": "21.4R1.12",
"mac": "3c8c939485ad",
"uptime": 2380356,
"ext_ip": "0.0.0.0",
"hostname": [
"3c8c939485ad",
"ludi-ex2300"
],
"timestamp": 1661273225.321,
"org_id": "6748cfa6-4e12-11e6-9188-0242ac110007",
"num_members": 1,
"site_id": "8721e817-96ee-4e34-b6b6-a80cc01642a6",
"model": "ex2300-c-12p",
"last_hostname": "3c8c939485ad"
"last_config_status": "success",
"radius_stats": {
"192.168.1.10": {
"auth_accepts": 120,
"auth_rejects": 5,
"auth_timeouts": 0,
"auth_server_status": "up"
},
"192.168.1.11": {
"auth_accepts": 110,
"auth_rejects": 15,
"auth_timeouts": 2,
"auth_server_status": "unreachable"
}
}
}
]
}
Counts the number of entries in ap events history for distinct field with given filters
GET /api/v1/sites/:site_id/devices/count?distinct=type&start=1531776183&end=1531862583&limit=10
{
"end": 1531862583.0,
"distinct": "version",
"results": [
{
"count": 10,
"version": "apfw-0.5.16833-ellaria-0455"
},
{
"count": 4,
"type": "apfw-0.3.14833-cersei-0455"
}
],
"start": 1531776183.0,
"limit": 10,
"total": 2
}
GET /api/v1/sites/:site_id/devices/config_history/search?mac=5c5b350e0001&start=1531776183&end=1531862583&limit=10
{
"total": 1,
"start": 1531776183.0,
"limit": 10,
"end": 1531862583.0,
"results": [
{
"channel_5": 100,
"ssids_24": [
"test24",
],
"radios": [
{
"band": "24",
"channel": 11
},
{
"band": "5",
"channel": 100
}
],
"timestamp": 1531855856.643369,
"version": "apfw-0.2.14754-cersei-75c8",
"channel_24": 11,
"ssids": [
"test24",
"test5",
"test6"
],
"wlans": [
{
"id": "be22bba7-8e22-e1cf-5185-b880816fe2cf",
"bands": [
"24",
],
"vlan_ids": [
"1"
],
"ssid": "test24",
"auth": "psk"
},
{
"id": "f8c18724-4118-3487-811a-f98964988604",
"bands": [
"5"
],
"vlan_ids": [
"1"
],
"ssid": "test5",
"auth": "psk"
},
{
"id": "f8c18724-4118-3487-811a-f98964988605",
"bands": [
"6"
],
"vlan_ids": [
"1"
],
"ssid": "test6",
"auth": "psk"
}
],
"radio_macs": [
"5c5b352e000a",
"5c5b352e000b",
"5c5b352e000c"
],
"ssids_5": [
"test5"
],
"ssids_6": [
"test6"
],
"channel_6": 85,
"secpolicy_violated": false
}
]
}
Counts the number of entries in device config history for distinct field with given filters
GET /api/v1/sites/:site_id/devices/config_history/count?distinct=mac&start=1531776183&end=1531862583&limit=10
{
"end": 1531862583,
"distinct": "ap",
"results": [
{
"count": 1,
"ap": "5c5b350e0001"
},
{
"count": 5,
"ap": "5c5b350e0002"
},
{
"count": 5,
"ap": "5c5b350e0003"
}
],
"start": 1531776183,
"limit": 10,
"total": 3
}
GET /api/v1/sites/:site_id/devices/last_config/search?mac=5c5b350e0001&start=1531776183&end=1531862583&limit=10
| Name | Type | Description |
|---|---|---|
device_type |
string |
ap (default) / switch / gateway / mxedge |
see (Search Device Config History)[Site#search-device-config-history]
Counts the number of entries in device config history for distinct field with given filters
GET /api/v1/sites/:site_id/devices/last_config/count?distinct=mac&start=1531776183&end=1531862583&limit=10
see (Count Device Config History)[Site#count-device-config-history]
Search AP Events
GET /api/v1/sites/:site_id/devices/events/search?ap=5c5b350e0001&start=1531776183&end=1531862583&limit=2
{
"end": 1531862583.0,
"results": [
{
"type": "AP_CONNECT_STATUS",
"text": "Success",
"last_reboot_time": 1531854327,
"type_code": 2002,
"timestamp": 1531855849.226722
},
{
"timestamp": 1531854326,
"type": "AP_CONFIGURED"
}
],
"next": "/api/v1/sites/8aaba0aa-09cc-44bd-9709-33b98040550c/devices/events/search?ap=5c5b350e0001&end=1531855849.000&limit=2&start=1531776183.0",
"start": 1531776183.0,
"limit": 2,
"total": 14
}
Search prisma prisma events
GET /api/v1/sites/:site_id/devices/events/search?includes=ext_tunnel&mac=00c52c3cfaa4&start=1531776183&end=1531862583&limit=2
| Name | Type | Description |
|---|---|---|
includes |
string |
Keyword to include events from additional indices, e.g. ext_tunnel for prisma events |
{
"results": [
{
"tunnel_name": "Prisma-Tunnel-II",
"type": "PRISMA_RN_SECONDARY_WAN_TUNNEL_UP",
"text": "Remote Network Site RN_SITE_1 SECONDARY WAN Tunnel Stage-Tunnel2 is down",
"timestamp": 1531856649,
"ext_tunnel_site": "RN_SITE_1",
"ext_tunnel_name": "Stage-Tunnel2",
"ext_tunnel_event_id": b1b1ccdd-4444-4a2d-a81d-8888bc8f6fa1",
"ext_tunnel_debug_url": "https://stratacloudmanager.paloaltonetworks.com/incidents-alerts/logviewer?logType=log.system&query=Event%25C2%25A0Component%20=%20%27RN_SITE_1%27%20OR%20Event%25C2%25A0Component%20=%20%27Stage-Tunnel2%27%20&timePreset=custom&startTime=1745977906000&endTime=1745980306000&queryMode=lq",
"site_id: "f1e17c67-8e42-4a2d-a81d-98ddbc8f6fa1",
"org_id: "f3045b5a-f2ea-445e-b923-5bbb5a670c35",
"device_type: "gateway",
"mac: "00c52c3cfaa4",
"port_id: "reth2.0",
"ext_tunnel_provider": "prisma"
},
{
"tunnel_name": "Prisma-Tunnel-II",
"type": "PRISMA_RN_SECONDARY_WAN_TUNNEL_DOWN",
"text": "Remote Network Site RN_SITE_1 SECONDARY WAN Tunnel Stage-Tunnel2 is down",
"timestamp": 1531855849,
"ext_tunnel_site": "RN_SITE_1",
"ext_tunnel_name": "Stage-Tunnel2",
"ext_tunnel_event_id": b1b1ccdd-4444-4a2d-a81d-8888bc8f6fa1",
"ext_tunnel_debug_url": "https://stratacloudmanager.paloaltonetworks.com/incidents-alerts/logviewer?logType=log.system&query=Event%25C2%25A0Component%20=%20%27RN_SITE_1%27%20OR%20Event%25C2%25A0Component%20=%20%27Stage-Tunnel2%27%20&timePreset=custom&startTime=1745977906000&endTime=1745980306000&queryMode=lq",
"site_id: "f1e17c67-8e42-4a2d-a81d-98ddbc8f6fa1",
"org_id: "f3045b5a-f2ea-445e-b923-5bbb5a670c35",
"device_type: "gateway",
"mac: "00c52c3cfaa4",
"port_id: "reth2.0",
"ext_tunnel_provider": "prisma"
}
],
"start": 1531776183.0,
"end": 1531862583.0,
"limit": 2,
"total": 14
}
GET /api/v1/sites/:site_id/devices/events/search?last_by=port_id&type=SW_PORT_UP,SW_PORT_DOWN
Return last/recent event for passed in field
{
"results": [
{
"timestamp": 1685566764.144,
"org_id": "98272e44-d31d-4e9a-b52d-18ae2183446e",
"site_id": "b60a57e3-dd74-4da3-af12-02987a141665",
"port_id": "xe-2/2/2",
"type": "SW_PORT_UP",
"model": "EX4300-48MP",
"device_type": "switch",
"text": "SNMP_TRAP_LINK_UP: ifIndex 894, ifAdminStatus up(1), ifOperStatus up(1), ifName xe-2/2/2",
"version": "21.4R3-S3.4",
"mac": "c042d0f52a00"
}
],
"total": 234266
}
| Name | Type | Description |
|---|---|---|
results |
list |
Array of events where each entry represents the most recent event for each unique value of the last_by field (e.g., when last_by=port_id, you get the latest event for each port) |
total |
int |
The total number of events that match the search criteria (type=SW_PORT_UP,SW_PORT_DOWN) |
Counts the number of entries in ap events history for distinct field with given filters
GET /api/v1/sites/:site_id/devices/events/count?distinct=type&start=1531776183&end=1531862583&limit=10
{
"end": 1531862583.0,
"distinct": "type",
"results": [
{
"count": 10,
"type": "AP_CONNECT_STATUS"
},
{
"count": 4,
"type": "AP_CONFIGURED"
}
],
"start": 1531776183.0,
"limit": 10,
"total": 2
}
Counts the number of entries in events history for distinct field with given filters
GET /api/v1/sites/:site_id/devices/events/count?includes=ext_tunnel&distinct=type&start=1531776183&end=1531862583&limit=10
| Name | Type | Description |
|---|---|---|
includes |
string |
Keyword to include events from additional indices, e.g. ext_tunnel for prisma events |
{
"end": 1531862583.0,
"distinct": "type",
"results": [
{
"count": 1,
"type": "PRISMA_RN_PRIMARY_WAN_TUNNEL_UP"
},
{
"count": 1,
"type": "PRISMA_RN_PRIMARY_WAN_TUNNEL_DOWN"
},
{
"count": 2,
"type": "PRISMA_RN_SECONDARY_WAN_BGP_DOWN"
},
{
"count": 1,
"type": "PRISMA_RN_SECONDARY_WAN_BGP_UP"
}
],
"start": 1531776183.0,
"limit": 10,
"total": 4
}
WxLAN are ordered rules that defines User Context and Resource relationship
/api/v1/sites/:site_id/wxtags
// matches wlan_id(s)
{
"type": "match",
"name": "guest-wlan",
"match": "wlan_id",
"values": [ "be22bba78e22e1cf5185b880816fe2cf" ]
}
// matches client_mac(s)
{
"type": "match",
"name": "file-servers",
"match": "client_mac",
"values": [ "b0c4e7001543", "a0c4e7001543", "00c4e7001543" ]
}
// matches radius_username
{
"type": "match",
"name": "VIP",
"match": "radius_username",
"values": [ "john@abc.com", "eric@abc.com" ]
}
// matches radius_group
{
"type": "match",
"name": "VIP",
"match": "radius_group",
"values": [ "vip" ]
}
// matches psk_name
{
"type": "match",
"name": "VIP",
"match": "psk_name",
"values": [ "test_key1", "test_key2" ]
}
// matches psk_role
{
"type": "match",
"name": "VIP",
"match": "psk_role",
"values": [ "test_role" ]
}
// resources
// automatically generated tag for discovered network resources
{
"type": "resource",
"name": "HP Officejet Pro 8620",
"resource_mac": "6cc21715e025",
"mac": "6cc21715e025",
"services": [
"printer"
],
"last_ips": [
"10.2.9.232"
]
}
// automatically generated tag for discovered ip subnet
{
"type": "subnet",
"name": "10.1.2.0/24",
"subnet": "10.1.2.0/24"
}
// matches ip_range_subnets
{
"type": "match",
"name": "file-servers",
"match": "ip_range_subnet",
"values": [ "10.1.2.1", "10.2.3.4/24", "10.1.2.5-10.2.3.4" ]
}
// matches app
{
"type": "match",
"name": "match app",
"match": "app",
"values": [ "gmail", "dropbox" ]
}
// matches hostnames excluding http(s)://
{
"type": "match",
"name": "mist",
"match": "hostname",
"values": [ "mist.com" ]
}
// matches ports
{
"type": "match",
"name": "web-ports",
"match": "port",
"values": [ "80", "8000", "8080" ]
}
// matching traffic spec
{
"type": "spec",
"name": "protocol-subnet-port",
"specs": [
{
"protocol": "tcp", // tcp / udp / icmp / gre / any / ":protocol_number", `protocol_number` is between 1-254, default is `any`
"subnets": ["10.1.2.0/24"], // matched dst subnet, default is "0.0.0.0/0",
"port_range": "80" // matched dst port, "0" means any, default is "0"
}
]
}
{
"type": "spec",
"name": "protocol-hostname-port",
"specs": [
{
"protocol": "tcp", // tcp / udp / icmp / gre / any / ":protocol_number", `protocol_number` is between 1-254, default is `any`
"hostnames": ["www.abc.com"], // matched hostnames
"port_range": "2000-2400" // matched dst port, "0" means any, default is "0"
}
]
}
// vlan assignment
{
"type": "vlan",
"name": "vlan-assignment",
"vlan_id": 1055
}
| Name | Type | Description |
|---|---|---|
name |
string |
the name |
type |
string |
match / client / resource / subnet / spec / vlan |
match |
string |
type of match, wlan_id / ap_id / client_mac / ip_range_subnet / radius_group / radius_username / radius_attr / hostname / app / port |
op |
string |
in / not_in, default is in |
values |
list |
list of values to match |
vlan_id |
int |
vlan id for assignment |
type:
client: created manually (e.g. on wireless client table, when they spot a device of interest, they can create an
wxlan tag for itresource: created automatically when we discover a network resourcesubnet: create automatically when a subnet is discoveredmatch:
wlan_id, ap_id: values are a list of Wlan / Device idsclient_mac: values are a list of MAC addressesradius_group: this is a smart tag that matches RADIUS-Filter-ID, Airespace-ACL-Name (VendorID=14179, VendorType=6) / Aruba-User-Role (VendorID=14823, VendorType=1)
GET /api/v1/sites/:site_id/wxtags/apps
[
{
"key": "gmail",
"name": "Gmail - web/app",
"group": "Emails"
},
...
]
/api/v1/sites/:site_id/wxrules
// action = allow | block
{
"name": "Guest",
"order": 1
"src_wxtags": [ "8bfc2490-d726-3587-038d-cb2e71bd2330", "3aa8e73f-9f46-d827-8d6a-567bb7e67fc9" ],
"dst_allow_wxtags": [ "fff34466-eec0-3756-6765-381c728a6037", "eee2c7b0-d1d0-5a30-f349-e35fa43dc3b3" ],
"dst_deny_wxtags": [ "aaa34466-eec0-3756-6765-381c728a6037", "bbb2c7b0-d1d0-5a30-f349-e35fa43dc3b3" ],
"blocked_apps": ["mist", "all-videos"],
"apply_tags": [ "c049dfcd-0c73-5014-1c64-062e9903f1e5" ],
"action": "allow"
}
| Name | Type | Description |
|---|---|---|
name |
string |
The name of the rule |
enabled |
boolean |
enabled or not, default is true |
order |
int |
the order how rules would be looked up, > 0 and bigger order got matched first, -1 means LAST, uniqueness not checked |
src_wxtags |
uuid |
tag list to determine if this rule would match |
dst_allow_wxtags |
uuid |
tag list to indicate these tags are allowed access |
dst_deny_wxtags |
uuid |
tag list to indicate these tags are blocked access |
blocked_apps |
string |
blocked apps (always blocking, ignoring action), the key of Get Application List |
action |
string |
type of action, allow / block |
There can be Wxlan Rule defined at Org level. When it happens, we’ll match Org rules first.
GET /api/v1/sites/:site_id/wxrules/derived
[
{
"name": "VIP",
"for_site": false,
"template_id": "867860f2-dd82-3677-54a5-4d6b139c96ca",
"template_name" "west coast",
"order": 2
...
},
{
"name": "Blacklist",
"for_site": false,
"template_id": "867860f2-dd82-3677-54a5-4d6b139c96ca",
"template_name" "west coast",
"order": 1
...
},
{
"name": "Guest",
"order": 1,
"action": "allow"
...
},
{
"name": "Default",
"order": -1,
"action": "allow"
...
}
]
Retrieves the list of networks available for the Site
GET /api/v1/sites/:site_id/networks/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
Retrieves the list of Services available for the Site
GET /api/v1/sites/:site_id/services/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
VPN object represents an overlay network where gateways can participate in and optionally expose routes to.
GET /api/v1/sites/:site_id/vpns/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
See Org:VPN:Payload
GET /api/v1/sites/:site_id/servicepolicies/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
See Org:Service Policies:Payload
GET /api/v1/sites/:site_id/deviceprofiles/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
GET /api/v1/sites/:site_id/rftemplates/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
GET /api/v1/sites/:site_id/apporttemplates/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
GET /api/v1/sites/:site_id/aptemplates/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
GET /api/v1/sites/:site_id/networktemplates/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
See Org:Network Template:Schema
GET /api/v1/sites/:site_id/sitetemplates/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
GET /api/v1/sites/:site_id/gatewaytemplates/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
See Org:Gateway Templates:Schema
GET /api/v1/sites/:site_id/secintelprofiles/derived
| Name | Type | Description |
|---|---|---|
resolve |
boolean | whether resolve the site variables |
Status: 200 OK
See Org:Sky ATP Secintel Profile:Schema
Retrieves the list of JSE orgs associated with the account
GET /api/v1/sites/:site_id/setting/jse/info
{
"cloud_name": "devcentral.juniperclouds.net"
"org_names": ["Mist-Sys", "Mist-Eng"]
}
GET /api/v1/sites/:site_id/stats/wxrules
[
{
"name": "Guest",
"order": 1
"src_wxtags": [ "8bfc2490-d726-3587-038d-cb2e71bd2330", "3aa8e73f-9f46-d827-8d6a-567bb7e67fc9" ],
"dst_wxtags": [ "d4134466-eec0-3756-6765-381c728a6037", "1a42c7b0-d1d0-5a30-f349-e35fa43dc3b3" ],
"dst_allow_wxtags": [ "fff34466-eec0-3756-6765-381c728a6037", "eee2c7b0-d1d0-5a30-f349-e35fa43dc3b3" ],
"dst_deny_wxtags": [ "aaa34466-eec0-3756-6765-381c728a6037", "bbb2c7b0-d1d0-5a30-f349-e35fa43dc3b3" ],
"client_mac": [ "3bbbf819bb6f", "bd96cbc4910f" ],
"usage": {
"d4134466-eec0-3756-6765-381c728a6037": {
"num_flows": 60
},
"1a42c7b0-d1d0-5a30-f349-e35fa43dc3b3": {
"num_flows": 60
},
"00000000-0000-0000-0000-000000000000": {
"num_flows": 30
}
}
"action": "allow"
}
]
see Client Details
GET /api/v1/sites/:site_id/stats/clients/:client_mac
Tunnels can be used by a WXLAN rule or by a WLAN.
/api/v1/sites/:site_id/wxtunnels
{
"name": "HQ",
"peers": ["63.3.2.4"],
"use_udp": true,
"udp_port": 1701,
"mtu": 0,
"for_mgmt": false, // whether this tunnel is for management (configured under Org)
"hello_interval": 60,
"hello_retries": 3,
// non-static
"is_static": false,
"secret": "secret used for tunnel",
"router_id": "0",
"hostname": ""
"sessions": [
// ethertype == ethernet
{
"remote_id": "vpn1",
"ethertype": "ethernet",
"comment": "something about this session"
},
// ethertype == vlan
{
"remote_id": "vpn1",
"ethertype": "vlan",
"comment": "a vlan'ed session"
},
// Pseudo 802.1ad QinQ (ethertype == vlan)
{
"remote_id": "vpn1",
"ethertype": "vlan",
"pseudo_8021ad_enabled": true,
"comment": "a vlan'ed session"
}
...
],
// static
"is_static": true,
"sessions": [
// specify the remote_session_id and local_session_id
{
"remote_session_id": 3000,
"local_session_id": 4000,
"ethertype": "ethernet",
"comment": "something about this session",
// for some interoperability - rare
// if enabled, 0x0000<apmac> will be used
"enable_cookie": false
}
// or alternatively, `use_ap_as_session_ids` can be used where it will
// generate the remote_session_id/local_session based on the AP MAC (the last 4 bytes)
// e.g. 5c-5b-00-00-01-02 -> 257
{
"use_ap_as_session_ids": true,
"ap_session_id": "apmac",
"ethertype": "ethernet",
"comment": "something about this session"
}
// or
{
"use_ap_as_session_ids": true,
"ap_session_id": "apmac+0x01000000",
"ethertype": "ethernet",
"comment": "something about this session"
}
// Pseudo 802.1ad QinQ (ethertype == vlan)
{
"remote_session_id": 3000,
"local_session_id": 4000,
"ethertype": "vlan",
"pseudo_8021ad_enabled": true,
"comment": "something about this session"
}
],
// dynamic multi-point vpn
"dmvpn": {
"enabled": true,
// optional
"host_routes": ["10.1.1.1", "10.2.2.2"]
"holding_time": 300
},
"ipsec": {
"enabled": true,
"psk": "cisco123"
}
}
| Name | Type | Description |
|---|---|---|
name |
string |
The name of the tunnel |
peers |
list |
list of remote peers’ IP or hostname |
is_static |
boolean |
whether it’s static/unmanaged (i.e. no control session), default is False. As the session configurations are not compatible, cannot be toggled. |
secret |
string |
secret, ‘’ if no auth is used |
use_udp |
boolean |
whether to use UDP instead of IP (proto=115, which is default of L2TPv3). Default is false |
udp_port |
int |
udp port if use_udp=true |
hello_interval |
float |
in seconds, used as heartbeat to detect if a tunnel is alive. AP will try another peer after missing N hellos specified by hello_retries. between 1 and 300, default is 60 seconds |
hello_retries |
int |
between 2 and 30, default is 7 |
mtu |
int |
0 to enable PMTU, 552-1500 to start PMTU with a lower MTU, default is 0 |
router_id |
string |
optional, overwrite the router-id in SCCRQ control message, default is “0” or null, can also be an IPv4 address |
hostname |
string |
optional, overwrite the hostname in SCCRQ control message, default is “” or null, %H and %M can be used, which will be replace with corresponding values. %H: name of the ap if provided (and will be stripped so it can be used for hostname) and fallbacks to MAC, %M: MAC (e.g. 5c5b350e0060) |
for_mgmt |
boolean |
default is false, determined during creation time and cannot be toggled. A management tunnel cannot be used by wxlan rule or by wlan |
sessions |
list |
sessions to be established with the tunnel. Has to be >= 1 in order for this tunnel to be useful. For management tunnel, it can only have 1 |
remote_id |
string |
remote-id of the session, has to be unique in the same tunnel |
ethertype |
string |
ethernet / vlan, default is ethernet |
use_ap_as_session_ids |
boolean |
whether to use AP (last 4 bytes of MAC currently) as session ids, default is false. |
ap_session_id |
string |
if use_ap_as_session_ids=true, only apmac is supported right now. This is the name WLAN should use for wxtunnel_remote_id |
remote_session_id |
int |
1-4294967295 |
local_session_id |
int |
1-4294967295 |
pseudo_8021ad_enabled |
boolean |
optional, default is False. Enables the pseudo 802.1ad QinQ mode where the AP device drops the outer vlan tag (QinQ). This mode is useful when tunneling Mist AP’s to some aggregation routers. |
comment |
string |
optional, user-specified string for display purpose |
dmvpn |
object |
Dynamic Multipoint VPN configurations |
enabled |
boolean |
whether DMVPN is enabled (default is false) |
host_routes |
list |
optional; list of IPv4 DMVPN peer host ip-addresses to which traffic is forwarded |
holding_time |
int |
optional; the holding time for NHRP ‘registration requests’ and ‘resolution replies’ sent from the Mist AP (in seconds); default 600 |
ipsec |
object |
IPSec-related configurations; requires DMVPN be enabled |
enabled |
boolean |
whether ipsec is enabled (default is false); requires DMVPN be enabled |
psk |
boolean |
ipsec pre-shared key |
GET /api/v1/sites/:site_id
{
"name": "Mist Office",
"timezone": "America/Los_Angeles",
"country_code": "US",
"latlng": { "lat": 37.295833, "lng": -122.032946 },
"address": "1601 S. Deanza Blvd., Cupertino, CA, 95014"
}
| Name | Type | Description |
|---|---|---|
name |
string |
Required. The name of the site |
timezone |
string |
Timezone the site is at |
country_code |
string |
country code for the site (for AP config generation), in two-character |
latlng |
latlng |
site location |
address |
string |
full address of the site |
lat |
float |
latitude |
lng |
float |
longitude |
GET /api/v1/sites/:site_id/setting
PUT /api/v1/sites/:site_id/setting
{
"rtsa": {
"enabled": false,
"app_waking": false,
"disable_pressure_sensor": false,
"disable_dead_reckoning": false,
// asset tracking related
"track_asset": false
},
"wifi": {
"enabled": true,
"mesh_enabled": true,
"mesh_allow_dfs": false,
"mesh_enable_crm": false
"cisco_enabled": true,
"proxy_arp": "default",
"enable_arp_spoof_check": false,
"locate_connected": false,
"locate_unconnected": false,
"enable_shared_radio_scanning": false,
"disable_11k": false,
"disable_radios_when_power_constrained": false,
},
"vna": {
// this applied to AP / Switch / Gateway
"enabled": false
},
"wan_vna": {
"enabled": false
},
"wired_vna": {
"enabled": false
},
"srx_app": {
"enabled": false
},
"persist_config_on_device": false,
"device_updown_threshold": 0,
// by default, device_updown_thresold, if set, will apply to all devices types
// if different values for specific device type is desired, use the following
"ap_updown_threshold": null,
"gateway_updown_threshold": 10,
"switch_updown_threshold": 0,
"occupancy": {
"clients_enabled": true,
"sdkclients_enabled": true,
"assets_enabled": true,
"unconnected_clients_enabled": false
"min_duration": 3000
},
"zone_occupancy_alert": {
"enabled": true,
"threshold": 5,
"email_notifiers": [
"foo@juniper.net",
"bar@juniper.net"
]
},
"radio_config": {
"band_24": {
"disabled": false,
"channels": [ 1, 6, 11 ],
"bandwidth": 20,
"power": 16
},
"band_5": {
"disabled": false,
"channels": null,
"bandwidth": 40,
"power": 0,
"preamble": "short",
"power_min": 10,
"power_max": 18
},
"band_6": {
"disabled": false,
"channels": null,
"bandwidth": 40,
"power": 0,
"preamble": "short",
"power_min": 10,
"power_max": 18,
// for 6G's standard-power operation, AFC (Automatic Frequency Coordination) will be performed
// and we'll fallback to Low Power Indoor if AFC failed
"standard_power": true // default is false
},
"ant_gain_24": 7,
"ant_gain_5": 4,
"ant_gain_6": 6,
"model_specific": {
"AP61": {
"band_5": {
"disabled": false,
"channels": [ 100, 104 ],
"bandwidth": 40,
"power": 0
}
"ant_gain_24": 4,
"ant_gain_5": 5
},
"AP43": {
"band_24_usage": "5"
}
},
// let RRM control everything, only the `channels` and `ant_gain` will be honored (i.e. disabled/bandwidth/power/band_24_usage are all controlled by RRM)
"full_automatic_rrm": true
},
"ap_port_config": {
"model_specific": {
"AP32": {
"eth1,eth2": {
// see "port_config" in Device
}
}
}
},
"enable_unii_4": true, // default is false
"rogue": {
"enabled": false,
"honeypot_enabled": true,
"min_rssi": -80,
"min_duration": 10,
"min_rogue_rssi": -80,
"min_rogue_duration": 10,
"whitelisted_ssids": [ "NeighborSSID" ],
"whitelisted_bssids": [ "cc:8e:6f:d4:bf:16", "cc-8e-6f-d4-bf-16", "cc-73-*", "cc:82:*" ],
"allowed_vlan_ids": [ 10, 20, 105 ],
},
"led": {
"enabled": true,
"brightness": 255
},
"vars": {
"RADIUS_SECRET": "11s64632d",
"RADIUS_IP1": "172.31.2.5",
"DYNAMIC_VLANS": "{\"enabled\": true,\"type\": \"airespace-interface-name\",\"vlans\":{\"131\": \"default\",\"322\": \"fast,video\"}\"default_vlan_id\": 999,\"local_vlan_ids\": []}"
},
"auto_upgrade": {
"enabled": true,
"version": "beta",
"time_of_day": "12:00",
"day_of_week": "sun",
"custom_versions": {
"AP41": "0.1.5135",
"AP61": "0.1.7215",
"AP21": "stable"
}
},
"auto_upgrade_esl": {
"enabled": true,
"version": "2.5.0",
"time_of_day": "2:00",
"day_of_week": "mon",
"custom_versions": {
"AP41": "2.4.6",
"AP61": "2.5.0"
},
"allow_downgrade": false // default is false, if true, it will allow downgrade to a lower version
},
"auto_placement": {
// if we're able to determine its x/y/orientation, this will be populated
"x": 30,
"y": 60,
"orientation": 45
},
"config_push_policy": {
// stop any new config from being pushed to the device
"no_push": false,
// if enabled, new config will only be pushed to device within the specified time window
"push_window": {
"enabled": true,
"hours": {
"mon": "09:00-17:00",
"fri": "09:00-17:00"
}
},
// mist also uses some heuristic rules to prevent destructive configs from being pushed
}
"status_portal": {
"enabled": true,
"hostnames": ["my.misty.com"]
},
"remote_syslog": {
"enabled": true,
"send_to_all_servers": true
"servers": [
{
"server_name": "dc_syslog_server",
"host": "syslogd.internal",
"port": 514,
"protocol": "udp",
"facility": "config",
"severity": "info"
"tag": ""
}
]
},
"engagement": {
"dwell_tags": {
"passerby": null,
"bounce": null,
"engaged": "300-14400",
"stationed": "14400-43200"
},
"max_dwell": 43200,
"hours": {
"mon": "09:00-17:00",
"fri": "09:00-17:00"
},
"dwell_tag_names": {
"passerby": "Passer By",
"bounce": "Bounce",
"engaged": "Engaged",
"stationed": "Stationed"
}
},
"analytic": {
"enabled": false
},
"flags": {
"way1": 3,
"way2": 0,
"teleport": false
},
"ble_config": {
"power_mode": "custom",
"power": 10,
"beacon_enabled": true,
"beacon_rate_mode": "custom",
"beacon_rate": 3,
"beam_disabled": [ 1, 3, 6 ],
// ibeacon
"ibeacon_enabled": true,
"ibeacon_uuid": "f3f17139-704a-f03a-2786-0400279e37c3",
"ibeacon_major": 13,
"ibeacon_minor": 138,
"ibeacon_adv_power": -65,
"ibeacon_beams": "2-4,7", // or 'default' to auto-set
// eddystone uid
"eddystone_uid_enabled": false,
"eddystone_uid_namespace": "2818e3868dec25629ede",
"eddystone_uid_instance": "5c5b35000001",
"eddystone_uid_freq_msec": 200,
"eddystone_uid_adv_power": -65,
"eddystone_uid_beams": "2-4,7", // or 'default' to auto-set
// eddystone url
"eddystone_url_enabled": false,
"eddystone_url_url": "https://www.abc.com",
"eddystone_url_freq_msec": 1000,
"eddystone_url_adv_power": -65,
"eddystone_url_beams": "2-4,7", // or 'default' to auto-set
},
"wids": {
"repeated_auth_failures": {
"threshold": 4,
"duration": 60
}
},
"proxy": {
"url": "http://proxy.internal:8080/"
},
"ssh_keys": [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAA...Wxa6p6UW0ZbcP john@host"
],
"config_auto_revert": false,
"ap_matching": {
"enabled": true,
"rules": [
{
"name": "AP12",
"match_model": "AP12",
"port_config": {
"eth1,eth2": {
// see Device Config's port_config
}
}
},
}
},
"whitelist_url": "https://papi.s3.amazonaws.com/whitelist/xxx...",
"blacklist_url": "https://papi.s3.amazonaws.com/blacklist/xxx...",
"watched_station_url": "https://papi.s3.amazonaws.com/watched_station/xxx...",
// a set of heuristic rules will be enabled when marvis subscription is not available
// it triggers when, in a Z minute window (5<=Z<=60), there are more than Y distinct client encountring over
// X failures
"simple_alert": {
"dhcp_failure": {
"client_count": 10, // number of distinct clients having this failure, default is 10
"incident_count": 20, // number of failures we've seen, default is 10
"duration": 10 // failing within minutes, default is 10
},
"dns_failure": {
"client_count": 20,
"incident_count": 30,
"duration": 10
},
"arp_failure": {
"client_count": 10,
"incident_count": 10,
"duration": 20
}
},
// SLE thresholds
"sle_thresholds": {
"time-to-connect": {
"threshold": 5 // seconds, 2-10 in 2s increments, default is 4
},
"coverage": {
"threshold": 66 // dBm, 60-90 in 6 dB increments, default is 72
},
"capacity": {
"threshold": 30 // percentage, 10-50 in 10% increment, default is 20
}
},
"synthetic_test": {
"vlans": [
{
"vlan_ids": [10, 20],
"custom_test_urls": [ "http://www.abc.com/", "https://10.3.5.1:8080/about" ]
},
{
"vlan_ids": [30, 40],
// for some vlans where we don't want this to run
"disabled": true
}
],
// to override org setting
"wan_speedtest": {
"enabled": false, // default is false (i.e. disabled)
// optional
// by default, we'll look at the tarffic pattern and determine when to run automatically
"time_of_day": "02:00"
}
},
// you can define some URLs that's critical to site operaitons
// the latency will be captured and considered for site health
"critical_url_monitoring": {
"enabled": true,
// up to 5 monitors can be defined
"monitors: [
{
// currently only http and https are supported
"url": "http://50.1.3.5:8080",
"vlan_id": 3, // default is 1
},
...
]
},
//
// switch related
//
"switch_mgmt": {
"root_password": "asdfh61316saf",
// the rollback timer for commit confirmed. Default is 10, valid range should be 1-30.
"config_revert_timer" : 10,
// use mxedge as proxy
"use_mxedge_proxy": true,
"mxedge_proxy_host": "1.1.1.1",
"mxedge_proxy_port": 2222, // optional, default is 2222
// Enable to provide the FQDN with DHCP option 81. Default is false
"dhcp_option_fqdn": false
// Sets timeout for switches
"cli_idle_timeout": 1-60 (minutes)
// Set Banners for switches. Allows markup formatting
"cli_banner": "\t\tWELCOME!"
// Local user authentication
"local_accounts": {
"user1": {
"role": "admin", // none (default) / admin / read / helpdesk
"password": "Juniper123" // optional
},
}
// restrict inbound-traffic to host (draft)
"protect_re": {
"enabled": true
// when enabled, all traffic that is not essential to our operation will be dropped
// e.g. ntp / dns / traffic to mist will be allowed by default
// if dhcpd is enabled, we'll make sure it works
"hit_count": false, // whether to enable hit count for Protect_RE policy, default is false
// optionally, host/subnets we'll allow traffic to/from
"trusted_hosts": ["10.242.3.0/24"]
// optionally, services we'll allow
"allowed_services": ["icmp", "ssh"],
// optionally, custom acls
"custom": [
{
"subnets": ["10.1.2.0/24"],
"protocol": "tcp", // tcp / udp / icmp / any (default)
"port_range": "80,1035-1040", // matched dst port, "0" means any, default is "0"
}
]
}
"ap_affinity_threshold": 10,
"tacacs": {
"enabled": true,
"default_role": "admin", // admin / none (default) / read / helpdesk
"tacplus_servers": [
{
"host": "1.2.3.4",
"port": 49,
"secret": "testing123"
},
{
"host": "tacacs.internal",
"port": 49,
"secret": "testing123",
"timeout": 10 // by default is 10 seconds, timeout value from 1 - 90 seconds
}
],
"acct_servers": [
{
"host": "1.2.3.4",
"port": 49,
"secret": "testing123"
},
{
"host": "tacacs.internal",
"port": 49,
"secret": "testing123",
"timeout": 10 // by default is 10 seconds, timeout value from 1 - 90 seconds
}
],
// which network the TACACS server resides
"network": "default"
},
"radius": {
"enabled": true,
// by default, `radius_config` will be used
// if a different one has to be used
"use_different_radius": false,
// if use_different_radius = true, provide payload same way as those under `radius_config`
},
"disable_oob_down_alarm": true,
"fips_enabled": true, // default is false
// by default, when we configure a device, we only clean up config we generates. we'll remove existing configs if enabled. default is false
"remove_existing_configs": false
},
"port_mirroring": {
"port_mirror": {
"ingress_port_ids": ["ge-0/0/3", "ge-0/0/4"],
"ingress_networks": ["corp", "analyze"],
"output_port_id": "ge-0/0/5",
},
"port_mirror_test": {
"ingress_port_ids": ["ge-0/0/23"],
"egress_port_ids": ["ge-0/0/22", "ge-0/0/21"],
"output_network": "analyze",
},
"port_mirror_test_2": {
"ingress_port_ids": ["ge-0/0/11"],
"egress_port_ids": ["ge-0/0/12"],
"output_ip_address": "1.2.3.4",
}
}
"ntp_servers": [
"pool.ntp.org"
],
"dns_servers": [ "8.8.8.8", "4.4.4.4" ],
"dns_suffix": [ ".mist.local", ".mist.com" ],
// NOTE: if the site uses NetworkTemplate, NetworkTemplate takes precedence while this augments it
// i.e. only those not defined in network templates will be used
"networks": {
// default is assumed, cannot be changed
"default": {
"vlan_id": 1
},
// create more
"corp": {
"vlan_id": 60,
},
"guest": {
"vlan_id": 70,
// optional for pure switching, required when L3 / routing features are used
"subnet": "192.168.70.0/24",
// whether to stop clients to talk to each other, default is false (when enabled, a unique isolation_vlan_id is required)
// NOTE: this features requires uplink device to also a be Juniper device and `inter_switch_link` to be set
// on the connected ports
// also see `inter_isolation_network_link` and `community_vlan_id` in port_usage
"isolation": true, // default is false
"isolation_vlan_id": 3070
},
"mgmt": {
"vlan_id": 500
},
"voip": {
"vlan_id": 50,
"subnet": "192.168.50.0/24",
"gateway": "192.168.50.1"
}
},
// NOTE: if the site uses NetworkTemplate, NetworkTemplate takes precedence while this augments it
// i.e. only those not defined in network templates will be used
"port_usages": {
"ap": {
// the following parameter is assumed by default
"mode": "trunk",
"all_networks": true,
"stp_edge": true,
"port_network": "default",
"mtu": 9192,
// to limit networks it trunks
"all_networks": false,
"networks": [ "guest", "corp" ],
// to change the native network
"port_network": "mgmt",
// to make the port disabled
"disabled": true,
// if alternative name is desired
"description": "WAP",
// to add voip
"voip_network": "voip",
"enable_qos": true,
// if DHCP snooping is enabled, DHCP server is not allowed
"allow_dhcpd": false,
},
"uplink": {
// the following parameter is assumed by default
"mode": "trunk",
"all_networks": true,
"stp_edge": false,
"port_network": "default",
"enable_qos": false,
// inter_switch_link is used together with "isolation" under networks
// NOTE: inter_switch_link works only between Juniper device. This has to be applied to both ports connected
// together
"inter_switch_link": false, // default is false
// inter_isolation_network_link is used together with "isolation" under networks
// signaling that this port connects to the networks isolated
"inter_isolation_network_link": false, // default is false
// if this is connected to a vstp network
"use_vstp": true, // default is false
},
"iot": {
// the following parameter is assumed by default
"mode": "access",
"stp_edge": true,
"port_network": "default",
// if DHCP snooping is enabled, DHCP server is allowed
"allow_dhcpd": true,
// community_vlan_id is used together with "isolatin" under networks
// signaling that this port connects to the networks isolated but wired clients belong to the same community can talk to each other
"community_vlan_id": 3000
},
"default": {
// the following parameter is assumed by default and cannot be changed
"mode": "access",
"stp_edge": false, // we don't know how it will be connected at default state, not doing anything
"port_network": "default"
},
"dynamic": {
// this is a special mode where the actually usage is determined
// by a set of rules
// the port will start with `access` mode and isolated
// depending on the rules, if resolved, the port will have
// the resolved usage applied.
//
// if the port/link goes down, it goes back to the initial state
"mode": "dynamic",
// Control when the DPC port should be changed to the default port usage
// Configuring to none will let the DPC port keep at the current port usage.
// The default value is link_down
"reset_default_when": "none", // none or link_down.
// Control when the DPC port should be changed to the default port usage
// Configuring to none will let the DPC port keep at the current port usage.
// The default value is link_down
"reset_default_when": "none", // none or link_down.
"rules": [
// use LLDP attributes
{
"src": "lldp_system_name", // or lldp_chassis_id
"expression": "[0:3]", // "abcdef" -> "abc"
"split(.)[1]", // "a.b.c" -> "b"
"split(-)[1][0:3], // "a1234-b5678-c90" -> "b56"
"equals": "SENSOR",
"usage": "iot"
},
// use equals_any to match any item in a list
{
"src": "lldp_chassis_id",
"expression": "[0:17]",
“equals_any”: [“00:11:22:33:44:55", “00:11:22:33:44:66”, “00:11:22:33:44:77"],
"usage": "iot"
},
// use RADIUS (WIP)
{
"src": "radius_username", // or radius_group
"expression": "[0:3]", // "abcdef" -> "abc"
"split(.)[1]", // "a.b.c" -> "b"
"split(-)[1][0:3], // "a1234-b5678-c90" -> "b56"
"equals": "SENSOR"
"usage": "iot"
},
]
},
// additional usages can be defined
"user": {
"mode": "access",
"stp_edge": true,
"stp_required": true, // default is false. Whether to remain in block state if no BPDU is received
"stp_disable": true, // default is false. Drop bridge protocol data units (BPDUs ) that enter any interface or a specified interface. Cannot be set if stp_required is set on the same interface.
"port_network": "default",
// 802.1x
"port_auth": "dot1x",
"enable_mac_auth": false,
"mac_auth_only": True, // False by default. This options is accessible when enable_mac_auth is set to true.
"mac_auth_protocol": "eap-md5", // eap-md5 (default) / pap / eap-peap
"guest_network": null,
"server_reject_network": "net1"
"mac_auth_preferred": false, // when enable_mac_auth=true and mac_auth_only=false, dot1x will be given priority then mac_auth. Enable this to prefer mac_auth over dot1x.
"server_fail_network": "net2"
"reauth_interval": 3600, // default is 3600, range: 10-65535
"bypass_auth_when_server_down": false,
"bypass_auth_when_server_down_for_unknown_client": false,
"allow_multiple_supplicants": true // optional, default is false
"stp_p2p": true // optional, default is false
"stp_no_root_port": true // optional, default is false
// other port settings
"speed": "1g",
"duplex": "full",
"disable_autoneg": false,
"mac_limit": 2,
"poe_disabled": true,
"storm_control": {
"percentage": 80,
"no_multicast": false,
"no_unknown_unicast": true,
"no_broadcast": true,
"disable_port": true // default is false
},
// if dynamic vlan is used, specify the possible networks/vlans RADIUS can return
"dynamic_vlan_networks": ["corp", "user"],
},
},
// if some system-default port usages are not desired - namely, ap / iot / uplink
"disabled_system_defined_port_usages": [ "ap", "iot" ],
// by default, for any unassigned ports, `default` is assumed, to preserve the factory default behavior
// you can change it to something else
"default_port_usage": "disabled",
// by default, when we configure a device, we only clean up config we generates
// we'll remove existing configs if enabled
"remove_existing_configs": false, // defualt is false
"radius_config": {
"auth_servers_timeout": 5,
"auth_servers_retries": 3,
"auth_servers": [
{
"host": "1.2.3.4",
"port": 1812,
"secret": "testing123"
},
{
"host": "radius.internal",
"port": 1812,
"secret": "testing123"
}
],
"acct_servers": [
{
"host": "1.2.3.4",
"port": 1812,
"secret": "testing123"
}
],
"acct_interim_interval": 0,
// Enable COA. Default is false. When coa_port is not specified, 3799 is the default value.
“coa_enabled”: true,
“coa_port”: 3799,
// which network the RADIUS server resides, if there's static IP for this network,
// we'd use it as source-ip
"network": "default"
// or specifiy "source_ip" directly
"source_ip": "192.168.3.5"
},
"switch_matching": {
"enabled": true,
"rules": [
{
"name": "match by name",
"match_name[0:3]": "abc",
"match_model": "EX4300",
"port_config": {
"ge-0/0/0": {
"usage": "uplink"
},
"ge-0/0/8-16,ge-1/0/0-47": {
"usage": "ap"
},
// this is assumed
"*": {
"usage": "default"
}
},
"port_mirroring": {
"port_mirror": {
"input_port_ids_ingress": ["ge-0/0/4"],
"input_networks_ingress": ["test"],
"input_port_ids_egress": ["ge-0/0/5", "ge-0/0/6"],
"output_port_id": "ge-0/0/3",
},
"port_mirror_test": {
"input_port_ids_ingress": ["ge-0/0/3"],
"input_networks_ingress": ["iot"],
"input_port_ids_egress": ["ge-0/0/22", "ge-0/0/21"],
"output_port_id": "ge-0/0/4",
},
"port_mirror_test_2": {
"ingress_port_ids": ["ge-0/0/11"],
"egress_port_ids": ["ge-0/0/12"],
"output_ip_address": "1.2.3.4",
}
},
"stp_config": {
"bridge_priority": "8k"
},
// additional CLI commands to append if this rule matches
// NOTE: no check is done
"additional_config_cmds": [
"set snmp community public"
]
},
{
"name": "match by role",
"match_role": "access",
"port_config": {
"ge-0/0/0": {
"usage": "uplink"
}
},
// additional CLI commands to append if this rule matches
// NOTE: no check is done
"additional_config_cmds": [
"set snmp community public2"
]
}
]
},
// additional CLI commands to append to the generated config for switches
// NOTE: no check is done
"additional_config_cmds": [
],
// additional CLI commands to append to the generated config for gateways
// NOTE: no check is done
// for SRX
"gateway_additional_config_cmds": [
]
"ospf_areas": {
"0": {
"type": "default", // default (default) / stub / nssa
"include_loopback": false, // true / false
"networks": {
"corp": {
"interface_type": "broadcast", // broadcast (default) / nbma / p2p / p2mp
// optional
// BFD is enabled when either bfd_minimum_interval or bfd_multiplier is configured
"bfd_minimum_interval": none, // 1-255000 / 350 (default) when bfd_multiplier is configured alone
"bfd_multiplier": none, // 1-255 / 3 (default) when bfd_minimum_interval_is_configured alone
"metric": 10000, // none / 1-65535
"hello_interval": 10, // none / 1-255
"dead_interval": 40, // none / 1-65535
"auth_type": "md5", // none (default) / md5 / password
// if auth_type=='md5'
"auth_keys": {"1": "auth-key-1"},
// if auth_type=='password
"auth_password": "simple"
// by default, we'll re-advertise all learned OSPF routes toward overlay
"no_readvertise_to_overlay": false
"export_policy": "export_policy",
"import_policy": "import_policy"
},
"iot": {
},
"guest": {
"passive": true
}
},
}
},
"vrrp_groups": {
"0": {
"networks": {
"data": {
"ip": "10.182.96.1", //ip(virtual address) need under the same interface
},
"wap": {
"ip": "10.182.102.1",
},
"mgmt": {
"ip": "10.182.104.1",
},
"v10": {
"ip": "10.182.104.129",
}
},
// optional
"auth_type": "md5" / md5 / simple
// if auth_type=='md5'
"auth_key": "auth-key-1",
// if auth_type=='simple'
"auth_password": "simple"
},
},
// vrf
"vrf_instances": {
"guest": {
"networks": [ "guest" ],
"evpn_auto_lookback_subnet": "100.101.0.0/24",
"extra_routes": {
"0.0.0.0/0": {"via": "192.168.31.1"}
},
"aggregate_routes: {
"192.168.0.0/16": {}
}
}
},
// remote syslog
"remote_syslog": {
"enabled": true,
"send_to_all_servers": true,
"network": "default",
"time_format": "millisecond | year | year millisecond",
"archive": {
"files": 111,
"size": "5m"
},
"cacerts": [
"-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----",
"-----BEGIN CERTIFICATE-----\nBhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE-----"
],
"files": [
{
"file": "file-name",
"match": "!alarm|ntp|errors.crc_error[chan]",
"contents": [
{
"facility": "any | authorization | conflict-log | change-log | daemon | dfc | kernel | interactive-commands | ftp | firewall | external | pfe | ntp | security | user",
"severity": "any | alert | emergency | critical | warning | info | notice | error"
}
],
"archive": {
"files": 10,
"size": "5m"
},
"explicit_priority": true,
"structured_data": true
}
],
"servers": [
{
"server_name": "dc_syslog_server",
"host": "syslogd.internal",
"port": 514,
"protocol": "udp",
"facility": "config",
"severity": "info",
"tag": ""
"match": "!alarm|ntp|errors.crc_error[chan]",
"enable_tls": true, // only when protocol is tcp
"contents": [
{
"facility": "any | authorization | conflict-log | change-log | daemon | dfc | kernel | interactive-commands | ftp | firewall | external | pfe | ntp | security | user",
"severity": "any | alert | emergency | critical | warning | info | notice | error"
}
],
"explicit_priority": true,
"structured_data": true
}
],
"users": [
{
"user": "*",
"match": "!alarm|ntp|errors.crc_error[chan]",
"contents": [
{
"facility": "any | authorization | conflict-log | change-log | daemon | dfc | kernel | interactive-commands | ftp | firewall | external | pfe | ntp | security | user",
"severity": "any | alert | emergency | critical | warning | info | notice | error"
}
]
}
],
"console": {
"contents": [
{
"facility": "any | authorization | conflict-log | change-log | daemon | dfc | kernel | interactive-commands | ftp | firewall | external | pfe | ntp | security | user",
"severity": "any | alert | emergency | critical | warning | info | notice | error"
}
]
}
},
//
// gateway related
//
// skyatp
"skyatp": {
"enabled": true,
// optional
"send_ip_mac_mapping": true, // whether to send IP-MAC mapping to SkyATP
},
// paloalto firewall config
"paloalto_networks": {
"send_mist_nac_user_info": true,
"gateways": [
{
"api_url": "https://23.43.12.78:8443",
"api_key": "5abf7c8a-1a1c-4398-ba2d-b0c297094d1a"
}
]
},
// juniper srx firewall config
"juniper_srx": {
"send_mist_nac_user_info": true,
"gateways": [
{
"api_url": "https://23.43.12.78:8443"
"api_username": "john_doe",
"api_password": "abc@123"
}
]
},
// t128 ssr
"ssr": {
"conductor_hosts": [ "1.1.1.1", 2.2.2.2" ],
"conductor_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwc2siOiIxMj",
"disable_stats": false,
"proxy": {
"url": "http://proxy.internal:8080/"
}
},
"gateway_mgmt": {
// for SRX
"root_password": "4Ww6r&bzJQh#bm%uEU",
// for SSR, as direct root access is not allowed
"admin_sshkeys": [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAA...Wxa6p6UW0ZbcP john@host"
],
"disable_console": false, // for both SSR and SRX disable console port
"disable_oob": false, // for both SSR and SRX disable management interface
"disable_usb": false, // for SSR and SRX3xx disable usb interface
// consumes uplink bandwidth, requires WA license
"app_usage": false,
"security_log_source_address": "192.168.1.1",
"security_log_source_interface":"ge-0/0/1.0",
"probe_hosts": ["8.8.8.8"],
"probe_hostsv6": ["2001:4860:4860::8888"],
"app_probing": {
"enabled": true,
"apps": [ "facebook" ], // keys from /const/applications
"custom_apps": [
{
"name": "pos_app",
"protocol": "http", // http (default) / icmp
"hostnames": [ "www.abc.com" ], // when protocol is http, optional
"url": "www.abc.com", // when protocol is http, optional
"app_type": "", //
"address": "192.168.1.1", // when protocol is icmp
"network": "lan", // optional
"vrf_name": "lan" // optional
}
]
},
# signauture update for
"auto_signature_update": {
"enable": true, // default is true
"time_of_day": "11:30", // optional, Mist will decide the timing
"day_of_week": "sun" // optional, daily if omitted
},
// the rollback timer for commit confirmed. Default is 10, valid range should be 1-30.
"config_revert_timer" : 10,
// restrict inbound-traffic to host (draft)
"protect_re": {
"enabled": true
// when enabled, all traffic that is not essential to our operation will be dropped
// e.g. ntp / dns / traffic to mist will be allowed by default
// if dhcpd is enabled, we'll make sure it works
// optionally, host/subnets we'll allow traffic to/from
"trusted_hosts": ["10.242.3.0/24"]
// optionally, services we'll allow
"allowed_services": ["icmp", "ssh"],
// optionally, custom acls
"custom": [
{
"subnets": ["10.1.2.0/24"],
"protocol": "tcp", // tcp / udp / icmp / any (default)
"port_range": "80,1035-1040", // matched dst port, "0" means any, default is "0"
}
]
},
"fips_enabled": true // default is false
},
// when Templates are not used, Site Setting holds settings for multiple device types and they can differ
// to set device-type specific configs, use this
// whatever is defined under `switch/gateway` will overwrite/shadow the one at root-level
"switch": {
// same as above
// auto_upgrade is only performed first time the device is onboarded for now
"auto_upgrade": {
"enabled": true,
"snapshot": true, // default is false
"custom_versions": {
"QFX5130-32CD": "23.4R2-S2.3",
"QFX5120-32C": "23.4R2-S2.1",
}
}
},
"gateway": {
// same as above
},
//
// mxedge/mxtunnel related related
//
"mxtunnel": {
"enabled": false,
// default mxtunnel
"vlan_ids": [3, 5, 6, "7-9"],
"ap_subnets": "0.0.0.0/0", // optional, as this is hosted on-premises
"protocol": "udp",
"mtu": 1100,
"hello_interval": 60,
"hello_retries": 3,
// for AP, how to connect to tunterm or radsecproxy
"clusters": [
{
"name": "primary",
"tunterm_hosts": ["mxedge1", "mxedge2.local"],
}
],
"auto_preemption": {
"enabled": true,
"time_of_day": "12:00",
"day_of_week": "sun"
},
"additional_mxtunnels" {
"guest": {
"vlan_ids": [300, 310, 320],
"protocol": "udp",
"mtu": 1100,
"clusters": [
{
"name": "primary",
"tunterm_hosts": ["mxedge_guest"],
}
],
"hello_interval": 60,
"hello_retries": 3,
}
}
},
"tunterm_multicast_config": {
"mdns": {
"enabled": true,
"vlan_ids": [2, 3, 5]
},
"ssdp": {
"enabled": true,
"vlan_ids": [2, 3, 5]
},
"multicast_all": true
},
"mxedge": {
"radsec": {
// site mist edges form a cluster of radsecproxy servers
// see "radsec" under api/v1/docs/Org#mist-edge-cluster for schema
"additional_radsecs": {
"guest": {
// see "radsec" under api/v1/docs/Org#mist-edge-cluster for schema
}
}
},
"mist_das": {
// site mist edges form a cluster of cloud-assisted dynamic authorization servers
// see "mist_das" under api/v1/docs/Org#mist-edge-cluster for schema
},
// mist_nac
"mist_nac": {
"enabled": true,
"secret": "testing123",
"client_ips": {
"10.0.3.0/24": {
// convention to be followed is : "<vendor>-<variant>"
// <variant> could be an os/platform/model/company
// for ex: for cisco vendor, there could variants wrt
// os (such as ios, nxos etc), platforms (asa etc),
// or acquired companies (such as meraki, airnonet) etc.
//
// currentluy supported vendor values are:
// generic, juniper, aruba, paloalto,
// cisco-aironet, cisco-ios, cisco-meraki
"vendor": "cisco-ios",
"secret": "alternative_one", // optional, if different from above
// "site_id" is implicit
}
},
"auth_server_port": 1812, // optional, default is 1812
"acct_server_port": 1813, // optional, default is 1813
},
// nacedge
"mist_nacedge": {
"enabled": true,
"auth_ttl": 86400, // cache of last auth result; in seconds,
// 60-2592000; default is 604800
"default_vlan": "testVlan", // Default vlan to assign for devices
// not in the cache
"default_dot1x_vlan": "20", // default vlan for all dot1x devices,
// if different from default_vlan
"mxedge_hosts": ["mxedge1.local"] // list of NAC Edges in this site
},
},
"mxedge_mgmt": {
"mist_password": "MIST_PASSWORD",
"root_password": "ROOT_PASSWORD",
"fips_enabled": true, // default is false
"oob_ip_type": "disabled", // dhcp (default) / disabled
"oob_ip_type6": "disabled", // autoconf (default) / dhcp / disabled
"config_auto_revert": true, // default is false
},
"tunterm_monitoring_disabled": false,
"tunterm_monitoring": [
{
"protocol": "ping", // arp / ping / tcp
"host": "10.2.8.15", // can be ip, ipv6, hostname
"timeout": 300, // 60 - 3600, default is 300
// when protocol==tcp
"port": 80
}
],
// marvis
"marvis": {
"auto_operations": {
// default are all false
"bounce_port_for_abnormal_poe_client": false,
"disable_port_when_rogue_dhcp_server_detected": false,
"disable_port_when_ddos_protocol_violation": false
}
}
}
GET /api/v1/sites/:site_id/setting/derived
{
// ... same as /setting
// exposed from orgs
"zoom_accounts": [
{
"last_sync": 1738119600,
"last_status": "failed",
"account_id": "123451111",
"errors": ["OAuth token refresh failed, please re-link your account"]
}
],
"zoom_qss_accounts": [
{
"last_sync": 1738129500,
"last_status": "success",
"account_id": "123453333",
}
],
"teams_accounts": [
{
"last_sync": 1738119600,
"last_status": "success",
"account_id": "aaaaaaaa-1bed-4a49-9fd6-123456789012"
}
],
"prisma_accounts": [
{
"tsg_id": "1899598553",
"account_id": "171be693-8cd4-41f2-bac8-93b77b6a9c39",
"service_account_name": "mist-integration@18995xxxx",
"region": "americas",
"cloud_name": "api.sase.paloaltonetworks.com",
"service_connections": {
"MCD_LAB_SC_1": {
"region": "us-southwest"
}
},
// regions configured under this account
"regions": {
"us-southwest": {
"allocated_bandwidth": 50 // Mbps
}
}
}
]
}
| Name | Type | Description |
|---|---|---|
analytic.enabled |
boolean |
enable Advanced Analytic feature, default is false (using SUB-ANA license) |
app_waking |
boolean |
default is false |
auto_upgrade |
object |
auto upgrade |
auto_upgrade_esl |
object |
auto upgrade AP ESL. When both firmware and ESL auto-upgrade are enabled, ESL upgrade will be done only after firmware upgrade |
auto_upgrade_linecard |
boolean |
auto upgrade linecards (JUNOS), default is true |
bandwidth |
int |
channel width for the band, 20 / 40 / 80 / 160, 80 is only applicable for band_5, 160 is only for band_6 |
ble_config |
object |
BLE config (see Site:BLE Config) |
ble |
object |
BLE asset settings |
brightness |
int |
0-255, default is 255 |
channel |
int |
(primary) channel for the band, 0 means auto |
channels |
list |
list of channels, null or empty array means auto |
occupancy |
object |
occupancy settings |
zone-occupancy-alert |
object |
zone occupancy alert settings |
device_updown_threshold |
int |
enable threshold-based device down delivery via 1) device-updowns webhooks topic, 2) Mist Alert Framework; e.g. send AP/SW/GW down event only if AP/SW/GW Up is not seen within the threshold in minutes; 0 - 240, default is 0 (trigger immediate) |
ap_updown_threshold |
int |
enable threshold-based device down delivery for AP devices only. When configured it takes effect for AP devices and device_updown_threshold is ignored. |
gateway_updown_threshold |
int |
enable threshold-based device down delivery for Gateway devices only. When configured it takes effect for GW devices and device_updown_threshold is ignored. |
switch_updown_threshold |
int |
enable threshold-based device down delivery for Switch devices only. When configured it takes effect for SW devices and device_updown_threshold is ignored. |
bgp_neighbor_updown_threshold |
int |
enable threshold-based bgp neighbor down delivery. |
vpn_peer_updown_threshold |
int |
enable threshold-based vpn peer down delivery. |
vpn_path_updown_threshold |
int |
enable threshold-based vpn path down delivery. |
flags |
list |
name/val pair objects for location engine to use |
hello_interval |
float |
in seconds, used as heartbeat to detect if a tunnel is alive. AP will try another peer after missing N hellos specified by hello_retries. between 1 and 300, default is 60 seconds |
hello_retries |
int |
between 2 and 30, default is 7 |
led.enabled |
boolean |
whether to enable LED, default is true |
led |
object |
LED control |
model_specific |
object |
overwrites for a specific model. If a band is specified, it will shadow the default. |
config_auto_revert |
boolean |
whether to enable ap auto config revert, default is false |
mxtunnel.mtu |
int |
552-1500, default is 0 |
mxtunnel.auto_preemption |
object |
schedule to preempt ap’s which are not connected to preferred peer |
tunterm_multicast_config |
object |
tunterm multicast configs |
ntp_servers |
list |
list of NTP servers |
persist_config_on_device |
boolean |
whether to store the config on AP, default is false |
power_max |
int |
when power=0, min tx power to use, HW-specific values will be used if not set |
power_min |
int |
when power=0, min tx power to use, HW-specific values will be used if not set |
power |
int |
tx power of the radio, null or 0 means auto, when power_min=power_max=power=0 to indicate power=0 |
preamble |
string |
short / long / auto, default is short |
proxy |
object |
Proxy Configuration for APs and Site Edges to talk to Mist |
radio_config |
object |
site RF settings |
remote_syslog |
object |
syslog parameters |
report_gatt |
boolean |
default is false; whether AP should periodically connect to BLE devices and report GATT device info (device name, manufacturer name, serial number, battery %, temperature, humidity) |
rogue |
object |
rogue detection parameters |
rtsa |
object |
managed mobility |
ssh_keys |
list |
when limit_ssh_access = true in Org Setting, list of SSH public keys provided by Mist Support to install onto APs (see Org:Setting) |
track_anonymous_devices |
boolean |
default is false; whether to track anonymous BLE assets (requires ‘track_asset’ enabled) |
track_asset |
boolean |
enable Asset Tracking, default is false (using SUB-AST license) |
vars |
object |
a dictionary of name->value, values should only be strings. The vars can then be used for Device config generation |
wifi |
object |
managed connectivity |
| Name | Type | Description |
|---|---|---|
assets_enabled |
boolean |
indicate whether named BLE assets should be included in the zone occupancy calculation, default is false |
sdkclients_enabled |
boolean |
indicate whether SDK clients should be included in the zone occupancy calculation, default is false |
clients_enabled |
boolean |
indicate whether connected WiFi clients should be included in the zone occupancy calculation, default is true |
unconnected_clients_enabled |
boolean |
indicate whether unconnected WiFi clients should be included in the zone occupancy calculation, default is false |
min_duration |
int |
minimum duration, default is 3000 |
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
indicate whether zone occupancy alert is enabled for the site, default is false |
threshold |
int |
sending zone-occupancy-alert webhook message only if a zone stays non-compliant (i.e. actual occupancy > occupancy_limit) for a minimum duration specified in the threshold, in minutes, 0 - 30, default is 5 minutes |
email_notifiers |
array of strings |
list of email addresses to send email notifications when the alert threshold is reached |
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
enable WIFI feature, default is true (using SUB-MAN license) |
enable_arp_spoof_check |
boolean |
when proxy_arp is enabled, check for arp spoofing. default is false |
vna.enabled |
boolean |
enable Virtual Network Assistant, default is false (using SUB-VNA license) |
proxy_arp |
string |
default / enabled / disabled |
locate_unconnected |
boolean |
whether to locate unconnected clients, default is false |
mesh_enabled |
boolean |
whether to enable Mesh feature for the site, default is false |
mesh_allow_dfs |
boolean |
whether to allow Mesh to use DFS channels, default is false. For DFS channels, Remote Mesh AP would have to do CAC when scanning for new Base AP, which is slow and will distrupt the connection. If roaming is desired, keep it disabled. |
mesh_enable_crm |
boolean |
used to enable/disable CRM |
mesh_ssid |
string |
optional ssid of mesh networking, default is based on site_id |
mesh_psk |
string |
optional passphrase of mesh networking, default is generated randomly |
disable_11k |
boolean |
whether to disable 11k, default is false |
enable_unii_4 |
boolean |
whether to enable U-NII-4 band (channels 169, 173, 177), default is false |
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
whether or not remote syslog is enabled |
send_to_all_servers |
boolean |
whether or not send syslog to all servers |
servers |
list |
list of syslog servers |
host |
string |
host to which syslog is sent |
server_name |
string |
server to which syslog is sent |
protocol |
string |
udp / tcp, protocol to use for remote syslog, default is udp |
port |
int |
port on which to connect to host for syslog, default is 514 if protocol=udp, 6514 if protocol=tcp |
facility |
string |
kern / user / mail / daemon / auth / syslog / lpr / news / uucp / cron / authpriv / ftp / ntp / security / console / solaris-cron / local0 - local7, default is config |
severity |
string |
emerg / alert / crit / err / warning / notice / info / debug, default is info |
tag |
string |
optional, tag to attach to log record |
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
whether or not rogue detection is enabled |
honeypot_enabled |
boolean |
whether or not honeypot detection is enabled |
min_rssi |
int |
minimum RSSI for an AP to be considered neighbor (ignoring APs that’s far away), default is -80. Minimum allowed value is -85. |
min_duration |
int |
minimum duration for a bssid to be considered neighbor, maximum is 59, default is 10 |
min_rogue_rssi |
int |
minimum RSSI for an AP to be considered rogue, default is -80. Minimum allowed value is -85. |
min_rogue_duration |
int |
minimum duration for a bssid to be considered rogue, maximum is 59, default is 10 |
whitelisted_ssids |
list |
list of SSIDs to whitelist |
whitelisted_bssids |
list |
list of BSSIDs to whitelist |
allowed_vlan_ids |
list |
list of VLAN IDs on which rogue APs are ignored |
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
whether auto upgrade should happen, default is false (Note that Mist may auto-upgrade if the version is not supported) |
version |
string |
desired version, beta / stable / custom, default is stable |
time_of_day |
string |
any / HH:MM (24-hour format), upgrade will happen within up to 1-hour from this time |
day_of_week |
string |
any / mon / tue / wed / thu / fri / sat / sun |
custom_versions |
object |
custome versions for different models |
| Name | Type | Description |
|---|---|---|
dwell_tags |
object |
add tags to visits within the duration (in seconds), available tags (passerby, bounce, engaged, stationed) |
max_dwell |
int |
max time, default is 43200(12h), max is 68400 (18h) |
min_dwell |
int |
min time, default is 0. |
hours |
object |
hours of operation filter, the available days (mon, tue, wed, thu, fri, sat, sun). Note: If the dow is not defined then it’s treated as 00:00-23:59. |
NOTE: if hours does not exist, it’s treated as everyday of the week, 00:00-23:59. Currently we don’t allow multiple
ranges for the same day
NOTE: default values for dwell_tags: passerby (1,300) bounce (301, 14400) engaged (14401, 28800) stationed (28801,
42000)
NOTE: default values for dwell_tag_names: passerby = “Passerby”, bounce = “Visitor”, engaged = “Associates”, stationed
= “Assets”
| Name | Type | Description |
|---|---|---|
threshold |
int |
count of events to trigger |
duration |
int |
window where a trigger will be detected and action to be taken (in seconds) |
| Name | Type | Description |
|---|---|---|
hosts |
list |
hostnames or IPs where a Mist Tunnel will use as the Peer (i.e. they are reachable from AP) |
ap_subnets |
list |
list of subnets where we allow AP to establish Mist Tunnels from |
protocol |
list |
udp / ip, default is udp |
vlan_ids |
list |
list of vlan ids/ranges that will be used |
hello_interval |
float |
in seconds, used as heartbeat to detect if a tunnel is alive. AP will try another peer after missing N hellos specified by hello_retries. between 1 and 300, default is 60 seconds |
hello_retries |
int |
between 2 and 30, default is 7 |
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
whether auto preemption should happen, default is false |
time_of_day |
string |
any / HH:MM (24-hour format) |
day_of_week |
string |
any / mon / tue / wed / thu / fri / sat / sun |
Some important / cmmmon properties describing the network topology are captured in the following sections.
networks defines local network segments (think VLAN) that will be used for the siteport_usages defines how physical ports can be used (access/trunk, networks, whether to do dot1x)radius_config defines the RADIUS server configurations if dot1x is being usedswitch_matching allows definitions of some rules to provision similar swithces with same settings (
see Switch Config)ap_affinity_threshold ap_affinity_threshold can be added as a field under site/setting. By default this value is set to 12. If the field is set in both site/setting and org/setting, the value from site/setting will be used.port_mirroring port_mirroring can be added under site/settings. It takes interface and ports as input for ingress, interface as input for egress and can take interface and port as output.NOTE: names of networks or port_usages can only use a-z, 1-9, _, -, . and up to 32 characters
A network represents a network segment. It can either represent a VLAN (then usually ties to a L3 subnet), optionally
associate it with a subnet which can later be used to create addition routes. Used for ports
doing family ethernet-switching
It can also be a pure L3-subnet that can then be used against a port that with family inet.
| Name | Type | Description |
|---|---|---|
vlan_id |
int |
vlan the network is on. Usually used by port_usage that does switching |
subnet |
string |
subnet in CIDR format for the network. Optional for a switch port. |
| Name | Type | Description |
|---|---|---|
description |
string |
description |
mode |
string |
access (default) / trunk |
disabled |
bool |
whether the port is disabled, default is false |
all_networks |
bool |
if mode=trunk, whether to trunk all network/vlans, default is false |
networks |
list |
if mode=trunk, the list of network/vlans |
port_network |
string |
native network/vlan for untagged traffic |
stp_edge |
string |
when enabled, the port is not expected to receive BPDU frames |
server_reject_network |
string |
when radius server reject / fails |
mac_auth_preferred |
bool |
sets the order of authenticator. |
server_fail_network |
string |
sets server fail fallback vlan |
voip_network |
string |
network/vlan for voip traffic, must also set port_network. to authenticate device, set port_auth |
port_auth |
string |
if dot1x is desired, set to dot1x |
enable_mac_auth |
bool |
if port_auth=dot1x, whether to enable MAC Auth |
mac_auth_only |
bool |
if enable_mac_auth is set to True, this option is used to restrict authentication to use mac radius only. This will take priority over mac_auth_preferred. |
mac_auth_protocol |
bool |
if enable_mac_auth is set to True, this enables users to choose an authentication protocol among pap, eap-peap, and eap-md5. This type is ignored if mist_nac is enabled. |
guest_network |
string |
if port_auth=dot1x, which network to put the device into if the device cannot do dot1x. default is null (i.e. not allowed) |
reauth_interval |
int |
if port_auth=dot1x, reauthentication interval range: 10-65535, default is 3600 |
bypass_auth_when_server_down |
bool |
if port_auth=dot1x, bypass auth for known clients if set to true when RADIUS server is down |
bypass_auth_when_server_down_for_unknown_client |
bool |
if port_auth=dot1x, bypass auth for all (including unknown clients) if set to true when RADIUS server is down, |
speed |
string |
speed, default is auto to automatically negotiate speed |
duplex |
string |
link connection mode, choices are auto (default), full, and half |
disable_autoneg |
bool |
if speed and duplex are specified, whether to disable autonegotiation, default is false |
mac_limit |
int |
max number of mac addresses, default is 0 for unlimited, otherwise range is 1 or higher, with upper bound constrained by platform |
persist_mac |
bool |
if mode=access and port_auth!=dot1x, whether the port should retain dynamically learned MAC addresses, default is false |
poe_disabled |
bool |
whether PoE capabilities are disabled for a port, default is false |
storm_control |
object |
storm-control-profile settings |
mtu |
int |
media maximum transmission unit (MTU) is the largest data unit that can be forwarded without fragmentation. The default value is 1514. |
enable_qos |
bool |
whether QoS is enabled, default is false. When QoS is enabled, the default QoS setting is applied. |
allow_dhcpd |
bool |
whether DHCP server is allowed on the interfaces with. All the interfaces from |
| port configs using this port usage are effected. Please notice that allow_dhcpd is a tri-state. | ||
| When it is not defined, it means using the system’s default setting which depends on whether the port is a access or trunk port |
| Name | Type | Description |
|---|---|---|
percentage |
int |
bandwidth-percentage, configures the storm control level as a percentage of the available bandwidth, default is 80 |
no_broadcast |
bool |
whether to disable storm control on broadcast traffic, default is false |
no_unknown_unicast |
bool |
whether to disable storm control on unknown unicast traffic, default is false |
no_multicast |
bool |
whether to disable storm control on multicast traffic, default is false |
no_registered_multicast |
bool |
whether to disable storm control on registered multicast traffic, default is false |
disable_port |
bool |
whether to enable action-shutdown when the storm control level is exceeded, default is false |
In many scenarios, people have conventions like having port ge-0/0/0 as uplink, ge-0/0/5-42 for user devices, … for many switches in the same site. While it’s achievable by doing Switch Config on each of them, switch_matching allows them to use same setting by matching name/model/role.
Supported attributes: port_config, ip_config, oob_ip_config, uplink_port_config, additional_config_cmds
| Name | Type | Description |
|---|---|---|
lldp_chassis_id |
string |
MAC address of LLDP neighbor |
lldp_system_name |
string |
system name of LLDP neighbor |
lldp_serial_number |
string |
Serial number of LLDP neighbor |
lldp_hardware_revision |
string |
Hardware revision of LLDP neighbor |
lldp_manufacturer_name |
string |
The manufacturer of LLDP neighbor |
lldp_oui |
string |
The OUI of LLDP neighbor |
radius_username |
string |
The username of the connected supplicant. |
radius_usermac |
string |
The MAC address of the connected supplicant. |
radius_dynamicfilter |
string |
User policy filter sent by the RADIUS server. |
link_peermac |
string |
MAC address of the device directly connected to a port. |
OSPF Areas can be configured both in Site Level (Switch/Gateway Template) or Device (Switch/Gateway) Level
| Name | Type | Description |
|---|---|---|
ospf_areas |
object |
OSPF areas, key is the area id |
type |
string |
OSPF type, default (default) / stub / nssa |
networks |
object |
networks to participate in an OSPF area, key is the network name |
passive' |
bool |
whether to send OSPF-Hello, default is false |
auth_type |
string |
auth type, none (default) / md5 / password |
auth_keys |
object |
if auth_type==’md5’, the md5 keys |
auth_password |
string |
if auth_type==’password’, the password, max length is 8 |
interface_type |
string |
interface type, broadcast / nbma (non-broadcast multi-access) / p2p / p2mp, default is broadcast |
This endpoint is to provide list of client macs for annotation as whitelist, blacklist or watched station.
Retrieve the current clients list from ‘whitelist_url’, blacklist_url, or watched_station_url under Site:Setting
POST /api/v1/sites/:site_id/setting/blacklist
POST /api/v1/sites/:site_id/setting/whitelist
POST /api/v1/sites/:site_id/setting/watched_station
{
"macs": [
"18-65-90-de-f4-c6",
"84-89-ad-5d-69-0d"
]
}
This is to remove the client annotation list
DELETE /api/v1/sites/:site_id/setting/blacklist
DELETE /api/v1/sites/:site_id/setting/whitelist
DELETE /api/v1/sites/:site_id/setting/watched_station
Site UI settings
GET /api/v1/sites/:site_id/uisettings
POST /api/v1/sites/:site_id/uisettings
GET /api/v1/sites/:site_id/uisettings/:uisetting_id
PUT /api/v1/sites/:site_id/uisettings/:uisetting_id
DELETE /api/v1/sites/:site_id/uisettings/:uisetting_id
{
{
"isScopeLinked": true,
"defaultScopeId": "67970e46-4e12-11e6-9188-0242ad112847",
"name": "New Databoard",
"defaultScopeType": "site",
"isCustomDataboard": true,
"isTimeRangeLinked": true,
"tiles": [
{
"sortedColumns": null,
"rowspan": 2,
"chartBand": "2.4 ghz",
"name": "New Analysis",
"column": 1,
"colspan": 5,
"metric": {
"apiName": "client-dhcp-latency"
},
"timeRange": {
"end": 1508823743,
"name": "Past 7 Days",
"interval": "1d",
"start": 1508223600,
"usePreset": true,
"endDate": "10/23/2017",
"shortName": "7d"
},
"chartDirection": "tx + rx",
"chartRankBy": "",
"scopeType": "client",
"hideEmptyRows": true,
"scopeId": "e0c767834b4c",
"chartType": "timeSeries",
"vizType": "averageTimeSeriesChart",
"row": 1,
"trendType": "line",
"id": "7a9ab38c-cfc3-483d-b51a-0aec571fadc0-j956nurl",
"chartColor": "#00B4AD"
}
],
"defaultTimeRange": {
"end": 1508828400,
"name": "This Week",
"interval": "1d",
"start": 1508655600,
"usePreset": true,
"endDate": "10/23/2017",
"shortName": "thisWeek"
},
"description": "Description of the databoard",
"id": "3bdcc7e8-c04d-4512-b4fc-093da9057eb0",
"for_site": true,
"site_id": "67970e46-4e12-11e6-9188-0242ad112847",
"org_id": "6748cfa6-4e12-11e6-9188-0242asfad8365",
"created_time": 1508823803,
"modified_time": 1508823803,
"purpose": "databoard"
},
}
Get both site UI settings(for_site=true) and org UI settings (for_site=false)
GET /api/v1/sites/:site_id/uisettings/derived
This shows license usage (i.e. needed) based on the features enabled for the site.
GET /api/v1/sites/:site_id/licenses/usages
{
"usages": {
"SUB-MAN": 60
"SUB-LOC": 30
},
"org_entitled": {
"SUB-MAN": 60
"SUB-LOC": 30
},
"trial_enabled": false,
"vna_ui": false,
"vna_eligible": false,
"svna_eligible": false,
"wvna_eligible": false
}
| Name | Type | Description |
|---|---|---|
usages |
object |
subscriptions and their quantities |
org_entitled |
object |
license entitlement for the entire org |
vna_ui |
object |
if True, Conversational Assistant and Marvis Action available |
vna_eligible |
boolean |
eligibility for the AP/Client SLE |
svna_eligible |
boolean |
eligibility for the Switch SLE |
wvna_eligible |
boolean |
eligibility for the WAN SLE |
This API is called to view the other devices (3rd party devices) for a specific site.
GET /api/v1/sites/:site_id/otherdevices?vendor=:vendor
[
{
"vendor" : "cradlepoint",
"mac" : "5c5b35000018",
"serial" : "FXLH2015150025",
"model" : "AP41",
"name" : "hallway",
"site_id" : "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"device_mac" : "001122334455"
}
]
| Name | Type | Description |
|---|---|---|
vendor |
string |
the vendor |
mac |
string |
the mac address |
serial |
string |
the device’s serial number |
model |
string |
the model of the device |
name |
string |
the name of the device |
site_id |
string |
the site id where the device is located |
device_mac |
string |
the device mac |
Webhook defines a webhook, modeled after github’s model (https://developer.github.com/webhooks/)
See available webhook topic definitions in GET /api/v1/const/webhook_topics
/api/v1/sites/:site_id/webhooks
{
"name": "analytic",
"type": "http-post",
"url": "https://username:password@hooks.abc.com/uri/...",
"secret": "secret",
"headers":{
"x-custom-1": "your_custom_header_value1",
"x-custom-2": "your_custom_header_value2"
},
"verify_cert": false,
"enabled": true,
"topics": [
"alarms",
"asset-raw-rssi",
"audits",
"client-info",
"client-join",
"client-latency",
"client-sessions",
"device-events",
"device-updowns",
"guest-authorizations",
"location",
"location-asset",
"location-client",
"location-sdk",
"location-unclient",
"location-centrak"
"mxedge-events",
"nac-accounting",
"nac-events",
"occupancy-alerts",
"rssizone",
"sdkclient-scan-data",
"site-sle",
"vbeacon",
"zone",
],
"single_event_per_message": false,
"assetfilter_ids": [
"e06ecc2a-e75b-49bb-b9ea-b0e650cc8072",
"0d04d6be-8a00-48c6-ae79-38ff14450098",
"a73b4be2-66ea-4951-aa6c-9e63e1a3635f",
]
}
{
"name": "splunk-mist-alarms",
"type": "splunk",
"url": "https://my.splunk.host:8088/services/collector",
"splunk_token": "7d34bcab-7d3d-49d8-adcf-67747e1f3704",
"verify_cert": false,
"enabled": true,
"single_event_per_message": false,
"topics": [ "location", "zone", "vbeacon", "rssizone]
}
| Name | Type | Description |
|---|---|---|
name |
string |
name of the webhook |
enabled |
boolean |
whether webhook is enabled |
topics |
list |
list of subscribed topics: alarms/asset-raw/audits/client-info/client-join/client-latency/client-sessions/device-events/device-updowns/guest-authorizations/location/mxedge-events/nac-accounting/nac-events/occupancy-alerts/rssizone/sdkclient-scan-data/vbeacon/zone |
type |
string |
http-post (default) / splunk / oauth2 |
url |
string |
url |
verify_cert |
boolean |
when url uses HTTPS, whether to verify the certificate, default is true |
headers |
object |
optional, when type=http-post, if provided, additional custom HTTP headers will be added. the headers name and value must be string, total bytes of headers name and value must be less than 1000 |
secret |
string |
optional, when type=http-post, if provided, additional signature HTTP headers will be added (see note below) |
splunk_token |
string |
splunk token, required when type=splunk (If splunk_token is not defined for a type Splunk webhook, it will not send, regardless if the webhook receiver is configured to accept it.) |
oauth2_grant_type |
string |
client_credentials / password, required when type=oauth2 (see note below) |
oauth2_token_url |
string |
required when type=oauth2 |
oauth2_client_id |
string |
required when oauth2_grant_type=client_credentials |
oauth2_client_secret |
string |
required when oauth2_grant_type=client_credentials |
oauth2_username |
string |
required when oauth2_grant_type=password |
oauth2_password |
string |
required when oauth2_grant_type=password |
oauth2_scopes |
list |
optional, when type=oauth2, if provided, will be used in the token request |
single_event_per_message |
boolean |
optional. default is false. sometimes it’s not trivial/possible to parse multiple events from a single message (e.g. IBM Qradar, DSM), when enabled, only a single event will be sent per message. this feature is only available on certain topics - const/webhook_topics |
assetfilter_ids |
list |
list of ids to associated asset filters. These filters will be applied to messages routed to a filtered-asset-rssi webhook |
NOTE:
* when secret is provided, two HTTP headers will be added:
- X-Mist-Signature-v2: HMAC_SHA256(secret, body)
- X-Mist-Signature: HMAC_SHA1(secret, body)
* If headers format is invalid, “X-Mist-Error”: “headers format invalid” will be sent.
* If total bytes of headers exceed 1000, “X-Mist-Error”: “headers too big” will be sent.
* If any header value is not string, “X-Mist-Error”: “header[%s] not a string” will be sent.
* For oauth2_grant_type, Client Credentials Grant (client_credentials) and Resource Owner Password Credentials Grant (password) are supported.
* client-latency is supported only to customers who have sufficient SUB-VNA license.
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "location",
"events": [
{
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"x": 13.5,
"y": 3.2,
"timestamp": 1461220784,
// for SDK client
"type": "sdk",
"id": "de87bf9d-183f-e383-cc68-6ba43947d403",
"name": "optional",
// for WIFI
"type": "wifi",
"mac": "5684dae9ac8b",
// Optional for wifi
"wifi_beacon_extended_info": [
{"frame_ctrl": 776, "seq_ctrl": 772, "payload": "............"},
]
// for ASSET
"type": "asset",
"mac": "7fc2936fd243",
"ibeacon_uuid": "f3f17139-704a-f03a-2786-0400279e37c3",
"ibeacon_major": 13,
"ibeacon_minor": 138,
"eddystone_uid_namespace": "2818e3868dec25629ede",
"eddystone_uid_instance": "5c5b35000001",
"eddystone_url_url": "https://www.abc.com",
"mfg_company_id": 935,
"mfg_data": "648520a1020000",
"battery_voltage": 3370
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
id |
string |
unique id of the client (a client would have different id for different org) |
map_id |
string |
map id |
x |
float |
x, in meter |
y |
float |
y, in meter |
name |
string |
name of the client, may be empty |
timestamp |
int |
timestamp of the event, epoch |
mfg_company_id |
int |
optional, BLE manufacturing company ID |
mfg_data |
string |
optional, BLE manufacturing data in hex byte-string format (ie: “112233AABBCC”) |
wifi_beacon_extended_info |
list |
optional, list of extended beacon info packets heard from the client, frame and sequence control included with the payload |
frame_ctrl |
int |
subfield of wifi_beacon_extended_info. frame control field of 802.11 header |
seq_ctrl |
int |
subfield of wifi_beacon_extended_info. sequence control field of 802.11 header |
payload |
string |
subfield of wifi_beacon_extended_info. Extended Info Payload associated with frame |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "location-asset",
"events": [
{
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"x": 13.5,
"y": 3.2,
"timestamp": 1461220784,
// for ASSET
"type": "asset",
"mac": "7fc2936fd243",
"ibeacon_uuid": "f3f17139-704a-f03a-2786-0400279e37c3",
"ibeacon_major": 13,
"ibeacon_minor": 138,
"eddystone_uid_namespace": "2818e3868dec25629ede",
"eddystone_uid_instance": "5c5b35000001",
"eddystone_url_url": "https://www.abc.com",
"mfg_company_id": 935,
"mfg_data": "648520a1020000",
"battery_voltage": 3370
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
id |
string |
unique id of the client (a client would have different id for different org) |
map_id |
string |
map id |
x |
float |
x, in meter |
y |
float |
y, in meter |
name |
string |
name of the client, may be empty |
timestamp |
int |
timestamp of the event, epoch |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "location-client",
"events": [
{
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"x": 13.5,
"y": 3.2,
"timestamp": 1461220784,
// for WIFI
"type": "wifi",
"mac": "5684dae9ac8b",
// Optional for wifi
"wifi_beacon_extended_info": [
{"frame_ctrl": 776, "seq_ctrl": 772, "payload": "............"},
]
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
id |
string |
unique id of the client (a client would have different id for different org) |
map_id |
string |
map id |
x |
float |
x, in meter |
y |
float |
y, in meter |
name |
string |
name of the client, may be empty |
timestamp |
int |
timestamp of the event, epoch |
mfg_company_id |
int |
optional, BLE manufacturing company ID |
mfg_data |
string |
optional, BLE manufacturing data in hex byte-string format (ie: “112233AABBCC”) |
wifi_beacon_extended_info |
list |
optional, list of extended beacon info packets heard from the client, frame and sequence control included with the payload |
frame_ctrl |
int |
subfield of wifi_beacon_extended_info. frame control field of 802.11 header |
seq_ctrl |
int |
subfield of wifi_beacon_extended_info. sequence control field of 802.11 header |
payload |
string |
subfield of wifi_beacon_extended_info. Extended Info Payload associated with frame |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "location-sdk",
"events": [
{
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"x": 13.5,
"y": 3.2,
"timestamp": 1461220784,
// for SDK client
"type": "sdk",
"id": "de87bf9d-183f-e383-cc68-6ba43947d403",
"name": "optional",
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
id |
string |
unique id of the client (a client would have different id for different org) |
map_id |
string |
map id |
x |
float |
x, in meter |
y |
float |
y, in meter |
name |
string |
name of the client, may be empty |
timestamp |
int |
timestamp of the event, epoch |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "location-unclient",
"events": [
{
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"x": 13.5,
"y": 3.2,
"timestamp": 1461220784,
// for WIFI
"type": "wifi",
"mac": "5684dae9ac8b",
// Optional for wifi
"wifi_beacon_extended_info": [
{"frame_ctrl": 776, "seq_ctrl": 772, "payload": "............"},
]
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
map_id |
string |
map id |
x |
float |
x, in meter |
y |
float |
y, in meter |
timestamp |
int |
timestamp of the event, epoch |
mfg_company_id |
int |
optional, BLE manufacturing company ID |
mfg_data |
string |
optional, BLE manufacturing data in hex byte-string format (ie: “112233AABBCC”) |
wifi_beacon_extended_info |
list |
optional, list of extended beacon info packets heard from the client, frame and sequence control included with the payload |
frame_ctrl |
int |
subfield of wifi_beacon_extended_info. frame control field of 802.11 header |
seq_ctrl |
int |
subfield of wifi_beacon_extended_info. sequence control field of 802.11 header |
payload |
string |
subfield of wifi_beacon_extended_info. Extended Info Payload associated with frame |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "location-centrak",
"events": [
{
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"x": 13.5,
"y": 3.2,
"timestamp": 1461220784,
// for WIFI
"type": "wifi",
"mac": "5684dae9ac8b",
// Optional for wifi
"wifi_beacon_extended_info": [
{"frame_ctrl": 776, "seq_ctrl": 772, "payload": "............"},
]
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
map_id |
string |
map id |
x |
float |
x, in meter |
y |
float |
y, in meter |
timestamp |
int |
timestamp of the event, epoch |
mfg_company_id |
int |
optional, BLE manufacturing company ID |
mfg_data |
string |
optional, BLE manufacturing data in hex byte-string format (ie: “112233AABBCC”) |
wifi_beacon_extended_info |
list |
optional, list of extended beacon info packets heard from the client, frame and sequence control included with the payload |
frame_ctrl |
int |
subfield of wifi_beacon_extended_info. frame control field of 802.11 header |
seq_ctrl |
int |
subfield of wifi_beacon_extended_info. sequence control field of 802.11 header |
payload |
string |
subfield of wifi_beacon_extended_info. Extended Info Payload associated with frame |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "zone",
"events": [
{
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"zone_id": "8ac84899-32db-6327-334c-9b6d58544cfe",
"trigger": "enter",
"timestamp": 1461220784,
// for SDK client
"type": "sdk",
"id": "de87bf9d-183f-e383-cc68-6ba43947d403",
"name": "optional",
// for WIFI
"type": "wifi",
"mac": "5684dae9ac8b",
// for ASSET
"type": "asset",
"mac": "7fc2936fd243",
"asset_id": "c180b858-8f39-11e7-a7a5-346895ed1b7d"
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
id |
string |
uuid of SDK-client |
name |
string |
name of the client, may be empty |
site_id |
string |
site id |
map_id |
string |
map id |
zone_id |
string |
zone id |
trigger |
string |
enter / exit |
timestamp |
int |
timestamp of the event, epoch |
mac |
string |
mac address of wifi client or asset |
asset_id |
string |
uuid of named asset |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "device-events",
"events": [
{
"audit_id": "a8ec4d8a-4da6-4ead-a486-d0f72e40dd08",
"ap": "5c5b35000001",
"ap_name": "AP41 Near Lab",
"device_name": "AP41 Near Lab",
"device_type": "ap/switch/gateway",
"ev_type": "NOTICE",
"mac": "5c5b35000001",
"org_id": "2818e386-8dec-2562-9ede-5b8a0fbbdc71",
"reason": "power_cycle",
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"site_name": "Site 1",
"text": "event details",
"timestamp": 1461220784,
"type": "AP_RESTARTED"
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
audit_id |
string |
(optional) audit id |
ap |
string |
(will be deprecated soon; please use mac instead) ap mac |
ap_name |
string |
(will be deprecated soon; please use device_name instead) ap name |
device_name |
string |
device name |
device_type |
string |
device type (ap/switch/gateway) |
ev_type |
string |
(optional) event advisory (notice/warn) |
mac |
string |
device mac |
org_id |
string |
org id |
reason |
string |
(optional) event reason |
site_id |
string |
site id |
site_name |
string |
site name |
text |
string |
(optional) event description |
timestamp |
int |
time the event occurred e.g. 1565987313 |
type |
string |
event type |
device-updowns delivers subset of device-events as followin:
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "device-updowns",
"events": [
{
"org_id": "2818e386-8dec-2562-9ede-5b8a0fbbdc71",
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"type": "AP_RESTARTED",
"ap": "5c5b35000001",
"ap_name": "AP01",
"site_name": "SJ1"
"timestamp": 1461220784
}
]
}
For delivery examples for different alarms, please see GET /api/v1/const/alarm_defs
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "alarms",
"events": [
{
"aps": [
"5c5b350e1003"
],
"bssids": [
"00024a00310c",
"5c5b3500e10f",
"000f24090ff1",
"c03f0e76fe91",
"e091f512eda2",
"e894f6258a3f",
"40169f1157a4",
"40169f1151b2",
"c03f0e7aba91",
"5c5b35090ff3"
],
"count": 16,
"id": "95193bda-1fef-4ea6-9e5b-97c9f5e0655a",
"last_seen": 1549068720,
"ssids": [
"qwerty",
"A-Dot",
"xfinity",
"alpha"
],
"timestamp": 1549068202,
"type": "rogue-ap-detected",
"update": true,
"org_id": "2818e386-8dec-2562-9ede-5b8a0fbbdc71",
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b"
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
site_id |
string |
site id |
org_id |
string |
org id |
id |
string |
event id |
type |
string |
event type |
count |
string |
If present, represents number of events of given type occurred in current interval, default=1 |
update |
boolean |
If presents, represents that this is an update to event with given id sent earlier. default=false |
N.B.: Fields like aps, bssids, ssids are event specific. They are relevant to this event type (
rogue-ap-detected). For a different event type, different fields may be sent. These don’t contain all affected entities
and are representative samples of entities (capped at 10). For marvis action related events, we expose details to include
more event specific details.
Events specific fields for other alarm event type can be found with API /api/v1/const/alarm_defs, under “fields” array of /alarm_defs response object.
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 615
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "audits",
"events": [
{
"admin_name": "Chris Dao chris.dao@yahoo.com",
"device_id": "00000000-0000-0000-1000-5c5b350e01c7",
"id": "8e00dd48-b918-4d9b-b40d-b98989ac76a7",
"message": "Update Device \"Reception\"",
"org_id": "2818e386-8dec-2562-9ede-5b8a0fbbdc71",
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"src_ip": "73.92.124.103",
"timestamp": 1549047906.201053
}
]
}
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 382
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "client-join",
"events": [
{
"ap": “5c5b35d01338",
"ap_name": “AP43 Test",
"band": "5",
"bssid": "5c5b35df18a1",
"connect": 1592333828,
"connect_float": 1592333828.324,
"mac": "70ef0071535f",
"org_id": "6748cfa6-4e12-11e6-9188-0242ac110007",
"rssi": -54,
"site_id": "d761985e-49b1-4506-88e9-e0368a05c301",
"site_name": "Test",
"ssid": "Maui",
"timestamp": 1592333828,
"version": 2
"wlan_id": "6c0c0b07-0d77-44d1-9ab2-610aee9ce711",
}
]
}
| Name | Type | Description |
|---|---|---|
ap |
string |
mac address of the AP the client connected to |
ap_name |
string |
user-friendly name of the AP the client connected to. |
band |
string |
5GHz or 2.4GHz band |
ssid |
string |
ESSID |
connect |
int |
time when the user connects |
connect_float |
float |
floating point connect timestamp with millisecond precision |
mac |
string |
the client’s mac |
rssi |
int |
RSSI when the client associated |
org_id |
string |
Org ID |
site_id |
string |
Site ID |
site_name |
string |
name of site |
timestamp |
int |
time the message is sent. E.g. 1565987313 |
version |
int |
schema version of this message |
wlan_id |
string |
WLAN ID |
ip |
string |
ip address of client (optional, may be absent if not available) |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 596
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "client-sessions",
"events": [
{
"ap": “5c5b352f587e",
"ap_name": “AP41 Test",
"band": "5",
"bssid": "5c5b352b51b4",
"client_family": "iPhone",
"client_manufacture": "Apple",
"client_model": "8+",
"client_os": "13.4.1",
"connect": 1592333548,
"connect_float": 1592333548.117,
"disconnect": 1592333828,
"disconnect_float": 1592333828.589,
"duration": 279.835049793,
"mac": "70ef0071535f",
"next_ap": "5c5b35d01338",
"org_id": "6748cfa6-4e12-11e6-9188-0242ac110007",
"rssi": -87,
"site_id": "d761985e-49b1-4506-88e9-e0368a05c301",
"site_name": "Test",
"ssid": "Maui",
"termination_reason": 3,
"timestamp": 1592333828,
"version": 2
"wlan_id": "6c0c0b07-0d77-44d1-9ab2-610aee9ce711",
}
]
}
| Name | Type | Description |
|---|---|---|
ap |
string |
mac address of the AP the client roamed or disconnected from |
ap_name |
string |
user-friendly name of the AP the client roamed or disconnected from. |
band |
string |
5GHz or 2.4GHz band |
client_family |
string |
device family E.g. “Mac”, “iPhone”, “Apple watch” |
client_manufacture |
string |
device manufacturer E.g. “Apple” |
client_model |
string |
device model E.g. “8+”, “XS” |
client_os |
string |
device operating system E.g. “Mojave”, “Windows 10”, “Linux” |
connect |
int |
time when the user connects |
connect_float |
float |
floating point connect timestamp with millisecond precision |
disconnect |
int |
time when the user disconnects |
disconnect_float |
float |
floating point disconnect timestamp with millisecond precision |
duration |
float |
the duration of the roamed or complete session indicated by termination_reason field. |
mac |
string |
the client’s mac |
rssi |
int |
latest average RSSI before the user disconnects |
next_ap |
string |
the AP the client has roamed to. |
org_id |
string |
Org ID |
site_id |
string |
Site ID |
site_name |
string |
name of site |
ssid |
string |
ESSID |
termination_reason |
int |
1 disassociate - when the client disassociates. 2 inactive - when the client is timeout. 3 roamed - when the client is roamed between APs |
timestamp |
int |
time the message is sent. E.g. 1565987313 |
version |
int |
schema version of this message |
wlan_id |
string |
WLAN ID |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 191
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "client-info",
"events": [
{
"ip": "21.0.128.151",
"mac": "6ebaa47a3fd4",
"org_id": "0c160b7f-1027-4cd1-923b-744534c4b070",
"site_id": "6e77a2ea-d579-471c-9056-5ff5b4ed70ed",
"hostname": "service.company.net", // extracted from DHCP Option 12
"timestamp": 1703003296
}
]
}
| Name | Type | Description |
|---|---|---|
ip |
string |
IP address of client |
mac |
string |
the client’s mac |
org_id |
string |
Org ID |
site_id |
string |
Site ID |
hostname |
string |
Hostname of client |
timestamp |
float |
time at which IP address was assigned E.g. 1703003956 |
Raw data webhooks are a special subset of webhooks that provide insight into raw data packets emitted by a client, identified by their advertising MAC address (assets, discovered ble, connected wifi, unconnected wifi). The data that client raw data webhooks encompasses are reporting AP information, RSSI Data, and any special packets/telemetry packets that the client may emit. Note that client raw webhooks are the raw data coming from the client and do not contain the X,Y location data of the client. In order to get the location data for a client please see our location webhooks. Clients can be identified uniquely across these client raw data topics and location webhook topic using MAC address as the Unique identifier (client identifier).
Topics that correspond to client raw data for different client types. To be included in the http-post message for /api/v1/sites/:site_id/webhooks API.
1. asset-raw-rssi - Raw data from packets emitted by named and filtered assets
2. discovered-raw-rssi - Raw data from packets emitted by passive BLE devices
3. wifi-conn-raw - Raw data from packets emitted by connected devices
4. wifi-unconn-raw - Raw data from packets emitted by unconnected devices (passive)
1. Only one instance of a webhook object containing a client raw data webhook topic is allowed. (a site level entry will override an org level entry for the client raw data webhook topic in question)
2. Only one client raw data webhook topic is allowed per `http-post` message to webhooks api
POST /api/v1/sites/:site_id/webhooks
{
"name": "test-asset-raw",
"url": "https://xyz.abc",
"enabled": true,
"topics": [ "asset-raw-rssi"]
}
Response
HTTP 200 OK
Allow: GET, OPTIONS, POST
Content-Type: application/json
Vary: Accept
{
"name": "test-asset-raw",
"url": "https://eoipjcp8ktxjo8p.m.pipedream.net",
"enabled": true,
"topics": [
"asset-raw-rssi"
],
"verify_cert": true,
"id": "f1ff49e8-9f77-420a-9854-c7de46d7cf80",
"for_site": true,
"site_id": "site_id",
"org_id": "org_id",
"created_time": 1661300255,
"modified_time": 1661300255
}
Example of creating a second webhook integration for a raw client data topic when one already exists will return an error
POST /api/v1/sites/:site_id/webhooks
{
"name": "test-asset-raw-duplicate",
"url": "https://xyz.abc",
"enabled": true,
"topics": [ "asset-raw-rssi"]
}
HTTP 400 Bad Request
Allow: GET, OPTIONS, POST
Content-Type: application/json
Vary: Accept
{
"detail": "Webhook already configured for special location topic",
"webhook_id": "f1ff49e8-9f77-420a-9854-c7de46d7cf80"
}
Example of creating webhook integration for raw client data topic with multiple topic names in request
POST /api/v1/sites/:site_id/webhooks
{
"name": "invalid multiple topic names",
"url": "https://xyz.abc",
"enabled": true,
"topics": [ "discovered-raw-rssi", "wifi-conn-raw"]
}
HTTP 400 Bad Request
Allow: GET, OPTIONS, POST
Content-Type: application/json
Vary: Accept
{
"detail": "Only one location topic can be configured per URL"
}
{
"topic": "asset-raw-rssi",
"events": [
{
"ap_loc": [
36.03303862386182,
43.57022468463291,
2.75
],
"beam": 8,
"device_id": "00000000-0000-0000-1000-ac2316eca70b",
"ibeacon_major": 2,
"ibeacon_minor": 2121,
"ibeacon_uuid": "ac950d7b-af31-42d2-be7c-e15639fab2cd",
"is_asset": true,
"mac": "ed2cc53f2770",
"service_packets": [
{
"service_uuid": "UUID",
"service_data": "010441060606fe3d35700601cecbd902512f000001"
}
],
"map_id": "bd42f0c3-2e6a-4f8a-ac2d-d34e268c1418",
"org_id": "9c3e516c-397d-11e6-ae35-0242ac110008",
"rssi": -79,
"site_id": "27ea2f07-6fe6-4eab-be1b-b8e3ce083d67",
"timestamp": 1661300746
},
{
"ap_loc": [
36.03303862386182,
43.57022468463291,
2.75
],
"beam": 7,
"device_id": "00000000-0000-0000-1000-ac2316eca70b",
"mfg_company_id": 243,
"mfg_data": "00000000000000000000000000"
"is_asset": true,
"mac": "ed2cc53f2771",
"map_id": "bd42f0c3-2e6a-4f8a-ac2d-d34e268c1418",
"org_id": "9c3e516c-397d-11e6-ae35-0242ac110008",
"rssi": -74,
"site_id": "27ea2f07-6fe6-4eab-be1b-b8e3ce083d67",
"timestamp": 1661300746
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
site_id |
string |
site id |
map_id |
string |
map id |
org_id |
string |
org id |
device_id |
string |
device id of the reporting AP |
ap_loc |
list |
optional, coordinates (if any) of reporting AP (updated once in 60s per client) |
beam |
int |
antenna index, from 1-8, clock-wise starting from the LED |
rssi |
float |
signal strength |
mac |
string |
MAC of the asset/ beacon |
asset_id |
string |
asset id |
ibeacon_uuid |
string |
iBeacon UUID |
ibeacon_major |
string |
iBeacon major |
ibeacon_minor |
string |
iBeacon minor |
mfg_company_id |
int |
optional, BLE manufacturing company ID |
mfg_data |
string |
optional, BLE manufacturing data in hex byte-string format (ie: “112233AABBCC”) |
service_packets |
list |
optional, list of service data packets heard from the asset/ beacon |
service_data |
string |
optional, data from service data |
service_uuid |
string |
optional, UUID from service data |
{
"topic": "discovered-raw-rssi",
"events": [
{
"beam": 8,
"device_id": "00000000-0000-0000-1000-ac2316eca70b",
"ibeacon_major": 2,
"ibeacon_minor": 2121,
"ibeacon_uuid": "ac950d7b-af31-42d2-be7c-e15639fab2cd",
"is_asset": false,
"mac": "ed2cc53f2770",
"map_id": "bd42f0c3-2e6a-4f8a-ac2d-d34e268c1418",
"org_id": "9c3e516c-397d-11e6-ae35-0242ac110008",
"rssi": -79,
"site_id": "27ea2f07-6fe6-4eab-be1b-b8e3ce083d67",
"timestamp": 1661300746
},
{
"ap_loc": [
36.03303862386182,
43.57022468463291,
2.75
],
"beam": 7,
"device_id": "00000000-0000-0000-1000-ac2316eca70b",
"service_packets": [
{
"service_uuid": "UUID",
"service_data": "010441060606fe3d35700601cecbd902512f000001"
}
],
"is_asset": false,
"mac": "ed2cc53f2771",
"map_id": "bd42f0c3-2e6a-4f8a-ac2d-d34e268c1418",
"org_id": "9c3e516c-397d-11e6-ae35-0242ac110008",
"rssi": -74,
"site_id": "27ea2f07-6fe6-4eab-be1b-b8e3ce083d67",
"timestamp": 1661300746
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
site_id |
string |
site id |
map_id |
string |
map id |
org_id |
string |
org id |
device_id |
string |
device id of the reporting AP |
ap_loc |
list |
optional, coordinates (if any) of reporting AP (updated once in 60s per client) |
beam |
int |
antenna index, from 1-8, clock-wise starting from the LED |
rssi |
float |
signal strength |
mac |
string |
MAC of the asset/ beacon |
asset_id |
string |
asset id |
ibeacon_uuid |
string |
iBeacon UUID |
ibeacon_major |
string |
iBeacon major |
ibeacon_minor |
string |
iBeacon minor |
mfg_company_id |
int |
optional, BLE manufacturing company ID |
mfg_data |
string |
optional, BLE manufacturing data in hex byte-string format (ie: “112233AABBCC”) |
service_packets |
list |
optional, list of service data packets heard from the asset/ beacon |
service_data |
string |
optional, data from service data |
service_uuid |
string |
optional, UUID from service data |
{
"topic": "wifi-conn-raw",
"events": [
{
"ap_id": "ac-23-16-ec-a7-0b",
"ap_loc": [
36.03303862386182,
43.57022468463291,
2.75
],
"client_id": "28-f0-76-2d-22-1e",
"connected_site": false,
"mapid": "bd42f0c3-2e6a-4f8a-ac2d-d34e268c1418",
"orgid": "9c3e516c-397d-11e6-ae35-0242ac110008",
"packets": [
{
"band": "5GHz",
"rssi": -92
}
],
"siteid": "27ea2f07-6fe6-4eab-be1b-b8e3ce083d67"
},
{
"ap_id": "ac-23-16-ec-a7-0b",
"ap_loc": [
36.03303862386182,
43.57022468463291,
2.75
],
"client_id": "38-f9-d3-99-08-6e",
"connected_site": false,
"mapid": "bd42f0c3-2e6a-4f8a-ac2d-d34e268c1418",
"orgid": "9c3e516c-397d-11e6-ae35-0242ac110008",
"packets": [
{
"band": "5GHz",
"rssi": -94.333336
}
],
"extended_info_list": [
{
"frame_ctrl": 776,
"sequence_ctrl": 8432,
"payload": "010441060606fe3d35700601cecbd902512f000001"
}
],
"siteid": "27ea2f07-6fe6-4eab-be1b-b8e3ce083d67"
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
site_id |
string |
site id |
map_id |
string |
map id |
org_id |
string |
org id |
ap_id |
string |
MAC address of the reporting AP |
ap_loc |
list |
optional, coordinates (if any) of reporting AP (updated once in 60s per client) |
client_id |
string |
MAC of the wifi device |
connected_site |
bool |
connected wifi client or passive wifi device |
packets |
list |
band-wise average rssi reported by Wifi device |
rssi |
float |
signal strength |
band |
string |
band associated with RSSI |
extended_info_list |
list |
optional, list of specific telemetry packets emited by certain wifi tags (Eg. Centrak) |
frame_ctrl |
int |
optional, Frame Control |
sequence_ctrl |
int |
optional, Sequence control |
payload |
string |
optional, payload from the wifi beacon |
{
"topic": "wifi-unconn-raw",
"events": [
{
"ap_id": "ac-23-16-ec-a7-0b",
"ap_loc": [
36.03303862386182,
43.57022468463291,
2.75
],
"client_id": "28-f0-76-2d-22-1e",
"connected_site": false,
"mapid": "bd42f0c3-2e6a-4f8a-ac2d-d34e268c1418",
"orgid": "9c3e516c-397d-11e6-ae35-0242ac110008",
"packets": [
{
"band": "5GHz",
"rssi": -92
}
],
"siteid": "27ea2f07-6fe6-4eab-be1b-b8e3ce083d67"
},
{
"ap_id": "ac-23-16-ec-a7-0b",
"ap_loc": [
36.03303862386182,
43.57022468463291,
2.75
],
"client_id": "38-f9-d3-99-08-6e",
"connected_site": false,
"mapid": "bd42f0c3-2e6a-4f8a-ac2d-d34e268c1418",
"orgid": "9c3e516c-397d-11e6-ae35-0242ac110008",
"packets": [
{
"band": "5GHz",
"rssi": -94.333336
}
],
"siteid": "27ea2f07-6fe6-4eab-be1b-b8e3ce083d67"
}
]
}
| Name | Type | Description |
|---|---|---|
topic |
string |
topic subscribed to |
events |
list |
list of events |
site_id |
string |
site id |
map_id |
string |
map id |
org_id |
string |
org id |
ap_id |
string |
MAC address of the reporting AP |
ap_loc |
list |
optional, coordinates (if any) of reporting AP (updated once in 60s per client) |
client_id |
string |
MAC of the wifi device |
connected_site |
bool |
connected wifi client or passive wifi device |
packets |
list |
band-wise average rssi reported by Wifi device |
rssi |
float |
signal strength |
band |
string |
band associated with RSSI |
extended_info_list |
list |
optional, list of specific telemetry packets emited by certain wifi tags (Eg. Centrak) |
frame_ctrl |
int |
optional, Frame Control |
sequence_ctrl |
int |
optional, Sequence control |
payload |
string |
optional, payload from the wifi beacon |
The asset-raw-rssi webhook topic supports filtering of raw data by incorporating asset filters in the webhook payload.
The filter topic allows multiple Webhooks to receive a subset of the asset-raw-rssi data by assigning asset filters to a given webhook.
The asset-raw-rssi filter topic is filtered-asset-rssi.
A webhook assigned to a filter topic can take a list of AssetFilter IDs, which act as inclusive filters to determine which named asset and filtered asset data is sent to the assigned filter topic. Filters can be applied to multiple webhooks, and the same data can be sent to multiple filter topics.
POST /api/v1/sites/:site_id/webhooks
{
"name": "test-filtered-asset-rssi",
"url": "https://xyz.abc",
"enabled": true,
"topics": [ "filtered-asset-rssi"],
"assetfilter_ids": [
"e06ecc2a-e75b-49bb-b9ea-b0e650cc8072",
"0d04d6be-8a00-48c6-ae79-38ff14450098",
"a73b4be2-66ea-4951-aa6c-9e63e1a3635f",
]
}
Response
HTTP 200 OK
Allow: GET, OPTIONS, POST
Content-Type: application/json
Vary: Accept
{
"name": "test-filtered-asset-rssi",
"url": "https://eoipjcp8ktxjo8p.m.pipedream.net",
"enabled": true,
"topics": [
"filtered-asset-rssi"
],
"verify_cert": true,
"id": "f1ff49e8-9f77-420a-9854-c7de46d7cf80",
"for_site": true,
"site_id": "site_id",
"org_id": "org_id",
"assetfilter_id": [
"e06ecc2a-e75b-49bb-b9ea-b0e650cc8072",
"0d04d6be-8a00-48c6-ae79-38ff14450098",
"a73b4be2-66ea-4951-aa6c-9e63e1a3635f",
],
"created_time": 1661300255,
"modified_time": 1661300255
}
Example of adding an malformed assetfilter_id to a webhook
POST /api/v1/sites/:site_id/webhooks
{
"name": "test-asset-raw-malformed-assetfilter-id",
"url": "https://xyz.abc",
"enabled": true,
"topics": [ "filtered-asset-rssi"],
"assetfilter_ids": [
"non_existant_assetfilter_id",
]
}
HTTP 400 Bad Request
Allow: GET, OPTIONS, POST
Content-Type: application/json
Vary: Accept
{
"detail": "invalid field: assetfilter_ids"
}
Example of adding an invalid assetfilter_id to a webhook
POST /api/v1/sites/:site_id/webhooks
{
"name": "test-asset-raw-non-existant-assetfilter-id",
"url": "https://xyz.abc",
"enabled": true,
"topics": [ "filtered-asset-rssi"],
"assetfilter_ids": [
"00000000-0000-0000-0000-000000000000",
]
}
HTTP 400 Bad Request
Allow: GET, OPTIONS, POST
Content-Type: application/json
Vary: Accept
{
"detail": "invalid field: assetfilter_ids"
}
Example of adding a duplicate assetfilter_id to a webhook
POST /api/v1/sites/:site_id/webhooks
{
"name": "test-asset-raw-duplicate-assetfilter-ids",
"url": "https://xyz.abc",
"enabled": true,
"topics": [ "filtered-asset-rssi"],
"assetfilter_ids": [
"e06ecc2a-e75b-49bb-b9ea-b0e650cc8072",
"e06ecc2a-e75b-49bb-b9ea-b0e650cc8072",
]
}
HTTP 400 Bad Request
Allow: GET, OPTIONS, POST
Content-Type: application/json
Vary: Accept
{
"detail": "invalid field: assetfilter_ids",
"reason": "contains duplicate uuids"
}
Example of attempting to create a filter webhook at an org level
POST /api/v1/orgs/:org_id/webhooks
{
"name": "test-asset-raw-org-level-filter-webhook",
"url": "https://xyz.abc",
"enabled": true,
"topics": [ "filtered-asset-rssi"],
"assetfilter_ids": [
"e06ecc2a-e75b-49bb-b9ea-b0e650cc8072",
]
}
HTTP 400 Bad Request
Allow: GET, OPTIONS, POST
Content-Type: application/json
Vary: Accept
{
"detail": "invalid field: topics",
"reason": "filtered asset webhooks must be associated with a site"
}
send a Ping event to the webhook
POST /api/v1/sites/:site_id/webhooks/:webhook_id/ping
{
"topic": "ping",
"events": [
{
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"id": "18ff1f91-a9e0-c3b7-74ea-2ce4ea372f72",
"name": "my webhook",
"timestamp": 1461220784
}
]
}
{
"topic": "occupancy-alerts",
"events": [
{
"alert_events": [
{
"current_occupancy": 10,
"map_id": "f5d26c7f-1670-4921-a79d-09f887f46b44",
"occupancy_limit": 5,
"org_id": "6748cfa6-4e12-11e6-9188-0242ac110007",
"timestamp": 1594861457,
"type": "COMPLIANCE-VIOLATION",
"zone_id": "b83312a7-7269-4ae1-bea8-e7cfe0e3073c",
"zone_name": "PLM and Leadership"
},
{
"current_occupancy": 20,
"map_id": "f5d26c7f-1670-4921-a79d-09f887f46b44",
"occupancy_limit": 10,
"org_id": "6748cfa6-4e12-11e6-9188-0242ac110007",
"timestamp": 1594861457,
"type": "COMPLIANCE-VIOLATION",
"zone_id": "80acf542-e863-43cf-9efd-9295468585e7",
"zone_name": "CSQA"
},
{
"current_occupancy": 9,
"map_id": "f5d26c7f-1670-4921-a79d-09f887f46b44",
"occupancy_limit": 4,
"org_id": "6748cfa6-4e12-11e6-9188-0242ac110007",
"timestamp": 1594861457,
"type": "COMPLIANCE-VIOLATION",
"zone_id": "a4c7a7c2-880e-4a0e-9626-02e5a9471f86",
"zone_name": "Marketing & Sales Ops"
}
],
"site_id": "67970e46-4e12-11e6-9188-0242ac110007",
"site_name": "TRUE MIST OFFICE [STAGING]"
}
]
}
| Name | Type | Description |
|---|---|---|
site_id |
string |
Site ID |
site_name |
string |
user-friendly name of site |
alert_events |
array |
list of occupancy alerts for non-compliance zones within the site detected around the same time |
org_id |
string |
Org ID |
type |
string |
event type (COMPLIANCE-VIOLATION / COMPLIANCE-OK) |
timestamp |
int |
time the message is sent. E.g. 1565987313 |
map_id |
string |
Map ID of the zone the event type is reported |
zone_id |
string |
Zone ID of the zone the event type is reported |
zone_name |
string |
user-friendly name of zone if it exists |
occupancy_limit |
int |
occupancy limit of the zone the event type is reported |
current_occupancy |
int |
Actual occupancy of the zone the event type is reported |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 596
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "sdkclient-scan-data",
"events": [
{
"connection_ap": “5c5b352f587e",
"connection_band": "2.4",
"connection_channel": 11,
"connection_bssid": "5c5b352b51b4",
"mac": "70ef0071535f",
"connection_rssi": -87,
"site_id": "d761985e-49b1-4506-88e9-e0368a05c301",
"last_seen": 1592333828,
"scan_data": [
{
"ap": “5c5b352f587e",
"bssid": "5c5b352b51b4",
"band": "2.4",
"channel": 11,
"rssi": -87
"ssid": "mist-wifi",
"timestamp": 1592333828
},
{
"ap": “5c5b352f587e",
"bssid": "5c5b352b51b8",
"band": "5",
"channel": 36,
"rssi": -75
"ssid": "mist-wifi",
"timestamp": 1592333828
}
]
}
]
}
| Name | Type | Description |
|---|---|---|
connection_ap |
string |
mac address of the AP the client is connected to |
connection_band |
string |
5GHz or 2.4GHz band, of the BSSID the client is connected to |
connection_channel |
int |
channel of the band the client is connected to |
connection_bssid |
string |
BSSID of the AP the client is connected to |
mac |
string |
the client’s mac |
connection_rssi |
int |
RSSI of the client’s connection to the AP/BSSID |
site_id |
string |
Site ID |
last_seen |
int |
time client last seen with scan data |
ap |
string |
mac address of the AP associated with the BSSID scanned |
band |
string |
5GHz or 2.4GHz band, associated with the BSSID scanned |
channel |
int |
channel of the band found in the scan |
bssid |
string |
BSSID found during client’s background scan for wifi |
rssi |
int |
client’s RSSI relative to the BSSID scanned |
ssid |
string |
ESSID containing the BSSID scanned |
timestamp |
int |
time the scan of the particular BSSID occurred |
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 596
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "site-sle",
"events": [
{
"timestamp": 1694620800,
"org_id": “2818e386-8dec-2562-9ede-5b8a0fbbdc71",
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"sle": {
"ap-availability": 0.6,
"time-to-connect": 0.9,
"successful-connect": 0.7,
...
}
}
]
}
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 596
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic":"client-latency",
"events": [
{
"avg_auth": 0.17170219,
"avg_dhcp": 0.017828934,
"avg_dns": 0.024532124,
"min_auth": 0.16050219,
"min_dhcp": 0.015828934,
"min_dns": 0.022532124,
"max_auth": 0.18170219,
"max_dhcp": 0.027828934,
"max_dns": 0.029532124,
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"org_id": "2818e386-8dec-2562-9ede-5b8a0fbbdc71",
"timestamp": 1696401600
}
]
}
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 596
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "guest-authorizations",
"events": [
{
"ap":"5c5b350e55c8",
"auth_method": "passphrase",
"authorized_expiring_time":1677076639,
"authorized_time":1677076519,
"carrier": "docomo",
"client": "ac2316eca70a",
"company": "MIST",
"email": ""abcd@abcd.com",
"field1": "field1 value",
"field2": "field2 value",
"field3": "field3 value",
"field4": "field4 value",
"mobile": "+0123456789",
"name": "Dr Strange",
"org_id":"1688605f-916a-47a1-8c68-f19618300a08",
"site_id":"ec3b5624-73f1-4ed3-b3fd-5ba3ee40368a",
"sms_gateway": "Telstra",
"sponsor_email": "sponsor@gmail.com",
"ssid":"Portal Auth",
"wlan_id":"7681be9a-044a-4622-90cf-3accde5ad853",
}
]
}
| Name | Type | Description |
|---|---|---|
ap |
string |
mac address of the AP the guest is connected to |
auth_method |
string |
authentication method used |
authorized_expiring_time |
int |
expiry time for guest |
authorized_time |
int |
time of authorization of guest |
carrier |
string |
carrier used when authentication by free cell provider |
client |
string |
client mac |
email |
string |
guest email |
field1 |
string |
field1 value |
field2 |
string |
field2 value |
field3 |
string |
field3 value |
field4 |
string |
field4 value |
mobile |
string |
mobile number |
name |
string |
guest name |
org_id |
string |
org id |
site_id |
string |
site id |
sms_gateway |
string |
sms gateway used via text auth paid service |
ssid |
string |
ssid |
wlan_id |
string |
wlan id |
Topics Supported:
- alarms
- audits
- device-updowns
- occupancy-alerts
- ping
GET /api/v1/sites/:site_id/webhooks/:webhook_id/events/search?status=success&topic=device-updowns&limit=10
| Name | Type | Description |
|---|---|---|
org_id |
string |
org ID |
site_id |
string |
site ID |
webhook_id |
string |
webhook object ID |
status |
string |
optional, success / failure |
status_code |
int |
optional, HTTP response status code |
topic |
string |
optional, webhook topic |
{
"results": [
{
"id" : "47ea9366-bf66-427a-886a-153104bbf355",
"org_id" : "929e52a7-9edc-4e2f-a836-1af577b043ed",
"site_id" : "21134243-0667-44ae-8f58-42b640ad39bb",
"webhook_id" : "6b0b5d05-430a-4414-86ca-eb081aff03e8",
"status_code" : 200,
"status": "success",
"topic" : "ping",
"req_headers" : "{"Content-Type":["application/json"],"User-Agent":["Mist-webhook"]}",
"req_url" : "http://example.com",
"req_payload" : "{"topic":"ping","events":[{"id":"6b0b5d05-430a-4414-86ca-eb081aff03e8","name":"webhook event delivery test","site_id":"21134243-0667-44ae-8f58-42b640ad39bb","timestamp":1685985159.0102212}]}",
"resp_headers" : "{"Access-Control-Allow-Credentials":["true"],"Access-Control-Allow-Methods":["OPTIONS, HEAD, GET, POST, PUT, DELETE"],"Access-Control-Allow-Origin":["*"],"Access-Control-Expose-Headers":["Date, Server, X-Frame-Options"],"Access-Control-Max-Age":["3600"],"Content-Length":["3"],"Content-Type":["text/html; charset=utf-8"],"Date":["Mon, 05 Jun 2023 17:12:39 GMT"],"Server":["Apache/2.4.18 (Ubuntu)"],"X-Frame-Options":["SAMEORIGIN"]}",
"resp_body" : "Ok"
},
{
"id" : "55b0f02f-ebf6-4ad2-8b10-200508a97581",
"org_id" : "fc7e2967-e7ef-41e6-b007-1217713de05a",
"site_id" : "256c3a35-9cb7-436e-bc6d-314972645d95",
"webhook_id" : "7a11b901-f719-4c91-8aef-deb8699a6364",
"status_code" : 200,
"status": "success",
"topic" : "audits",
"req_headers" : "{"Content-Type":["application/json"],"User-Agent":["Mist-webhook"]}",
"req_url" : "http://example.com",
"req_payload" : "{"topic":"audits","events":[{"admin_name":"John Doe john.doe@juniper.net","after":"{\"radio_config\": {\"band_24\": {\"disabled\": false, \"allow_rrm_disable\": false, \"power_min\": null, \"power_max\": null, \"power\": 10, \"preamble\": \"short\", \"channels\": [1, 10], \"bandwidth\": 20}}}","before":"{\"radio_config\": {\"band_24\": {\"disabled\": false, \"allow_rrm_disable\": false, \"power_min\": 8, \"power_max\": 18, \"power\": null, \"preamble\": \"long\", \"channels\": [1, 10], \"bandwidth\": 20}}}","id":"737909a2-04ff-4aeb-b9da-cc924e74a4dd","message":"Update Site Settings","org_id":"fc7e2967-e7ef-41e6-b007-1217713de05a","site_id":"256c3a35-9cb7-436e-bc6d-314972645d95","site_name":"Test Site","src_ip":"1.2.3.4","timestamp":1685956576.923601,"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"}]}",
"resp_headers" : "{"Access-Control-Allow-Credentials":["true"],"Access-Control-Allow-Methods":["OPTIONS, HEAD, GET, POST, PUT, DELETE"],"Access-Control-Allow-Origin":["*"],"Access-Control-Expose-Headers":["Date, Server, X-Frame-Options"],"Access-Control-Max-Age":["3600"],"Content-Length":["3"],"Content-Type":["text/html; charset=utf-8"],"Date":["Mon, 05 Jun 2023 09:16:17 GMT"],"Server":["Apache/2.4.18 (Ubuntu)"],"X-Frame-Options":["SAMEORIGIN"]}",
"resp_body" : "Ok"
}
]
}
Additional Response fields:
| Name | Type | Description |
|---|---|---|
id |
string |
delivery ID |
req_headers |
object |
HTTP request headers |
req_url |
string |
HTTP request URL |
req_payload |
object |
HTTP request payload |
resp_headers |
object |
HTTP response headers |
resp_body |
string |
HTTP response body |
error |
string |
error message, if there is one |
GET /api/v1/sites/:site_id/webhooks/:webhook_id/events/count?distinct=status&topic=device-updowns&limit=10
| Name | Type | Description |
|---|---|---|
org_id |
string |
org ID |
site_id |
string |
site ID |
webhook_id |
string |
webhook object ID |
distinct |
string |
optional, status / topic / status_code / webhook_id (default) |
status |
string |
optional, success / failure |
status_code |
int |
optional, HTTP response status code |
topic |
string |
optional, webhook topic |
{
"results": [
{
"status": "success",
"count": 20
},
{
"status": "failure",
"count": 1
}
],
"limit": 10,
"start": 1712085924,
"end": 1712172324,
"distinct": "status",
"total": 2
}
Subscriptions define how Site Alerts/Reports are delivered to whom
POST /api/v1/sites/:site_id/subscriptions
DELETE /api/v1/sites/:site_id/subscriptions
GET /api/v1/self/subscriptions
To improve performance and reduce response size, please use paginated requests. We strongly recommend specifying pagination parameters when calling these endpoints. Even though a call without pagination parameters will return the full list of device stats, this behavior is temporary. In the future, paginated responses (with default values of limit=100 and page=1) will be enforced.
Query Parameters for Pagination:
limit: The maximum number of items to return per page (default is 100).page: The page number to return (default is 1).When you include these parameters in your request, the response will also contain the following HTTP headers:
- X-Page-Page: The current page number.
- X-Page-Limit: The limit per page.
- X-Page-Total: The total number of items in the result set.
/stats returns a combined view of the device which includes configs and stats.
GET /api/v1/sites/:site_id/stats/devices?limit=100&page=1
| Name | Type | Description |
|---|---|---|
type |
string |
ap, switch, gateways, all. Default is ap |
status |
string |
all, connected, disconnected. Default is all |
[
{
# information from manufacturing, immutable
"mac": "5c5b35000010",
"model": "AP200",
"type": "ap",
"serial": "FXLH2015170017",
"last_seen": 1470417522,
# configurations
"name": "conference room",
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"x": 53.5,
"y": 173.1,
"radio_config": {
"band_24": {
"channel": 0,
"bandwidth": 20,
"power": 0,
"dynamic_chaining_enabled": false,
"tx_chain": 4,
"rx_chain": 4
},
"band_5": {
"channel": 0,
"bandwidth": 40,
"power": 0,
"dynamic_chaining_enabled": false,
"tx_chain": 1,
"rx_chain": 4
},
"band_6": {
"channel": 0,
"bandwidth": 40,
"power": 0,
"tx_chain": 1,
"rx_chain": 4
},
"scanning_enabled": true
},
"ip_config": {
"type": "static",
"ip": "10.2.1.1",
"netmask": "255.255.255.0",
"gateway": "10.2.1.254",
"dns": [ "8.8.8.8", "4.4.4.4" ],
"dns_suffix": [ ".mist.local", ".mist.com" ]
},
"ble_config": {
"power_mode": "custom",
"power": 10,
"beacon_rate_model": "custom",
"beacon_rate": 3,
"beam_disabled": [ 1, 3, 6 ]
},
"led": {
"enabled": true,
"brightness": 255
},
# current stat
"status": "connected",
"version": "1.0.0",
"ip": "10.2.9.159", // first IP
"ext_ip": "73.92.124.103",
"num_clients": 10,
"num_wlans": 2,
"uptime": 13500,
"tx_bps": 634301,
"rx_bps": 60003,
"tx_bytes": 211217389682,
"tx_pkts": 812204062,
"rx_bytes": 8515104416,
"rx_pkts": 57770567,
"locating": false,
"radio_stat": {
"band_24": {
"mac": "5c5b350004a0"
"channel": 6,
"bandwidth": 20,
"power": 19,
"num_wlans": 1,
"num_clients": 6,
"tx_bytes": 211166512114,
"tx_pkts": 812058566,
"rx_bytes": 8504737800,
"rx_pkts": 57731964
},
"band_5": {
"mac": "5c5b350004b0"
"channel": 44,
"bandwidth": 80,
"power": 15,
"num_wlans": 1,
"num_clients": 4,
"tx_bytes": 50877568,
"tx_pkts": 145496,
"rx_bytes": 10366616,
"rx_pkts": 38603
}
},
"port_stat": {
"eth0": {
"up": true,
"speed": 1000,
"full_duplex": true,
"tx_bytes": 2056,
"tx_pkts": 670,
"rx_bytes": 2056,
"rx_pkts": 670,
"rx_errors": 0,
},
"eth1": {
"up": false
},
"module": {
"up": false
}
},
"ip_stat": {
"ip": "10.2.1.1",
"netmask": "255.255.255.0",
"gateway": "10.2.1.254",
"ip6": "2607:f8b0:4005:808::2004",
"netmask6": "/32",
"gateway6": "2607:f8b0:4005:808::1",
"dns": [ "8.8.8.8", "4.4.4.4" ],
"dns_suffix": [ ".mist.local", ".mist.com" ],
"ips": {
"vlan1": "10.2.1.1/24,2607:f8b0:4005:808::1/32",
"vlan193": "10.73.1.31/16",
"vlan3157": "10.72.11.14/24"
}
},
"ble_stat": {
"power": 10,
"beacon_rate": 3,
"uuid": "ada72f8f-1643-e5c6-94db-f2a5636f1a64",
"major": 12345,
"minors": [ 201, 202, 203, 204, 205, 206, 207, 208 ],
"tx_pkts": 135135135,
"tx_bytes": 5231513353,
"tx_resets": 0,
"rx_pkts": 135,
"rx_bytes": 135,
"ibeacon_enabled": true,
"ibeacon_uuid": "f3f17139-704a-f03a-2786-0400279e37c3",
"ibeacon_major": 13,
"ibeacon_minor": 138,
"eddystone_uid_enabled": false,
"eddystone_uid_namespace": "2818e3868dec25629ede",
"eddystone_uid_instance": "5c5b35000001",
"eddystone_uid_freq_msec": 200,
"eddystone_url_enabled": true,
"eddystone_url_url": "https://www.abc.com",
"eddystone_url_freq_msec": 100
},
"l2tp_stat": {
"7dae216d-7c98-a51b-e068-dd7d477b7216": {
"wxtunnel_id": "7dae216d-7c98-a51b-e068-dd7d477b7216",
"state": "established_with_sessions",
"uptime": 135,
"sessions: [
{
"remote_id": "vpn1",
"state": "established",
"remote_sid": 13,
"local_sid": 31
}
]
}
},
"lldp_stat": {
"system_name": "TC2-OWL-Stack-01",
"system_desc": "HP J9729A 2920-48G-POE+ Switch",
"mgmt_addr": "10.1.5.2",
"mgmt_addrs": ["10.1.5.2", "2002:A01:203:0:0:0:0:0"],
"lldp_med_supported": false,
"port_desc": "2/26",
"port_id": "port1",
"chassis_id": "63:68:61:73:73:69",
"lldp_med_supported": false,
"power_request_count": 3,
"power_allocated": 15500,
"power_requested": 25500,
"power_draw": 15000
},
"lldp_stats": {
"eth0": {
"system_name": "TC2-OWL-Stack-01",
"system_desc": "HP J9729A 2920-48G-POE+ Switch",
"mgmt_addr": "10.1.5.2",
"mgmt_addrs": ["10.1.5.2", "2002:A01:203:0:0:0:0:0"],
"lldp_med_supported": false,
"port_desc": "2/26",
"port_id": "port1",
"chassis_id": "63:68:61:73:73:69",
"lldp_med_supported": false,
"power_request_count": 3,
"power_allocated": 15500,
"power_requested": 25500,
"power_draw": 15000
},
"eth1": {
"system_name": "TC2-OWL-Stack-02",
"system_desc": "HP J9728A 2920-24G-POE+ Switch",
"mgmt_addr": "10.1.5.3",
"mgmt_addrs": ["10.1.5.3"],
"lldp_med_supported": true,
"port_desc": "1/12",
"port_id": "port2",
"chassis_id": "chassis2",
"power_request_count": 2,
"power_allocated": 15400,
"power_draw": 14000,
"power_requested": 15400
}
},
"power_src": "PoE 802.3at",
"power_srcs": ["PoE 802.3at", "PoE 802.3af"],
"power_budget": -12000,
"power_constrained": true,
"power_opmode": "[20] 6GHz(2x2) 5GHz(4x4) 2.4GHz(2x2).",
"switch_redundancy": {
"num_redundant_aps": 1,
},
"ant_mode": "external", // if AP supported
// IoT stats
"iot_stat": {
"DI2": {
"value": 0
}
},
// Environment stats
"env_stat": {
"cpu_temp": 51,
"ambient_temp": 39,
"humidity": 11,
"attitude": 0,
"pressure": 1015
"accel_x": -0.012,
"accel_y": 0.004,
"accel_z": -1.012,
"magne_x": 0.0,
"magne_y": 1.3,
"magne_z": 0.0,
"vcore_voltage": 0
},
"mount": 'faceup',
// ESL Stats
"esl_stat": {
"up": true,
"type": "imagotag", // if up
// following are type-dependent
"connected": true,
"channel": 3,
},
// for a base AP
"mesh_downlinks": {
"00000000-0000-0000-1000-5c5b356be59f": {
"site_id": "0e525da3-6033-428c-9a51-9f652f643baf",
"band": "24",
"proto": "a",
"channel": 7,
"last_seen": 1470417522,
"idle_time": 3,
"rssi": -65,
"snr": 31,
"tx_rate": 65,
"rx_rate": 65,
"tx_bytes": 175132,
"tx_bps": 6,
"tx_packets": 1566,
"tx_retries": 500,
"rx_bytes": 217416,
"rx_bps": 12,
"rx_packets": 2337,
"rx_retries": 5
}
},
// for a remote/relay AP
"mesh_uplink": {
"uplink_ap_id": "00000000-0000-0000-1000-5c5b35000010",
"uplink_site_id": "1916d52a-4a90-11e5-8b45-1258369c38a9",
"band": "24",
"proto": "a",
"channel": 7,
"last_seen": 1470417522,
"idle_time": 3,
"rssi": -65,
"snr": 31,
"tx_rate": 65,
"rx_rate": 65,
"tx_bytes": 175132,
"tx_bps": 6,
"tx_packets": 1566,
"tx_retries": 500,
"rx_bytes": 217416,
"rx_bps": 12,
"rx_packets": 2337,
"rx_retries": 5
},
"fwupdate": {
"timestamp": 1428949501,
"status": "inprogress",
"status_id": 5,
"progress": 10
},
"last_trouble": {
"code": "03",
"timestamp": 1428949501
},
// if RADSec is enabled, device certs will be automatically generated and managed
// with the expiration time exposed
"cert_expiry": 1534534392
"expiring_certs": {
"483412046338348876283259475264040058183366677871": 1534534392, // serial_number -> expiry timestamp
"375895068012951219417723061830777179121567314483": 1535534392
},
"locked": false,
"auto_placement": {
"x": 53.5,
"y": 173.1,
"x_m": 5.35,
"y_m": 17.31,
"status": "localized",
"status_detail": "localized",
"recommended_anchor": false,
"info": {
"cluster_number": 0,
"orientation_state": 0,
"probability_surface": {
"radius": 2.1,
"x": 5.65,
"y": 17.10
}
},
"_id": "5c5b35000010"
},
"gps_stat": {
"altitude": 99.939,
"latitude": 37.29548,
"longitude": -122.03304,
"src": "gps",
"timestamp": 1428949501,
"accuracy": 12.5
}
}
]
{
"mac": "dc38e1dbf3cd",
"model": "EX4600",
"type": "switch",
"serial": "TC3714190003",
"last_seen": 1553203563,
# configurations
"name": "xg50b", // configured
# current stat
"hostname": "sj-sw1", //reported
"status": "connected",
"version": "18.4R1.8",
"ip": "10.2.11.137", // first IP
"uptime": 13500,
"ip_stat": {
"ip": "10.2.11.137",
"netmask": "255.255.192.0",
"gateway": "10.2.1.1",
"ip6": "2607:f8b0:4005:808::2004",
"netmask6": "/32",
"gateway6": "2607:f8b0:4005:808::1",
"dns": [ "8.8.8.8", "4.4.4.4" ],
"dns_suffix": [ ".mist.local", ".mist.com" ],
"ips": {
"vlan1": "10.2.1.1/24,2607:f8b0:4005:808::1/32",
"vlan193": "10.73.1.31/16",
"vlan3157": "10.72.11.14/24"
}
},
"cpu_stat": {
"interrupt": 8,
"idle": 28,
"user": 23,
"system": 41,
"load_avg": [
0.9700000286102295,
1.0499999523162842,
1.0199999809265137
],
},
"memory_stat": {
"usage": 35
},
"if_stat": {
"ge-0/0/9.0": {
"tx_pkts": 3625,
"rx_pkts": 3630,
"rx_bytes": 1255980,
"port_id": "ge-0/0/9",
"up": true,
"tx_bytes": 1511602
},
"irb.125": {
"tx_pkts": 10971,
"vlan": 125,
"rx_pkts": 8683,
"rx_bytes": 695212,
"port_id": "irb",
"up": false,
"ips": [
"80.80.80.1/24"
],
"tx_bytes": 1061466
},
"me0.0": {
"tx_pkts": 939805,
"rx_pkts": 720490,
"rx_bytes": 75544938,
"port_id": "me0",
"up": true,
"ips": [
"60.60.60.5/24"
],
"tx_bytes": 248394725
}
},
"module_stat": [
{
"vc_role": "master",
"model": "EX4300-48P",
"serial": "PX8716230021",
"fans": [
{
"name": "Fan 0"
"status": "absent",
},
{
"name": "Fan 1"
"airflow": "out",
"status": "ok"
}
],
"temperatures": [
{
"name": "CPU",
"status": "ok",
"celsius": 45.0
}
],
"psus": [
{
"name": "Power Supply 0",
"status": "ok"
},
{
"name": "Power Supply 1",
"status": "failed"
}
],
"poe": {
"max_power": 250.0,
"power_draw": 120.3
},
"vc_links": [
{
"port_id": "vcp-255/1/0",
"neighbor_module_idx": 1,
"neighbor_port_id": "vcp-255/1/0"
}
],
"pics": [
{
"idx": 0,
"port_groups": [
{
"type": "sfp+", "count": 12
}
]
}
]
}
],
"clients": [
{
"port_id": "eth-0/0/0,ge-0/0/1",
"mac": "b0c4e7001544",
"hostname": "test-sw1",
"device_mac": "dc38e1dbf3cd",
}
],
"num_clients": {
"total": {
"num_clients": 5,
"num_aps": 3,
},
"0": {
"num_clients": 2,
"num_aps": 1,
}
},
"last_trouble": {
"code": "110",
"timestamp": 1666258858685
},
"has_pcap": true
}
{
"mac": "dc38e1dbf3cd",
"model": "SRX320",
"type": "gateway",
"serial": "TC3714190003",
"last_seen": 1553203563,
# configurations
"name": "sj1", // configured
# current stat
"hostname": "sj1", // reported
"status": "connected",
"version": "18.4R1.8",
"ip": "10.2.11.137", // first IP
"uptime": 13500,
"ip_stat": {
"ip": "10.2.11.137",
"netmask": "255.255.192.0",
"gateway": "10.2.1.1",
"ip6": "2607:f8b0:4005:808::2004",
"netmask6": "/32",
"gateway6": "2607:f8b0:4005:808::1",
"dns": [ "8.8.8.8", "4.4.4.4" ],
"dns_suffix": [ ".mist.local", ".mist.com" ],
"ips": {
"vlan1": "10.2.1.1/24,2607:f8b0:4005:808::1/32",
"vlan193": "10.73.1.31/16",
"vlan3157": "10.72.11.14/24"
}
},
"dhcpd_stat": {
"LAN-network-name-here": {
"num_ips": 100,
"num_leased": 20
}
},
"cpu_stat": {
"interrupt": 8,
"idle": 28,
"user": 23,
"system": 41,
"load_avg": [
0.9700000286102295,
1.0499999523162842,
1.0199999809265137
],
},
"memory_stat": {
"usage": 35
},
// for a Gateway, the SPU (Services Processing Unit) stats
"spu_stat": {
"cpu": 15,
"memory": 32,
"sessions": {
"current": 41,
"valid": 15,
"pending": 12,
"max": 65535
}
},
"module_stat": [
{
"vc_role": "master",
"model": "EX4300-48P",
"serial": "PX8716230021",
"fans": [
{
"name": "Fan 0"
"status": "absent",
},
{
"name": "Fan 1"
"airflow": "out",
"status": "ok"
}
],
"temperatures": [
{
"name": "CPU",
"status": "ok",
"celsius": 45.0
}
],
"psus": [
{
"name": "Power Supply 0",
"status": "ok"
},
{
"name": "Power Supply 1",
"status": "failed"
}
],
"poe": {
"max_power": 250.0,
"power_draw": 120.3
},
"vc_links": [
{
"port_id": "vcp-255/1/0",
"neighbor_module_idx": 1,
"neighbor_port_id": "vcp-255/1/0"
}
],
// `errors` array in `module{,2}_stat` is used to report all error states the device node is running into
"errors": [
// An error should always have `type` and `since` fields, and could have some other fields specific to that type.
// FW_UPGRADE_REQUIRED_BY_FEATURE error: generated when SSR is running an non-compliance firmware version.
{
"type": "FW_UPGRADE_REQUIRED_BY_FEATURE",
"since": 1657497600,
"feature": "Mist-Management",
"minimum_version": "128T-6.0.0-1"
},
// INACTIVE error: generated when SSR 128T service is stopped
{
"type": "INACTIVE",
"since": 1657497600
},
// HA_FW_MISMATCH error: generated when SSR cluster node firmware versions do not match
{
"type": "HA_FW_MISMATCH",
"since": 1658244424
},
// HA_FORMATION_FAILED / HA_DISSOLUTION_FAILED error: generated when HA formation / dissolution failed
{
"type": "HA_FORMATION_FAILED", // HA_FORMATION_FAILED or HA_DISSOLUTION_FAILED
"since": 1658277429,
"reason": "config invalid"
},
// HA_DOWN error: generated when HA formed but not working properly
{
"type": "HA_DOWN",
"since": 1658277429
},
// CONFIG_OUT_OF_SYNC / CONFIG_REVERTED error: generated when config out-of-sync / reverted is detected
{
"type": "CONFIG_OUT_OF_SYNC", // CONFIG_OUT_OF_SYNC or CONFIG_REVERTED
"since": 1684825000.123456
},
// UNABLE_TO_CONNECT_TO_LOG_SERVER error: generated when srx device not connected with Mist srx-log-term service
{
"type": "UNABLE_TO_CONNECT_TO_LOG_SERVER",
"since": 1709203262
},
// REBOOT_REQUIRED error: generated when some config change requires SSR device to be rebooted
{
"type": "REBOOT_REQUIRED",
"since": 1720403426
}
]
}
],
// for HA, all above stats are for node0
// node1 stats are expressed in
"ip2_stat": ...
"dhcpd2_stat": ...
"cpu2_stat": ...
"memory2_stat": ...
"spu2_stat": ...
"module2_stat": ...
"cluster_stat": {
"
"node0": {
"status": "
},
"node1": {
...
}
},
// redundancy
"ap_redundancy": {
"num_aps": 15,
"num_aps_with_switch_redundancy": 8,
# for a VC / stacked switches
"modules": {
"1": {
"num_aps": 15,
"num_aps_with_switch_redundancy": 8
},
...
}
}
}
Also see Device Config
| Name | Type | Description |
|---|---|---|
mac |
string |
device mac |
model |
string |
device model |
type |
string |
device type, ap / ble |
serial |
string |
serial |
version |
string |
firmware version |
last_seen |
long |
last seen timestamp |
name |
string |
device name if configured |
hostname |
string |
hostname reported by the device |
ip |
string |
IP address |
ext_ip |
string |
External / Public IP |
status |
string |
connected / disconnected / restarting / upgrading |
uptime |
long |
how long, in seconds, has the device been up (or rebooted) |
num_clients |
int |
how many wireless clients are currently connected |
num_wlans |
int |
how many WLANs are applied to the device |
tx_bps |
float |
rate of transmitting traffic to the clients, bits/seconds, last known |
rx_bps |
float |
rate of receiving traffic from the clients, bits/seconds, last known |
tx_bytes |
float |
amount of transmitting traffic to the clients, since reboot |
rx_bytes |
float |
amount of receiving traffic from the clients, since reboot |
tx_pkts |
float |
amount of transmitting traffic to the clients, since reboot |
rx_pkts |
float |
amount of receiving traffic from the clients, since reboot |
locating |
boolean |
whether the device is in locating mode (LED blinking) |
ip_config |
object |
IP config, see Device Config |
ip_stat |
object |
current IP information, see Device Config |
module_stat |
array |
device chassis stats, member index == array index (e.g. member 0 is at index 0) |
if_stat |
object |
a map of interface stats |
memory_stat |
object |
memory usage stat (for virtual chassis, memory usage of master RE) |
cpu_stat |
object |
a map of CPU usage stat |
module_stat.vc_role |
string |
device chassis stack role (e.g. master/backup) |
ips |
object |
all IPs the devices has, internal interface name -> CIDR mapping |
radio_config |
object |
a map of radio config, see Device Config |
led |
object |
device LED control, see Device Config |
env_stat |
object |
device environment, including CPU temperature, Ambient temperature, Humidity, Attitude, Pressure, Accelerometers, Magnetometers and vCore Voltage |
locked |
boolean |
whether this AP is considered locked (placement / orientation has been vetted) |
last_trouble |
object |
last trouble code of switch |
auto_placement |
object |
auto placement stats |
gps_stat |
object |
gps stats |
has_pcap |
boolean |
whether the switch supports packet capture |
expiring_certs |
object |
a map of certificate serial numbers to their expiry timestamps (in epoch) for certificates expiring within 30 days |
ant_mode |
string |
internal / external antenna for AP which supports selectable antennas |
| Name | Type | Description |
|---|---|---|
radio_stat |
object |
a map of radio stats, key can be band_24 / band_5 |
band_24 |
object |
radio stat of 2.4G radio |
band_5 |
object |
radio stat of 5G radio |
band_6 |
object |
radio stat of 6G radio |
mac |
string |
radio (base) mac, it can have 16 bssids (e.g. 5c5b350001a0-5c5b350001af) |
channel |
int |
current channel the radio is running on |
bandwidth |
int |
current channel bandwidth, 20 / 40 / 80 / 160 |
power |
int |
transmit power (in dBm) |
util_all |
int |
all utilization in percentage |
util_tx |
int |
transmission utilization in percentage |
util_rx_in_bss |
int |
reception of “In BSS” utilization in percentage, only frames that are received from AP/STAs within the BSS |
util_rx_other_bss |
int |
reception of “Other BSS” utilization in percentage, all frames received from AP/STAs that are outside the BSS |
util_unknown_wifi |
int |
reception of “No Category” utilization in percentage, all 802.11 frames that are corrupted at the receiver |
util_non_wifi |
int |
reception of “No Packets” utilization in percentage, received frames with invalid PLCPs and CRC glitches as noise |
util_undecodable_wifi |
int |
reception of “UnDecodable Wifi” utilization in percentage, only Preamble, PLCP header is decoded, Rest is undecodable in this radio |
dynamic_chaining_enabled |
boolean |
Use dynamic chaining for downlink |
tx_chain |
int |
number of chains to use for tx. This is only used when dynamic chaining is not enabled |
rx_chain |
int |
number of chains to use for rx. This is only used when dynamic chaining is not enabled |
num_wlans |
int |
how many WLANs are applied to the device |
| Name | Type | Description |
|---|---|---|
port_stat |
objects |
ports status |
eth0 |
object |
port status of eth0 (eth0+PoE) |
eth1 |
object |
port status of eth1 |
eth2 |
object |
port status of eth2 |
eth3 |
object |
port status of eth3 |
module |
object |
port status of module port |
up |
boolean |
whether the port is up, default is false (down) |
speed |
int |
10 / 100 / 1000 / 2500, Mbps (mega bits per second) |
full_duplex |
boolean |
true / false |
port_stat: different type/model of devices may have different number of ports| Name | Type | Description |
|---|---|---|
l2tp_stat |
objects |
l2tp tunnel status (key is the wxtunnel_id) |
wxtunnel_id |
string |
WxlanTunnel ID |
state |
string |
idle / wait-ctrl-reply / wait-ctrl-conn / established / established_with_sessions |
uptime |
int |
uptime |
sessions |
list |
list of sessions |
remote_id |
string |
WxlanTunnel Remote ID (user-configured) |
remote_sid |
int |
remote sessions id (dynamically unless Tunnel is said to be static) |
local_sid |
int |
remote sessions id (dynamically unless Tunnel is said to be static) |
| Name | Type | Description |
|---|---|---|
lldp_stat |
object |
LLDP neighbor information and power negotiations. For backward compatibility, when multiple neighbors exist, only information from the first neighbor is displayed. |
lldp_stats |
object |
Map of ethernet ports (“eth0”, “eth1”, etc.) to their respective LLDP neighbor information and power negotiations. Only present when multiple neighbors exist. |
system_name |
string |
Name of the switch, e.g. “TC2-OWL-Stack-01” |
system_desc |
string |
Description provided by switch, e.g. “HP J9729A 2920-48G-POE+ Switch” |
mgmt_addr |
string |
Management IP address of the switch |
mgmt_addrs |
string[] |
List of management IP addresses (IPv4 and IPv6) |
port_desc |
string |
Port description, e.g. “2/20”, “Port 2 on Switch0” |
port_id |
string |
Port identifier |
chassis_id |
string |
Chassis identifier |
lldp_med_supported |
boolean |
Whether LLDP-MED is supported |
power_request_count |
int |
Number of power negotiations |
power_allocated |
int |
In mW, power allocated by PSE |
power_requested |
int |
In mW, power requested by PD |
power_draw |
int |
In mW, total power needed by PD |
power_src |
string |
Single power source (DC Input / PoE 802.3at / PoE 802.3af / PoE 802.3bt / MULTI-PD / LLDP / ? (unknown)). |
power_srcs |
string |
A list of multiple power sources. (DC Input / PoE 802.3at / PoE 802.3af / PoE 802.3bt / MULTI-PD / LLDP / ? (unknown) / NONE (no power on the port)) |
power_avail |
`int | In mW, total Power Avail at AP from pwr source |
pwr_needed |
int |
In mW, total Power needed incl Peripherals |
power_budget |
int |
In mW, surplus if positive or deficit if negative |
power_constrained |
boolean |
Whether power is insufficient |
power_opmode |
string |
Constrained mode |
| Name | Type | Description |
|---|---|---|
ble_stat |
objects |
BLE stats |
tx_pkts |
float |
TxBytes |
tx_bytes |
float |
TxCommands |
tx_resets |
float |
resets due to tx hung |
rx_pkts |
float |
RxEvents |
rx_bytes |
float |
RxBytes |
ibeacon_enabled |
boolean |
Whether iBeacon is Enabled |
ibeacon_uuid |
string |
UUID value for iBeacon |
ibeacon_major |
int |
Major number for iBeacon |
ibeacon_minor |
int |
Minor number for iBeacon |
eddystone_uid_enabled |
boolean |
Whether Eddystone-UID beacon is enabled |
eddystone_uid_namespace |
string |
Eddystone-UID namespace |
eddystone_uid_instance |
string |
Eddystone-UID instance for the device |
eddystone_uid_freq_msec |
int |
Frequency (msec) of data emmit by Eddystone-UID beacon |
eddystone_url_enabled |
boolean |
Whether Eddystone-URL beacon is enabled |
eddystone_url_url |
string |
URL pointed by Eddystone-URL beacon |
eddystone_url_freq_msec |
int |
Frequency (msec) of data emmit by Eddystone-UID beacon |
| Name | Type | Description |
|---|---|---|
fwupdate |
object |
last firmware update status |
timestamp |
float |
timestamp |
status |
string |
starting / inprogress / success / error |
status_id |
int |
the internal status id |
progress |
int |
progress of upgrading expressed in percentage |
| Name | Type | Description |
|---|---|---|
port_id |
string |
interface name |
tx_pkts |
int |
Output packets |
rx_pkts |
int |
Input packets |
tx_bytes |
int |
Output bytes |
rx_bytes |
int |
Input bytes |
up |
boolean |
whether the port is up, default is false (down) |
| Name | Type | Description |
|---|---|---|
system |
int |
Percentage of CPU time being used by system processes |
idle |
int |
Percentage of CPU time that is idle |
interrupt |
int |
Percentage of CPU time being used by interrupts |
user |
int |
Percentage of CPU time being used by user processes |
load_avg |
array |
Load averages for the last 1, 5, and 15 minutes |
| Name | Type | Description |
|---|---|---|
code |
enum |
last trouble code of the switch reported by lldp neighbors |
timestamp |
long |
timestamp of last trouble code reported |
| Code | Description |
|---|---|
102 |
No DHCP lease received on any interface |
103 |
No default gateway |
104 |
Gateway unreachable |
105 |
No DNS server |
106 |
DNS lookup failed |
108 |
Agent cannot connect to controller |
109 |
Authentication failed |
110 |
Underlying service (i.e. Netconf/SSH/HTTPS) is down |
113 |
DNS failure with Mist cloud |
114 |
Empty DNS response with Mist cloud |
| Name | Type | Description |
|---|---|---|
x |
float |
X Autoplaced Position in pixels |
y |
float |
Y Autoplaced Position in pixels |
x_m |
float |
X Autoplaced Position in meters |
y_m |
float |
Y Autoplaced Position in meters |
status |
string |
Basic Placement Status |
status_detail |
string |
Additional info about placement status |
recommended_anchor |
boolean |
Flag to represent if AP is recommended as an anchor by auto placement service |
info |
object |
Additional information about auto placements AP data |
| Name | Type | Description |
|---|---|---|
cluster_number |
int |
All APs sharing a given cluster number can be placed relative to each other |
orientation_state |
int |
The orientation of an AP |
probability_surface |
object |
Coordinates representing a circle where the AP is most likely exists in the event of an inaccurate placement result |
| Name | Type | Description |
|---|---|---|
radius |
float |
The radius representing placement uncertainty, measured in pixels |
radius_m |
float |
The radius representing placement uncertainty, measured in meters |
x |
float |
X-coordinate of the potential placement’s center, measured in pixels |
y |
float |
Y-coordinate of the potential placement’s center, measured in pixels |
| Name | Type | Description |
|---|---|---|
altitude |
float |
The elevation of the AP above sea level, measured in meters. |
latitude |
float |
The geographic latitude of the AP, measured in degrees. |
longitude |
float |
The geographic longitude of the AP, measured in degrees. |
src |
string |
The origin of the GPS data, either gps from this device’s GPS estimates or other_ap from neighboring device GPS estimates. |
timestamp |
long |
The unix timestamp when the GPS data was recorded. |
accuracy |
float |
The estimated accuracy or accuracy of the GPS coordinates, measured in meters. |
Attributes are similar to a client Name|Type| Description ----|----|------------
mesh_downlinks|object| mesh downlinks established
POST /api/v1/sites/:site_id/devices/import
A multi-part POST
"file": CSV File
mac,name,map_id,x,y,height,orientation,labels,band_24.power,band_24.bandwidth,band_24.channel,band_24.disabled,band_5.power,band_5.bandwidth,band_5.channel,band_5.disabled,band_6.power,band_6.bandwidth,band_6.channel,band_6.disabled
5c5b53010101,"AP 1",845a23bf-bed9-e43c-4c86-6fa474be7ae5,30,10,2.3,45,"guest, campus, vip",1,20,0,false,0,40,0,false,17,80,0,false
| Name | Type | Description |
|---|---|---|
mac |
string |
device mac |
name |
string |
name / label of the device |
map_id |
string |
map where the device belongs to |
x |
float |
x in pixel |
y |
float |
y in pixel |
orientation |
int |
orientation, 0-359, in degrees, up is 0, right is 90. |
height |
float |
height, in meters |
labels |
list |
list of comma-separated strings |
band_24.power |
int |
band 2.4G power |
band_24.bandwidth |
int |
band 2.4G bandwidth |
band_24.channel |
int |
band 2.4G channel |
band_24.disabled |
boolean |
if band 2.4G is disabled |
band_5.power |
int |
band 5G power |
band_5.bandwidth |
int |
band 5G bandwidth |
band_5.channel |
int |
band 5G channel |
band_5.disabled |
boolean |
if band 5G is disabled |
band_6.power |
int |
band 6G power |
band_6.bandwidth |
int |
band 6G bandwidth |
band_6.channel |
int |
band 6G channel |
band_6.disabled |
boolean |
if band 6G is disabled |
Alternatively, you can POST it via a equivalent JSON
[
{
"mac": "5c5b53010101",
"name": "AP 1",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"x": 30,
"y": 10,
"height": 2,3,
"orientation": 45,
"labels": "guest, campus, vip"
},
...
]
{
"updated": [ "5c5b53010101" ],
"errors": [
"Device[2c47d2c7b2a2] does not exist",
"Map[845a23bf-bed9-e43c-4c86-6fa474be7ae5] does not exist"
]
}
To download the exported device information
GET /api/v1/sites/:site_id/devices/export
mac,name,map_id,x,y,height,orientation,labels,type
5c5b53010101,"AP 1",845a23bf-bed9-e43c-4c86-6fa474be7ae5,30,10,2.3,45,"guest, campus, vip","ap"
GET /api/v1/sites/:site_id/stats/devices/:device_id
| Name | Type | Description |
|---|---|---|
fields |
list |
list of comma-separated strings. E.g.: ports,tunnels,vpn_peers,bgp_peers |
{
# This object is like object returned by `GET /api/v1/sites/:site_id/stats/devices` array,
# but can also include the following optional fields if specified in the `fields` parameter.
# `ports` -- only present when included in `fields` parameter
# `ports` is like `port_stat` but is an array.
# This array can be converted to a dict using (port_id, node) as key.
"ports": [
// Each port object is same as `GET /api/v1/sites/:site_id/stats/ports/search` result object,
// except that org_id, site_id, mac, model are removed
{
"port_id": "ge-0/0/1",
"node": "node0", // Absent if this device is standalone
.
.
.
}
],
# `tunnels` -- only present when included in `fields` parameter
"tunnels": [
// Each port object is same as `GET /api/v1/orgs/:org_id/stats/tunnels/search` result object,
// except that org_id, site_id, mac, model are removed
{
"node": "node0",
"tunnel_name": "SECHub1",
"protocol": "ipsec",
"ike_version": "2",
"auth_algo": "AES_GCM_16_128-HMAC_SHA2_256-MODP2048",
"priority": "primary",
"wan_name": ...,
"ip": ...,
"peer_ip": ...,
"peer_host": ...,
"rx_bytes": ...,
"tx_bytes": ...,
"rx_pkts": ...,
"tx_pkts": ...,
"up": false,
"uptime": 0,
"last_event": "No response from peer. Negotiation failed",
"last_seen":1723072157.123456
}
],
# `vpn_peers` -- only present when included in `fields` parameter
"vpn_peers": [
// Each port object is same as `GET /api/v1/orgs/:org_id/stats/vpn_peers/search` result object,
// except that org_id, site_id, mac, model are removed
{
"node": "node0"
"vpn_name": ...,
"type": "svr",
"vpn_role": "spoke",
"router_name": ...,
"wan_name": ...,
"port_id": ...,
"network_interface": ...,
"peer_mac": ...,
"peer_router_name": ...,
"peer_site_id": ...,
"peer_port_id": ...,
"latency": 6.0,
"mos": 440.0,
"loss": 0.0,
"jitter": 0.0,
"mtu": 1500,
"is_active": true,
"up": true,
"uptime": 61975,
"last_seen": 1723072157.123456
}
],
# `bgp_peers` -- only present when included in `fields` parameter
"bgp_peers": [
// Each port object is same as `GET /api/v1/sites/:site_id/stats/bgp_peers/search` result object,
// except that org_id, site_id, mac, model are removed
{
"node": "node0",
"neighbor_as": 65010,
"local_as": 65012,
"evpn_overlay": false,
"evpn_underlay": true,
"vrf_name": "default",
"neighbor": ...,
"neighbor_mac": ...,
"state": "established",
"rx_pkts": 2363,
"tx_pkts": 2350,
"rx_routes": 9,
"tx_routes": 3,
"up": true,
"uptime": 63908,
"timestamp": 1723072157.290559
}
],
}
GET /api/v1/sites/:site_id/stats/clients
GET /api/v1/sites/:site_id/stats/maps/:map_id/clients
GET /api/v1/sites/:site_id/stats/devices/:device_id/clients
[
{
"mac": "5684dae9ac8b",
"last_seen": 1470417522,
"username": "david@mist.com",
"hostname": "David-Macbook",
"os": "OS X 10.10.2",
"manufacture": "Apple",
"family": "iPhone",
"model": "6S",
"ip": "192.168.1.8",
"ip6": "2001:db8:3333:4444:5555:6666:7777:8888",
"ap_mac": "5c5b35000010",
"ap_id": "0000000-0000-0000-1000-5c5b35000010",
"ssid": "corporate",
"wlan_id": "be22bba7-8e22-e1cf-5185-b880816fe2cf",
"psk_id": "732daf4e-f51e-8bba-06f9-b25cd0e779ea",
"uptime": 3568,
"idle_time": 3,
"power_saving": true,
"band": "24",
"proto": "a",
"key_mgmt": "WPA2-PSK/CCMP",
"dual_band": false,
"channel": 7,
"vlan_id": "",
"airespace_ifname": "",
"rssi": -65,
"snr": 31,
"tx_rate": 65,
"rx_rate": 65,
"tx_bytes": 175132,
"tx_bps": 6,
"tx_packets": 1566,
"tx_retries": 500,
"rx_bytes": 217416,
"rx_bps": 12,
"rx_packets": 2337,
"rx_retries": 5,
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"x": 53.5,
"y": 173.1,
"x_m": 5.35
"y": 17.31
"num_locating_aps": 3,
"is_guest": true,
"guest": {
"authorized": True,
"authorized_time": 1428939300,
"authorized_expiring_time": 1429109300
"name": "John",
"email": "john@abc.com",
"company": "ABC",
"field1": "whatever",
"cross_site": True
},
"airwatch": {
"authorized": True
},
"_ttl": 250
}
]
| Name | Type | Description |
|---|---|---|
mac |
string |
client mac |
hostname |
string |
hostname that we learned from sniffing DHCP |
username |
string |
username that we learned from 802.1X exchange or Per-user PSK or User Portal |
manufacture |
string |
device manufacture, through fingerprinting or OUI |
os |
string |
device os, through fingerprinting |
family |
string |
device family, through fingerprinting. iPod / Nexus Galaxy / Windows Mobile or CE … |
model |
string |
device model, may be available if we can identify them |
ap_mac |
string |
AP the client is connected to |
ap_id |
string |
AP ID the client is connected to |
ssid |
string |
SSID the client is connected to |
wlan_id |
string |
WLAN ID the client is connected to |
psk_id |
string |
PSK id (if multi-psk is used) |
uptime |
long |
how long, in seconds, has the client been connected |
idle_time |
long |
how long, in seconds, has the client been idle (since the last RX packet) |
last_seen |
long |
last seen timestamp |
power_saving |
boolean |
if it’s currently in power-save mode |
band |
string |
“24” or “5” |
proto |
string |
b / g / n / a / ac |
key_mgmt |
string |
e.g. WPA2-PSK/CCMP |
dual_band |
boolean |
whether the client is dual-band capable (determined by whether we’ve seen probe requests from both bands) |
channel |
int |
current channel |
vlan_id |
string |
vlan id, could be empty (from older AP) |
rssi |
int |
signal strength |
snr |
int |
signal over noise |
tx_rate |
float |
TX Rate, Mbps |
rx_rate |
float |
RX Rate, Mbps |
tx_bps |
float |
rate of transmitting traffic to the clients, bits/seconds, last known |
rx_bps |
float |
rate of receiving traffic from the clients, bits/seconds, last known |
tx_bytes |
float |
amount of traffic sent to client since client connects |
rx_bytes |
float |
amount of traffic received from client since client connects |
tx_pkts |
float |
amount of traffic sent to client since client connects |
rx_pkts |
float |
amount of traffic received from client since client connects |
tx_retries |
float |
amount of tx retries |
rx_retries |
float |
amount of rx retries |
map_id |
string |
estimated client location - map_id |
x |
int |
estimated client location in pixels |
y |
int |
estimated client location in pixels |
x_m |
int |
estimated client location in meter |
y_m |
int |
estimated client location in meter |
num_locating_aps |
int |
number of APs used to locate this client |
accuracy |
int |
estimated client location accuracy, in meter |
is_guest |
boolean |
whether this is a guest, default is false |
guest |
object |
information about this portal |
authorized |
boolean |
whether this guest is authorized, default is false |
authorized_time |
int |
when the guest is authorized |
authorized_expiring_time |
int |
when the guest authorization will expire |
cross_site |
boolean |
whether this guest is authorized for cross site, default is false |
airwatch |
object |
information if airwatch enabled |
_ttl |
int |
TTL of the validity of the stat |
GET /api/v1/sites/:site_id/stats/clients/:client_mac
{
...
// in addition to the same information as provided from GET /api/v1/sites/:site_id/stats/clients
// it also has
"zones": [
{
"id": "8ac84899-32db-6327-334c-9b6d58544cfe",
"since": 1428939600
}
],
"vbeacons": [
{
"id": "d379d29d-24b4-96c5-5dd4-6f2a2dc5aaeb",
"since": 1428939300
}
],
"rssizones": [
{
"id": "b49390de-f124-4854-9404-0e59d63e6b99",
"since": 1428939400
}
],
"wxrule_id": "ac3f89d3-15ad-685a-7c1e-cc5c5f1df07a",
"wxrule_usage" [
{
"tag_id": "dfc6d6e0-8411-45a9-833a-9cbf21a311b2",
"usage": 20
},
{
"tag_id": "00000000-0000-0000-0000-000000000000",
"usage": 4
}
]
}
| Name | Type | Description |
|---|---|---|
zones |
list |
list of zone_id’s where client is in and since when (if known) |
vbeacons |
list |
list of beacon_id’s where the client is in and since when (if known) |
rssizones |
list |
list of rssizone_id’s where client is in and since when (if known) |
wxrule_id |
string |
current WxlanRule using for a Client or an authorized Guest (portal user). null if default rule is matched. |
wxrule_usage |
list |
current WxlanRule usage per tag_id |
predictive |
object |
derived information from backend |
client_dl |
float |
estimated wireless client download throughput, in Mbps |
wan_dl |
float |
estimated WAN download throughput, in Mbps |
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/stats/clients"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/stats/clients",
"data": {
"mac": "5684dae9ac8b",
...
// same as above
}
}
GET /api/v1/sites/:site_id/stats/clients?wired=true
GET /api/v1/sites/:site_id/stats/clients/:mac?wired=true
GET /api/v1/sites/:site_id/stats/clients/:ap_id?wired=true
[
{
"mac": "e45f01319a43",
"site_id": "1916d52a-4a90-11e5-8b45-1258369c38a9",
"ap_id": "00000000-0000-0000-1000-d420b085fdff",
"rx_pkts": 0,
"tx_pkts": 0,
"rx_bytes": 0,
"tx_bytes": 0,
"eth_port": "eth1",
"auth_state": "authorizedForCompleteAccess",
"vlan_id": 70,
"last_seen": 1645060912.0751352,
"uptime": 8723766
"_ttl": 277,
"_id": "003ee1bec926"
}
]
| Name | Type | Description |
|---|---|---|
mac |
string |
client mac |
ap_id |
string |
AP ID the client is connected to |
last_seen |
long |
time when last Tx/Rx observed |
vlan_id |
string |
vlan id, could be empty (from older AP) |
tx_bytes |
float |
amount of traffic sent to client since client connects |
rx_bytes |
float |
amount of traffic received from client since client connects |
tx_pkts |
float |
amount of traffic sent to client since client connects |
rx_pkts |
float |
amount of traffic received from client since client connects |
_ttl |
int |
TTL of the validity of the stat |
auth_state |
string |
client authorization status |
uptime |
long |
how long, in seconds, has the client been connected |
eth_port |
string |
port on AP where the wired client is connected |
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/stats/maps/:map_id/clients"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/stats/maps/63eda950-c6da-11e4-a628-60f81dd250cc/clients",
"data": {
"mac": "5684dae9ac8b",
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"x": 53.5,
"y": 173.1,
"num_locating_aps": 3
}
}
This disconnect a client (and it’s likely to connect back)
POST /api/v1/sites/:site_id/clients/:client_mac/disconnect
Trigger a CoA (change of authorization) against a client
POST /api/v1/sites/:site_id/clients/:client_mac/coa
To unauthorize multiple clients, use
POST /api/v1/sites/:site_id/clients/disconnect
[
"683b679ac024",
...
]
This unauthorize a client (if it’s a guest) and disconnect it. From the guest’s perspective, s/he will see the splash page again and go through the flow (e.g. Terms of Use) again.
POST /api/v1/sites/:site_id/clients/:client_mac/unauthorize
To unauthorize multiple clients, use
POST /api/v1/sites/:site_id/clients/unauthorize
[
"683b679ac024",
...
]
GET /api/v1/sites/:site_id/clients/search?hostname=john&limit=10
| Name | Type | Description |
|---|---|---|
mac |
string |
partial / full MAC address |
hostname |
string |
partial / full hostname |
device |
string |
device type, e.g. Mac, Nvidia, iPhone |
os |
string |
os, e.g. Sierra, Yosemite, Windows 10 |
model |
string |
model, e.g. “MBP 15 late 2013”, 6, 6s, “8+ GSM” |
ap |
string |
AP mac where the client has connected to |
ssid |
string |
SSID |
text |
string |
partial / full MAC address, hostname, username, psk_name or ip |
psk_id |
string |
PSK ID |
psk_name |
string |
PSK name |
nacrule_id |
string |
nacrule_id |
NOTE: fuzzy logic can be used with ‘*’, supported filters: mac, hostname, device, os, model.
E.g. /clients/search?device=Mac*&hostname=jerry
{
"results": [
{
"hostname": [
"jerry"
],
"ap": [
"5c5b350e0492",
"5c5b350eb39d",
"5c5b350e03c0"
],
"ip": [
"192.168.5.43",
"192.168.20.125"
],
"vlan": [
1
],
"mac": "60f81dd250cc",
"device": [
"Mac"
],
"os": [
"Sierra",
"High Sierra"
],
"model": [
"",
"MBP 15\" late 2013"
],
"ssid": [
"Guest"
],
"psk_id": [
"9d31efe6-e205-47eb-9f1d-dd66d8ef66bd"
],
"psk_name": [
"test key"
],
}
...
]
}
GET /api/v1/sites/:site_id/clients/count?distinct=hostname
In addition to the filters that you can have in the search
| Name | Type | Description |
|---|---|---|
distinct |
string |
ssid, ap, ip, vlan, hostname, os, model, device, default is device |
NOTE: the filters from /clients/search can also be used. E.g. /clients/count?distinct=device&ssid=Guest
{
"start": 1511967600,
"end": 1513177200,
"limit": 10,
"distinct": "device",
"total": 2,
"results": [
{
"device": "Mac",
"count": 61
},
{
"device": "iPhone",
"count": 44
}
]
}
GET /api/v1/sites/:site_id/clients/events/search
| Name | Type | Description |
|---|---|---|
type |
string |
event type, e.g. MARVIS_EVENT_CLIENT_FBT_FAILURE |
reason_code |
int |
for assoc/disassoc events |
ssid |
string |
SSID |
ap |
string |
AP MAC |
proto |
string |
b / g / n / a / ac |
band |
string |
5 / 24 |
wlan_id |
string |
wlan_id |
{
"start": 1512572151,
"end": 1513176951,
"limit": 10,
"total": 1,
"results": [
{
"ap": "5c5b350eb31b",
"ssid": "Guest",
"bssid": "5c5b350918f1",
"proto": "ac",
"timestamp": 1513358874.667,
"band": "5",
"type_code": 15,
"type": "CLIENT_DNS_OK",
"text": "Status code 0 \"Successful\" ",
"channel": 149,
"wlan_id": "be22bba7-8e22-e1cf-5185-b880816fe2cf"
}
]
}
GET /api/v1/sites/:site_id/clients/events/count?distinct=type
| Name | Type | Description |
|---|---|---|
distinct |
string |
type / proto / band / channel / wlan_id / ssid |
NOTE: the filters from /clients/:mac/events can also be used. E.g. /clients/events/count?distinct=device&ssid=Guest
{
"start": 1513276353,
"end": 1513362753,
"limit": 3,
"total": 3,
"results": [
{
"count": 580,
"type": "CLIENT_AUTHENTICATED"
},
{
"count": 536,
"type": "CLIENT_GW_ARP_OK"
},
{
"count": 519,
"type": "CLIENT_ASSOCIATION"
}
]
}
GET /api/v1/sites/:site_id/clients/sessions/search
| Name | Type | Description |
|---|---|---|
ap |
string |
AP MAC |
band |
string |
5 / 24 |
client_family |
string |
E.g. “Mac”, “iPhone”, “Apple watch” |
client_manufacture |
string |
E.g. “Apple” |
client_model |
string |
E.g. “8+”, “XS” |
client_os |
string |
E.g. “Mojave”, “Windows 10”, “Linux” |
ssid |
string |
SSID |
wlan_id |
string |
wlan_id |
psk_id |
string |
PSK ID |
psk_name |
string |
PSK name |
{
"start": 1511967600,
"end": 1513177200,
"limit": 10,
"total": 100,
"results": [
{
"ap": "5c5b350e0262",
"disconnect": 1565208448.662,
"ssid": "Dummy WLAN 2",
"tags": [
"disassociate"
],
"org_id": "3139f2c2-fac6-11e5-8156-0242ac110006",
"site_id": "70e0f468-fc13-11e5-85ad-0242ac110008",
"mac": "b019c66c8348",
"connect": 1565208388.568,
"band": "5",
"timestamp": 1565208448.662,
"duration": 60.09423865,
"client_manufacture": "Apple",
"wlan_id": "99bb4c74-f954-4f36-b844-6b030faffabc",
"psk_id": "8a4a134b-210a-4908-a6be-105dca78e226",
"psk_name": "test key"
},
...
]
}
GET /api/v1/sites/:site_id/clients/sessions/count
In addition to the filters that you can have in the search
| Name | Type | Description |
|---|---|---|
distinct |
string |
ssid, wlan_id, ap, mac, client_family, client_manufacture, client_model, client_os, default is mac |
NOTE: the filters from /clients/sessions/search can also be used. (
E.g. /clients/sessions/count?distinct=client_manufacture)
{
"start": 1511967600,
"end": 1513177200,
"limit": 100,
"distinct": "client_manufacture",
"total": 20,
"results": [
{
"count": 217,
"client_manufacture": "Apple"
},
{
"count": 35,
"client_manufacture": "Intel Corporate"
},
...
]
}
GET /api/v1/sites/:site_id/clients/:client_mac/events
GET /api/v1/sites/:site_id/skyatp/events/count?distinct=type
| Name | Type | Description |
|---|---|---|
distinct |
string |
type, mac, device_mac, threat_level, default is type |
{
"start": 1511967600,
"end": 1513177200,
"limit": 10,
"distinct": "type",
"total": 2,
"results": [
{
"type": "mw",
"count": 6
},
{
"device": "fs",
"count": 3
}
]
}
GET /api/v1/sites/:site_id/skyatp/events/search
| Name | Type | Description |
|---|---|---|
type |
string |
event type, e.g. cc, fs, mw |
mac |
string |
client MAC |
device_mac |
string |
device MAC |
threat_level |
int |
threat level |
ip |
string |
client ip |
{
"start": 1512572151,
"end": 1513176951,
"limit": 10,
"total": 1,
"results": [
{
"mac": "b019c66c8348",
"threat_level": 7,
"device_mac": "658279bb1fa4",
"timestamp": 1592524478,
"org_id": "3139f2c2-fac6-11e5-8156-0242ac110006",
"site_id": "70e0f468-fc13-11e5-85ad-0242ac110008",
"type": "cc",
"ip": "172.16.0.11"
}
]
}
GET /api/v1/sites/:site_id/guests
| Name | Type | In | Description |
|---|---|---|---|
wlan_id |
string | query | (optional) UUID of single or multiple (Comma separated) WLAN under Site site_id (to filter by WLAN) |
[
{
"mac": "5684dae9ac8b",
"authorized": true,
"authorized_time": 1480704355,
"authorized_expiring_time": 1480704955,
"name": "John Smith",
"email": "john@abc.com",
"company": "abc",
"field1": "xxx"
}
]
| Name | Type | Description |
|---|---|---|
mac |
string |
mac |
authorized |
boolean |
whether the guest is current authorized |
authorized_time |
long |
when the guest was authorized |
authorized_expiring_time |
long |
when the authorization would expire |
name |
string |
optional, the info provided by user |
email |
string |
optional, the info provided by user |
company |
string |
optional, the info provided by user |
field1 |
string |
optional, the info provided by user |
GET /api/v1/sites/:site_id/guests/:guest_mac
[
{
"mac": "5684dae9ac8b",
"authorized": true,
"authorized_time": 1480704355,
"authorized_expiring_time": 1480704955,
"name": "John Smith",
"email": "john@abc.com",
"company": "abc",
"field1": "xxx"
}
]
| Name | Type | Description |
|---|---|---|
mac |
string |
mac |
authorized |
boolean |
whether the guest is current authorized |
authorized_time |
long |
when the guest was authorized |
authorized_expiring_time |
long |
when the authorization would expire |
name |
string |
optional, the info provided by user |
email |
string |
optional, the info provided by user |
company |
string |
optional, the info provided by user |
field1 |
string |
optional, the info provided by user |
PUT /api/v1/sites/:site_id/guests/:guest_mac
{
"name": "guest1",
"email": "guest1@email.com",
"company":"companyXYZ",
"minutes": 60,
"field1": "value1",
......
}
| Name | Type | Description |
|---|---|---|
minutes |
int |
minutes, the maximum is 259200 (180 days) |
DELETE /api/v1/sites/:site_id/guests/:guest_mac
GET /api/v1/sites/:site_id/guests/search?wlan_id=88ffe630-95b8-11e8-b294-346895ed1b7d&limit=2
{
"end": 1531862583.0,
"results": [
{
"ssid": "openNet",
"timestamp": 1531782218,
"company": "mistsystems",
"auth_method": "passphrase",
"ap": "5c5b350e0001",
"authorized_expiring_time": 1531810258.186273,
"authorized_time": 1531782218,
"email": "user@mistsys.com",
"name": "john"
},
{
"ssid": "openNet",
"timestamp": 1531782632,
"company": "xyz inc.",
"auth_method": "facebook",
"ap": "5c5b350e0001",
"authorized_expiring_time": 1531810821.145,
"authorized_time": 1531782632,
"email": "cool_user@yahoo.com",
"name": "John White"
}
],
"next": "/api/v1/sites/8aaba0aa-09cc-44bd-9709-33b98040550c/guests/search?wlan_id=88ffe630-95b8-11e8-b294-346895ed1b7d&end=1531855849.000&limit=2&start=1531776183.0",
"start": 1531776183.0,
"limit": 2,
"total": 14
}
GET /api/v1/sites/:site_id/guests/count?distinct=auth_method
{
"end": 1531862583.0,
"results": [
{
"auth_method": "passphrase",
"count": 2
},
{
"auth_method": "facebook",
"count": 4
}
],
"start": 1531776183.0,
"total": 2
}
GET /api/v1/sites/:site_id/stats/zones?map_id=845a23bf-bed9-e43c-4c86-6fa474be7ae5
[
{
"id": "8ac84899-32db-6327-334c-9b6d58544cfe",
"name": "Board Room",
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"num_assets": 0,
"assets_waits": {
"max": 0,
"min": 0,
"avg": 0,
"p95": 0
}
"num_sdkclients": 10,
"sdkclients_waits": {
"max": 3610,
"min": 600,
"avg": 1200,
"p95": 2800
}
"num_clients": 80,
"clients_waits": {
"max": 3610,
"min": 600,
"avg": 1200,
"p95": 2800
}
}
]
| Name | Type | Description |
|---|---|---|
id |
string |
id of the zone |
name |
string |
name of the zone |
map_id |
string |
map_id of the zone |
sdkclient_waits |
object |
sdkclient wait time right now |
client_waits |
object |
client wait time right now |
asset_waits |
object |
ble asset wait time right now |
num_assets |
int |
number of assets |
num_clients |
int |
number of wifi clients (unconnected + connected) |
num_sdkclients |
int |
number of sdk clients |
max |
int |
longest wait time in seconds |
min |
int |
shortest wait time in seconds |
avg |
int |
average wait time in seconds |
p95 |
int |
95th percentile of all the wait time(s) |
GET /api/v1/sites/:site_id/stats/<zones|rssizones>/:zone_id
{
"id": "8ac84899-32db-6327-334c-9b6d58544cfe",
"name": "Board Room",
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"num_sdkclients": 0,
"num_clients": 80,
"client_waits": {
"max": 3610,
"min": 600,
"avg": 1200,
"p95": 2800
},
"sdkclients": [
"7e2b463d-c91c-ff7d-f3c0-6eccc6949ff8"
...
],
"clients": [
"5684dae9ac8b",
]
}
| Name | Type | Description |
|---|---|---|
id |
string |
id of the zone |
name |
string |
name of the zone |
map_id |
string |
map_id of the zone |
sdkclient_waits |
object |
sdkclient wait time right now |
client_waits |
object |
client wait time right now |
sdkclients |
list |
list of sdkclients currently in the zone and when they entered |
clients |
list |
list of clients currently in the zone and when they entered |
assets |
list |
list of ble assets currently in the zone and when they entered |
max |
int |
longest wait time in seconds |
min |
int |
shortest wait time in seconds |
avg |
int |
average wait time in seconds |
p95 |
int |
95th percentile of all the wait time(s) |
Recent Zone Visits (7-days) are searchable via the following APIs
GET /api/v1/sites/:site_id/zones/visits/search?user_type=asset&scope_id=85fbba9e-4e12-11e6-9188-0242ac110007&limit=2
GET /api/v1/sites/:site_id/rssizones/visits/search?user_type=asset&scope_id=85fbba9e-4e12-11e6-9188-0242ac110007&limit=2
| Name | Type | Description |
|---|---|---|
user_type |
string |
user type, client (default) / sdkclient / asset |
user |
string |
client MAC / Asset MAC / SDK UUID |
scope_id |
string |
if scope == map/zone/rssizone, the scope id |
scope |
string |
scope, site (default) / map / zone / rssizone |
tags |
string |
tags |
{
"end": 1541705289.769911,
"results": [
{
"scope": "map",
"enter": 1541705254,
"user": "c4b301c81166",
"timestamp": 1541705254
},
{
"scope": "map",
"enter": 1541705247,
"user": "c57bbb6a1277",
"timestamp": 1541705247
}
],
"next": "/api/v1/sites/67970e46-4e12-11e6-9188-0242ac110007/zones/visits/search?limit=2&end=1541705247.000&scope_id=85fbba9e-4e12-11e6-9188-0242ac110007&user_type=asset&start=1541618889.77",
"start": 1541618889.769886,
"limit": 2,
"total": 5892
}
GET /api/v1/sites/:site_id/zones/visits/count?distinct=scope_id
GET /api/v1/sites/:site_id/rssizones/visits/count?distinct=scope_id
| Name | Type | Description |
|---|---|---|
user_type |
string |
user type, client (default) / sdkclient / asset |
user |
string |
client MAC / Asset MAC / SDK UUID |
scope_id |
string |
if scope == map/zone/rssizone, the scope id |
scope |
string |
scope, site (default) / map / zone / rssizone |
{
"end": 1531862583.0,
"results": [
{
"scope_id": "f0c38357-9370-4506-84f9-0f94a63faddd",
"count": 18
},
{
"scope_id": "a002eb82-6d08-4556-b8c5-2f2547a7c7f8",
"count": 7
},
{
"scope_id": "85fbba9e-4e12-11e6-9188-0242ac110007",
"count": 5
}
],
"start": 1531776183.0,
"total": 3
}
This has information about
GET /api/v1/sites/:site_id/stats/maps/:map_id/sdkclients
[
{
"id": "de87bf9d-183f-e383-cc68-6ba43947d403",
"uuid": "ada72f8f-1643-e5c6-94db-f2a5636f1a64",
"name": "John's iPhone",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"last_seen": 1428939600,
"x": 60,
"y": 80,
"network_connection": {
"type": "WiFi",
"rssi": -75,
"mac": "c3-b6-e5-af-41-15",
"signal_level": 3
}
},
...
]
| Name | Type | Description |
|---|---|---|
uuid |
string |
uuid of the sdk client |
name |
string |
name of the sdk client (if provided) |
map_id |
string |
map_id of the sdk client (if known), or null |
last_seen |
long |
last seen timestamp |
x |
int |
x (in pixels) of user location on the map (if known) |
y |
int |
y (in pixels) of user location on the map (if known) |
network_connection |
object |
various network connection info for the SDK client (if known, else omitted), with RSSI in dBm, and signal level as # of bars/signal indicator of signal strength |
This has information about
GET /api/v1/sites/:site_id/stats/sdkclients/:sdkclient_uuid
{
"id": "de87bf9d-183f-e383-cc68-6ba43947d403",
"uuid": "ada72f8f-1643-e5c6-94db-f2a5636f1a64",
"name": "John's iPhone",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"zones": [
{
"id": "8ac84899-32db-6327-334c-9b6d58544cfe",
"since": 1428939600
}
],
"vbeacons": [
{
"id": "d379d29d-24b4-96c5-5dd4-6f2a2dc5aaeb",
"since": 1428939300
}
],
"last_seen": 1428939600,
"x": 60,
"y": 80,
"network_connection": {
"type": "WiFi",
"rssi": -75,
"mac": "c3-b6-e5-af-41-15",
"signal_level": 3
}
}
| Name | Type | Description |
|---|---|---|
uuid |
string |
uuid of the sdk client |
name |
string |
name of the sdk client (if provided) |
map_id |
string |
map_id of the sdk client (if known), or null |
zones |
list |
list of zone_id’s of the sdk client is in and since when (if known) |
vbeacons |
list |
list of beacon_id’s of the sdk client is in and since when (if known) |
last_seen |
long |
last seen timestamp |
x |
int |
x (in pixels) of user location on the map (if known) |
y |
int |
y (in pixels) of user location on the map (if known) |
network_connection |
object |
various network connection info for the SDK client (if known, else omitted), with RSSI in dBm, and signal level as # of bars/signal indicator of signal strength |
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/stats/maps/:map_id/sdkclients"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/stats/maps/845a23bf-bed9-e43c-4c86-6fa474be7ae5/sdkclients",
"data": {
"id": "de87bf9d-183f-e383-cc68-6ba43947d403",
"uuid": "ada72f8f-1643-e5c6-94db-f2a5636f1a64",
"name": "John's iPhone",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"last_seen": 1428939600,
"x": 60,
"y": 80
}
}
GET /api/v1/sites/:site_id/stats/maps/:map_id/unconnected_clients
[
{
"mac": "5684dae9ac8b",
"ap_mac": "5c5b350e0410",
"map_id": "ea77be98-ab51-4ff8-a863-ac3c8e1b1c3a",
"x": 60,
"y": 80,
"rssi": -75.0,
"manufacture": "Apple",
"last_seen": 1428939600
}
]
| Name | Type | Description |
|---|---|---|
mac |
string |
mac address of the (unconnected) client |
ap_mac |
string |
mac address of the AP that heard the client |
map_id |
string |
map_id of the client (if known), or null |
x |
int |
x (in pixels) of user location on the map (if known) |
y |
int |
y (in pixels) of user location on the map (if known) |
rssi |
int |
client RSSI observered by the AP that heard the client (in dBm) |
manufacture |
string |
device manufacture, through fingerprinting or OUI |
last_seen |
long |
last seen timestamp |
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/stats/maps/:map_id/unconnected_clients"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/stats/maps/63eda950-c6da-11e4-a628-60f81dd250cc/unconnected_clients",
"data": {
"mac": "5684dae9ac8b",
"ap_mac": "5c5b350e0410",
"map_id": "63eda950-c6da-11e4-a628-60f81dd250cc",
"x": 60,
"y": 80,
"rssi": -75.0,
"manufacture": "Apple",
"last_seen": 1480715946,
"num_locating_aps": 0
}
}
WS /api-ws/v1/stream
// for SDK Client
{
"subscribe": "/sites/:site_id/sdkclients/:sdkclient_id/diag"
}
// WIFI Client
{
"subscribe": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/clients/112233445566/diag"
}
// BLE Asset
{
"subscribe": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/assets/7beb14fc-dc99-d51a-bc9e-9c7360db8520/diag"
}
{
"event": "channel_subscribed",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/sdkclients/de87bf9d-183f-e383-cc68-6ba43947d403/diag"
}
{
"event": "subscribe_failed",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/sdkclients/de87bf9d-183f-e383-cc68-6ba43947d403/diag",
"detail": "permission denied"
}
//For SDK Client
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/sdkclients/de87bf9d-183f-e383-cc68-6ba43947d403/diag",
"data": {
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"grid": {
"topleft_x_m": -0.86,
"topleft_y_m": 9.2486,
"size_m": 0.5,
"width": 40,
"height": 40,
"data": "<base-64 encoded data intended to be interpreted by atob() in JS>",
},
"motion": true,
"avg_duration": 3,
"vbles": [
{
"type": "device",
"id": "00000000-0000-0000-1000-5c5b350e0060",
"orientation": 90,
"xyz_m": [ 5.79, 4.33, 3.04 ],
"rssis": [ -52.32, -53, -55, -57, -60.25, null, null, -62, null ]
},
{
"type": "beacon",
"id": "00000000-0000-0000-1000-e74489000052",
"xyz_m": [ 8.79, 10.33, 3.04 ],
"rssi": -59.5
}
],
"peak": {
"vble_id": "00000000-0000-0000-1000-e74489000052",
"max_rssi": -53.428,
"plf": -73,
"ple": -21,
"intercept": -52
},
// estimates based on probability surface, we'll always have this
"raw_xyz_m": [ 18.7486, 10.13269, 0 ],
"smoothed_xyz_m": [ 18.7486, 10.13269, 0 ],
// available only if present
"app_xyz_m": [18.714, 10.1102, 0],
"dead_reckoning_xyz_m": [18.791, 10.1613, 0],
"dead_reckoning_raw_xyz_m": [18.157, 10.110, 0],
"model": "iPod7",
"os": "",
"version": "10.2.1",
"beams_count": 12,
"beams_mean": 4,
"missing_beams": 16,
"speed": 1,
"direction": 235,
"timestamp": 1501113999.758902,
// the loudest mote estimate
"closest_mote_xyz_m": [ 8.79, 10.33, 3.04 ],
// 3 past consecutive mote estimates
"adjusted_mote_xyz_m": [ 8.79, 10.33, 3.04 ],
// another algorithm, more sophisticated
"vector_mote_xyz_m": [ 8.79, 10.33, 3.04 ]
//particle reset flags
"pf_reset": false,
"pf_hard_reset": false
"latency": 123
}
}
// WIFI locations from 3 or more APs
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/clients/112233445566/diag",
"data": {
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"grid": {
"topleft_x_m": -0.86,
"topleft_y_m": 9.2486,
"size_m": 0.5,
"width": 40,
"height": 40,
"data": "<base-64 encoded data intended to be interpreted by atob() in JS>",
},
"vbles": [
{
"type": "beacon",
"id": "00000000-0000-0000-1000-5c5b350e0060",
"xyz_m": [ 5.79, 4.33, 3.04 ],
"rssi": -52.32
}
],
"peak": {
"vble_id": "00000000-0000-0000-1000-e74489000052",
"max_rssi": -53.428,
"plf": -73,
"ple": -21,
"intercept": -52
},
// estimates based on probability surface, we'll always have this
"raw_xyz_m": [ 18.7486, 10.13269, 0 ],
"smoothed_xyz_m": [ 18.7486, 10.13269, 0 ],
"model": "",
"speed": null,
"direction": null,
"timestamp": 1501113989.754602,
//particle reset flags
"pf_reset": false,
"pf_hard_reset": false
}
}
// WIFI locations from <3 AP
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/clients/6ba43947d403/diag",
"data": {
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"grid": null,
"vbles": [
{
"type": "beacon",
"id": "00000000-0000-0000-1000-5c5b350e0060",
"xyz_m": [ 5.79, 4.33, 3.04 ],
"rssi": -52.32
}
],
"peak": {
"vble_id": "00000000-0000-0000-1000-e74489000052",
"max_rssi": -53.428,
"plf": -73,
"ple": -21,
"intercept": -52
},
// estimates based on probability surface, we'll always have this
"raw_xyz_m": [ 18.7486, 10.13269, 0 ],
"smoothed_xyz_m": [ 18.7486, 10.13269, 0 ],
"model": "",
"speed": null,
"direction": null,
"timestamp": 1501113912.759202,
//particle reset flags
"pf_reset": false,
"pf_hard_reset": false
}
}
// For BLE ASSET Client
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/assets/115825352113/diag",
"data": {
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"grid": {
"topleft_x_m": -0.86,
"topleft_y_m": 9.2486,
"size_m": 0.5,
"width": 40,
"height": 40,
"data": "<base-64 encoded data intended to be interpreted by atob() in JS>",
},
"motion": false,
"vbles": [
{
"type": "device",
"id": "00000000-0000-0000-1000-5c5b350e0060",
"orientation": 90,
"xyz_m": [ 5.79, 4.33, 3.04 ],
"rssis": [ -52.32, -53, -55, -57, -60.25, null, null, -62, null ]
},
{
"type": "beacon",
"id": "00000000-0000-0000-1000-e74489000052",
"xyz_m": [ 8.79, 10.33, 3.04 ],
"rssi": -59.5
}
],
"peak": {
"vble_id": "00000000-0000-0000-1000-e74489000052",
"max_rssi": -53.428,
"plf": -73,
"ple": -21,
"intercept": -52
},
// estimates based on probability surface, we'll always have this
"raw_xyz_m": [ 18.7486, 10.13269, 0 ],
"smoothed_xyz_m": [ 18.7486, 10.13269, 0 ],
"model": "asset",
"speed": null,
"direction": null,
"timestamp": 1501113197.768402,
// the loudest mote estimate
"closest_mote_xyz_m": [ 8.79, 10.33, 3.04 ],
// 3 past consecutive mote estimates
"adjusted_mote_xyz_m": [ 8.79, 10.33, 3.04 ],
// another algorithm, more sophisticated
"vector_mote_xyz_m": [ 8.79, 10.33, 3.04 ]
//particle reset flags
"pf_reset": false,
"pf_hard_reset": false
}
}
| Name | Type | Description |
|---|---|---|
map_id |
string |
map id |
vbles |
list |
list of vble devices we used to calculate the estimates |
avg_duration |
int |
duration over which rssis are averaged |
type |
string |
device (our VBLE device) / beacon (3rd party beacon) |
id |
string |
device or beacon id |
orientation |
int |
orientation if type==device, 0 for beacon |
xyz_m |
list |
location of the vble |
rssis |
list |
9 rssi values array if type==device, value is null if such beam not used, last/9th entry is for the omni antenna while the rest are for the directional ones |
rssi |
float |
rssi if type==beacon |
grid |
object |
the grid intended to be renderred |
topleft_x_m |
float |
grid’s top-left x position on map, in meter, can be negative |
topleft_y_m |
float |
grid’s top-left y position on map, in meter, can be negative |
size_m |
float |
size of the grid, in meter |
width |
int |
number of grids on x-axis |
height |
int |
number of grids on y-axis |
data |
string |
base64 encoded byte array with size == width*height, value is from 0-250, confidence level |
motion |
bool |
whether sdk client is moving |
raw_xyz_m |
list |
raw client location in meter |
smoothed_xyz_m |
list |
smoothed client location in meter |
app_xyz_m |
list |
client location in meter from app |
dead_reckoning_xyz_m |
list |
dead reckoning based client location in meter |
dead_reckoning_raw_xyz_m |
list |
raw dead reckoning based client location in meter |
closest_mote_xyz_m |
list |
raw client location in meter |
adjusted_mote_xyz_m |
list |
smoothed client location in meter |
vector_mote_xyz_m |
list |
mote |
peak |
object |
peak metrics, as each vble-ap has its own ple+int, we use the strongest beam (RSSI-wise, excluding the omni) to identify the location |
device_id |
string |
device id |
max_rssi |
int |
max rssi (across beams in all vbles, excluding the omnis) |
plf |
float |
PLE + INT from machine learning |
ple |
float |
PLE from machine learning |
intercept |
float |
INT from machine learning |
model |
string |
model name of the client |
beam_count |
int |
number of beams as seen by client |
beam_mean |
float |
avg beacons per beam |
missing_beams |
int |
difference between expected beams and actual heard beam count |
speed |
float |
speed of the client in metres/second (available only for SDK Client when particle algorithm is enabled). Otherwise, null. |
direction |
int |
direction of client in degrees, 0 means up is north, 90 means up is east. (available only for SDK Client when particle algorithm is enabled). Otherwise, null. |
timestamp |
float |
timestamp |
os |
string |
os information of the client if available |
version |
string |
os version information of the client if available |
latency |
int |
Round trip time (rtt) latency |
{
"unsubscribe": "/sites/:site_id/stats/sdkclients/:sdkclient_id/diag"
}
POST /api/v1/sites/:site_id/rfdiags
{
"name": "Troubleshooting",
"type": "sdkclient",
"sdkclient_id": "de87bf9d-183f-e383-cc68-6ba43947d403",
"duration": 120
}
| Name | Type | Description |
|---|---|---|
name |
string |
name of the recording, the name of the sdk client would be a good default choice |
type |
string |
sdkclient / client/ asset |
sdkclient_id |
string |
if type==sdkclient, sdkclient_id of this recording |
mac |
string |
if type==client or asset, mac of the device |
duration |
int |
recording length in seconds, max is 180. Default value is also 180. |
POST /api/v1/sites/:site_id/rfdiags/:rfdiag_id/stop
If the recording session is active for the given rfdiag_id, it will finish the recording.
duration and end_time will be updated to reflect the correct values.
GET /api/v1/sites/:site_id/rfdiags
[
{
"id": "8b944030-04cd-4f91-d61c-3557bb088cad",
"name": "Troubleshooting",
"type": "sdkclient",
"sdkclient_id": "de87bf9d-183f-e383-cc68-6ba43947d403",
"sdkclient_name": "app-client",
"sdkclient_uuid": "5b3ee6be-5b7c-11e7-b288-346895ed1b7d",
"map_id": "845a23bf-bed9-e43c-4c86-6fa474be7ae5",
"url": "https://s3.amazon.com/.../frames.json",
"raw_events": "https://s3.amazon.com/.../raw-events.json",
"start_time": 1476990144,
"end_time": 1476990204,
"duration": 60,
"frame_count": 12,
"ready": True,
"next": "8b944179-04cd-4f91-d61c-3557bb08813d"
}
]
| Name | Type | Description |
|---|---|---|
type |
string |
sdkclient / client / asset |
sdkclient_id |
string |
if type==sdkclient, sdkclient_id of this recording |
sdkclient_uuid |
string |
if type==sdkclient, device_id of sdkclient |
asset_id |
string |
if type==asset, id of the asset |
mac |
string |
if type==client or type==asset, mac of the device |
start_time |
int |
timestamp of the recording (the start) |
end_time |
int |
timestamp of end of recording |
duration |
int |
recording length in seconds, max is 120 |
ready |
boolean |
whether it’s ready for playback |
url |
string |
URL to a JSON file that contains an array of frames, each frame is the same format |
raw_events |
string |
URL to a JSON file that contains array of raw location diag events |
frame_count |
int |
Number of frames in the output |
sdkclient_name |
string |
if type==sdkclient, name of the sdkclient |
client_name |
string |
if type==client, hostname of the client |
asset_name |
string |
if type==asset, name of the asset |
next |
string |
Optional. id of the next recoding if present. Only valid for site survey. |
PUT /api/v1/sites/:site_id/rfdiags/:rfdiag_id
{
"name": "Trouble-Shoot"
}
DELETE /api/v1/sites/:site_id/rfdiags/:rfdiag_id
Download raw_events blob
GET /api/v1/sites/:site_id/rfdiags/:rfdiag_id/download
Allows downloading provided json content as csv file
POST /api/v1/utils/json_to_csv
{"json": "{
\"filename\": \"content.txt\",
\"rows\": [
{
\"plf\": -77,
\"loc_err\": 0.112,
\"way2\": 5,
},
{
\"plf\": -74,
\"loc_err\": 1.192,
\"way1\": 1,
\"way2\": 7
}
],
\"headers\": [\"plf\", \"loc_err\", \"way1\", \"way2\"]
}"
}
A file called content.txt will be downloaded with following content
plf,loc_err,way1,way2
-77,0.112,,5
-74,1.192,1,7
GET /api/v1/sites/:site_id/location/coverage?map_id=845a23bf-bed9-e43c-4c86-6fa474be7ae5
| Name | Type | Description |
|---|---|---|
duration |
string |
1d, 30m, 5h, where the start time will be calculated (with end time is now), default is 1h |
type |
string |
sdkclient / client / asset, default is sdkclient |
map_id |
string |
map_id (filter by map_id) |
resolution |
string |
default / fine |
client_type |
string |
client_type (as filter. optional) |
{
"start": 1428939600,
"end": 1428954000,
"beams_means": [
[ 1, 3, 3.2 ],
[ 6, 10, 6.5 ],
...
],
"gridsize": 1.0,
"result_def": [
'x', 'y', 'beams_mean', 'beacons_mean', 'max_rssi', 'avg_rssi'
],
"results": [
[ 1, 3, 3.2, 18.5, -68, -70 ],
[ 6, 10, 6.5, 30,1, -72.5, -75 ],
...
]
}
| Name | Type | Description |
|---|---|---|
beams_means |
list |
list of [x, y, mean]s, x/y are in meters (UI would need to use map.ppm to calulate the pixel location from top-left). |
gridsize |
float |
the size of grid, in meter |
results |
list |
list of results, see result_def. |
result_def |
list |
list of names annotating the fields in results |
For each VBLE AP, it has ML model parameters (e.g. Path-loss-estimate, Intercept) as well as completion indicators (Level and PercentageComplete). For the completeness, ML takes N sample to finish its first level and use N*0.25 samples to complete each successive level. When a device is moved, the completeness will be reset as it has to re-learn.
GET /api/v1/sites/:site_id/location/ml/current?map_id=:map_id
| Name | Type | Description |
|---|---|---|
map_id |
string |
map_id (as filter, optional) |
[
{
"device_id": "b069b358-4c97-5319-1f8c-7c5ca64d6ab1",
"current": {
"iOS": {"ple": -3, "level": 6, "int": -6, "completed": 16, "src": "default", "quality": "2", "timestamp": 1442854704},
"Android": {"ple": -3, "level": 3, "int": -6, "completed": 36, "src": "device", "quality": "4", "timestamp": 1442854794},
"iPod": {"ple": -5, "int": -10, "src": "overwrite", "overwrite": true}
}
},
{
"beacon_id": "7913f032-aab4-c3ae-e83e-5a2756ef4d40",
"current": {
"iOS": {"ple": -3, "level": 6, "int": -6, "completed": 16, "src": "device", "quality": "last", "timestamp": 1442854704},
}
}
...
]
| Name | Type | Description |
|---|---|---|
device_id |
stirng |
id of device if this ML is for Mist AP |
beacon_id |
string |
id of beacon if this ML is for 3rd party beacon |
current |
object |
ml stats, per client_type |
level |
int |
level of learning |
completed |
int |
learning completeness to the next level |
ple |
float |
internal |
int |
float |
internal |
quality |
int |
from 0 - 4, 4 being most accurate |
src |
string |
where the PLF comes from. machine (PLF from last learning) / device (last learnt PLF from this device) / model (model of the client device) / overwrite (from ML overwrite) |
timestamp |
long |
epoch, last updated |
GET /api/v1/sites/:site_id/location/ml/defaults
{
"iOS": {"ple": -3, "int": -6, "completed": 16,"quality": "2"},
"Android": {"ple": -3,"int": -6, "completed": 36, "quality": "4"}
}
| Name | Type | Description |
|---|---|---|
ple |
float |
internal |
int |
float |
internal |
quality |
int |
from 0 - 4, 4 being most accurate |
PUT /api/v1/sites/:site_id/location/ml/device/:device_id
{
"iOS": { "ple": -3, "int": 6 },
"iPod": { "ple": -5, "int": -10 }
}
To clear ML overwrite for a certain model, call above api with plf value as null.
{
"iOS": null
}
DELETE /api/v1/sites/:site_id/location/ml/device/:device_id
PUT /api/v1/sites/:site_id/location/ml/map/:map_id
See above
DELETE /api/v1/sites/:site_id/location/ml/map/:map_id
POST /api/v1/sites/:site_id/location/ml/reset/map/:map_id
| Name | Type | Description |
|---|---|---|
map_id |
stirng |
id of map, all devices on the map will have ML reset |
GET /api/v1/const/insight_metrics
{
// as timeseries
"num_clients": {
"description": "number of client over time",
"type": "timeseries",
"unit": "",
"scopes": ["site", "ap"],
"intervals": {
"10m": {"interval": 600, "max_age": 86400},
"1h": {"interval": 3600, "max_age": 1209600}
},
"report_scopes": ["site"],
"report_intervals": {
"1d": {"interval": 86400}
},
"example": [ 18, null, 15 ]
},
// as key value
"top-client": {
"description": "top clients",
"type": "keyvalues",
"key": {"mac": {"hint": "client"}},
"values": {"bytes": {"unit": "bytes"}},
"scopes": ["site", "ap"],
"intervals": {
"10m": {"interval": 600, "max_age": 86400},
"1h": {"interval": 3600, "max_age": 1209600}
},
"report_scopes": ["site"],
"report_intervals": {
"1d": {"interval": 86400}
},
"example": [
{
"mac": "5684dae9ac8b",
"bytes": 1232333
}
]
},
}
There can be more detailed metrics in different scopes.
GET /api/v1/sites/:site_id/insights/:metric
GET /api/v1/sites/:site_id/insights/device/:mac/:metric
GET /api/v1/sites/:site_id/insights/client/:mac/:metric
| Name | Type | Description |
|---|---|---|
wlan_id |
string |
UUID of the wlan. This parameter is supported only for site scope. |
{
"start": 1428939600,
"end": 1428954000,
"interval": 3600,
// data
"results": [
{
// results depends on :metric
},
...
],
}
Some metrics has anomaly derection built in (if sle_baselined is true in Insight Metric Definitions) If supported , SLE anomaly events can get retrieved from
GET /api/v1/sites/:site_id/anomaly/:metric
GET /api/v1/sites/:site_id/anomaly/device/:mac/:metric
GET /api/v1/sites/:site_id/anomaly/client/:mac/:metric
The format is the similar to Insights with additional info.
{
"start": 1428939600,
"end": 1428954000,
"limit": 100,
"page": 1,
"results": [
{
"timestamp": 1431384000,
"sle_baseline": 0.5,
"sle_deviation": -0.15,
"events": ["config_update"],
// supported by some anomalies
"since": 1431380400
}
]
}
GET /api/v1/sites/:site_id/insights/rogues?limit=100&duration=1h
| Name | Type | Description |
|---|---|---|
duration |
string |
1d / 1h, default is 1d |
limit |
int |
max number of results, default = 100 |
type |
string |
honeypot (honeypots) / lan (wired rogue) / spoof / others, default is others |
{
"start": 1428939600,
"end": 1428954000,
"limit": 100,
"next": /api/v1/sites/a3eda150-ab3f-11e4-aa18-13e21dd250cc/rogues?start=1498482000&end=1498485600&limit=10&interval=1h&type=others&token="003600100000002e00080000015ce445d20000000657656566656500001162632d36342d34622d33382d39642d31620000036f7267007fffff9bed6131885196aa1b76969c4411,
"results": [
{
"ssid": "xfinitywifi",
"bssid": "d8-97-ba-76-b5-aa",
"num_aps": 4,
"ap_mac": "5c5b350e021c",
"channel": "11",
"avg_rssi": -72.0,
"times_heard": 8
},
..........
]
}
| Name | Type | Description |
|---|---|---|
next |
string |
link to next set of results. If more results aren’t present, next is null. |
ssid |
string |
ssid of the network detected as threat |
bssid |
string |
bssid of the network detected as threat |
num_aps |
int |
num of aps that heard the ssid/bssid pair |
ap_mac |
string |
mac of the device that had strongest signal strength for ssid/bssid pair |
channel |
string |
channel over which ap_mac heard ssid/bssid pair |
avg_rssi |
float |
average signal strength of ap_mac for ssid/bssid pair |
times_heard |
int |
represents number of times the pair was heard in the interval. Each count roughly corresponds to a minute. |
seen_on_lan |
boolean |
whether the reporting AP see a wireless client (on LAN) connecting to it |
Send Deauth frame to clients connected to a Rogue AP
POST /api/v1/sites/:site_id/rogues/:rogue_bssid/deauth_clients
GET /api/v1/sites/:site_id/insights/rogues/clients?limit=100&duration=1h
| Name | Type | Description |
|---|---|---|
duration |
string |
1d / 1h, default is 1d |
limit |
int |
max number of results, default = 100 |
{
"start": 1428939600,
"end": 1428954000,
"limit": 100,
"next": /api/v1/sites/a3eda150-ab3f-11e4-aa18-13e21dd250cc/rogues/clients?start=1498482000&end=1498485600&limit=10&interval=1h&token="00d400100000125e00080000015ce44512000000065765656666500001162632d36342d34622d33382d39642d31620000036f7267007fffff9bed6131885196aa1b76969c4411,
"results": [
{
"bssid": "d8-97-ba-76-b5-aa",
"ap_mac": "5c-5b-35-0e-02-1c",
"client_mac": "34-f8-32-13-57-c2"
"num_aps": 2,
"band": "5",
"avg_rssi": -63.9,
"annotation": "whitelist"
},
..........
]
}
GET /api/v1/sites/:site_id/rogues/:rogue_bssid
{
"seen_as_client": true,
"manufacture": "Intel Corporate"
}
GET /api/v1/sites/:site_id/rogues/events/search?type=honeypot
{
"results": [
{
"ssid": "MyHomeNetwork",
"bssid": "38ff363c8c4c",
"timestamp": 1538074612,
"ap": "5c5b350e10030",
"rssi": -54.0,
"channel": 136
},
{
"ssid": "Home-Office",
"bssid": "60d02c2394cc",
"timestamp": 1538074612,
"ap": "5c5b350e10030",
"rssi": -59.0,
"channel": 11
}
],
"start": 1538071200,
"end": 1538074800,
"limit": 10,
"total": 2
}
GET /api/v1/sites/:site_id/rogues/events/count?distinct=bssid
{
"results": [
{
"count": 1,
"bssid": "38ff363c8c4c"
},
{
"count": 1
"bssid": "60d02c2394cc"
}
],
"start": 1538071200,
"end": 1538074800,
"limit": 10,
"total": 2
}
GET /api/v1/sites/:site_id/events/system?start=1431384000&end=1431298000&limit=10
| Name | Type | Description |
|---|---|---|
start |
long |
start time, in epoch, |
end |
long |
start time, default is now() |
limit |
long |
number of events |
{
"start": 1428939600,
"end": 1428954000,
"results": [
{
"change_cat": "admin_action",
"type": "config_update"
"timestamp": 1431384000,
"message": "WLAN config was updated"
},
{
"change_cat": "rrm_update",
"type": "interference",
"timestamp": 1431384001,
"message": " Power on Channel 40 was reduced on AP aa-bb-cc-dd-ee-ff"
},
...
]
}
| Name | Type | Description |
|---|---|---|
change_cat |
string |
event name used as an identifier. The string is typically a human understandable string with all lower case letters and snake-cased if there are multiple words |
timestamp |
long |
time since epoch |
type |
string |
Additional subtype of the event, where applicable. For RRM, 3 types will be Interference,Reboot,Periodic. For admin action, 3 types will be manual_reboot,fw_update and config_change.Not all events might have associated types. |
message |
string |
All metadata associated with the event as string. |
GET /api/v1/sites/:site_id/devices/:device_id/events/system?start=1496256371&end=1496259837&limit=10
| Name | Type | Description |
|---|---|---|
start |
long |
start time, in epoch, |
end |
long |
start time, default is now() |
limit |
long |
number of events |
{
"page": "",
"sys_change_per_ap_data": [
{
"metadata": "{\"ap\": \"5c-5b-35-0e-02-b7\", \"update\": \"Mist engineering is aware of the software issue & working to resolve it\"}",
"change_cat": "ap_health",
"type": "software-panic",
"timestamp": 1496259837
},
{
"metadata": "{\"ap\": \"5c-5b-35-0e-02-b7\", \"update\": \"Mist engineering is aware of the software issue & working to resolve it\"}",
"change_cat": "ap_health",
"type": "software-panic",
"timestamp": 1496256965
},
{
"metadata": "{\"ap\": \"5c-5b-35-0e-02-b7\", \"update\": \"Mist engineering is aware of the software issue & working to resolve it\"}",
"change_cat": "ap_health",
"type": "software-panic",
"timestamp": 1496256373
}
]
}
| Name | Type | Description |
|---|---|---|
change_cat |
string |
event name used as an identifier. The string is typically a human understandable string with all lower case letters and snake-cased if there are multiple words |
timestamp |
long |
time since epoch |
type |
string |
Additional subtype of the event, where applicable. For RRM, 3 types will be Interference,Reboot,Periodic. For admin action, 3 types will be manual_reboot,fw_update and config_change.Not all events might have associated types. |
metadata |
string |
All metadata associated with the event as JSON. |
Get the definitions of alarms you’d seen from our backend and example
GET /api/v1/const/alarm_defs
Acknowledge an alarm.
POST /api/v1/sites/:site_id/alarms/:alarm_id/ack
{
"note": "maintenance window"
}
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
alarm_id |
string | path | UUID of the alarm |
note |
string | body | (optional) Some text note describing the intent |
Unacknowledge an alarm.
POST /api/v1/sites/:site_id/alarms/:alarm_id/unack
{
"note": "maintenance window"
}
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
alarm_id |
string | path | UUID of the alarm |
note |
string | body | (optional) Some text note describing the intent |
Acknowledge multiple alarms at once.
POST /api/v1/sites/:site_id/alarms/ack
{
"alarm_ids": ["ccb8c94d-ca56-4075-932f-1f2ab444ff2c", "98ff4a3d-ec9b-4138-a42e-54fc3335179d"],
"note": "maintenance window"
}
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
alarm_ids |
list | body | List of UUIDs of the alarms to ack |
note |
string | body | (optional) Some text note describing the intent |
Unacknowledge multiple alarms at once.
POST /api/v1/sites/:site_id/alarms/unack
{
"alarm_ids": ["ccb8c94d-ca56-4075-932f-1f2ab444ff2c", "98ff4a3d-ec9b-4138-a42e-54fc3335179d"],
"note": "maintenance window"
}
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
alarm_ids |
list | body | List of UUIDs of the alarms to unack |
note |
string | body | (optional) Some text note describing the intent |
Acknowledge all the alarms of a site at once.
POST /api/v1/sites/:site_id/alarms/ack_all
{
"note": "maintenance window"
}
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
note |
string | body | (optional) Some text note describing the intent |
Unacknowledge all the alarms of a site at once.
POST /api/v1/sites/:site_id/alarms/unack_all
{
"note": "maintenance window"
}
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
note |
string | body | (optional) Some text note describing the intent |
N.B.: Batch size for multiple alarm ack and unack has to be less or or equal to 1000.
List or Search alarms within a site.
GET /api/v1/sites/:site_id/alarms/search
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
type |
string | query | Key-name of the alarms; accepts multiple values separated by comma |
ack_admin_name |
string | query | Name of the admins who have acked the alarms; accepts multiple values separated by comma |
acked |
boolean | query | |
group |
string | query | Alarm group name; accepts multiple values separated by comma |
severity |
string | query | Alarm severity; accepts multiple values separated by comma |
status |
string | query | Alarm status; accepts multiple values separated by comma |
Status: 200 OK
{
"results": [
{
"id": "8a93ab2d-b745-a093-7936-80d7922559b5",
"timestamp": 1431382121,
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"type": "device-down"
"count": 3,
"acked": true,
"acked_time": 1431388121,
"ack_admin_name": "FirstName LastName first.last@someorg.com",
"ack_admin_id": "ab6fdaa0-e7c4-428b-9259-7d7a603afa8a",
"note": "upgrade switch",
// additional information per alarm type defined under `fields` in API: GET /api/v1/const/alarm_defs (see "Additional Information" section)
}
]
}
| Name | Type | Description |
|---|---|---|
results |
list | List of result objects |
id |
list | UUID of the alarm |
site_id |
string | UUID of the site |
org_id |
string | UUID of the org |
type |
string | Key-name of the alarm type |
group |
string | Group of the alarm |
severity |
string | Severity of the alarm |
count |
int | Number of incident within an alarm window |
timestamp |
long | Epoch (seconds) of the first incident/alarm |
last_seen |
long | Epoch (seconds) of the last incident/alarm within an alarm window |
acked |
boolean | (optional)Whether the alarm is acked or not |
acked_time |
long | (optional)Epoch (seconds) when the alarm was acked |
ack_admin_name |
string | (optional)Name & Email ID of the admin who acked the alarm |
ack_admin_id |
string | (optional)UUID of the admin who acked the alarm |
note |
string | (optional)Text describing the alarm |
component |
string | (optional)Component of the alarm |
status |
string | (optional)Status of the alarm (open/resolved) |
resolved_time |
long | (optional)Epoch (seconds) of the resolved_time for the alarm |
Additional information per alarm type.
| Name | Type | Description |
|---|---|---|
aps |
list | List of MACs of the APs e.g. [“ffeeddccbbaa”, “ffeeddccbbab”] |
switches |
list | List of MACs of the switches e.g. [“ffeeddccbbaa”, “ffeeddccbbab”] |
gateways |
list | List of MACs of the gateways e.g. [“ffeeddccbbaa”, “ffeeddccbbab”] |
hostnames |
string | List of Hostnames of the devices (AP/Switch/Gateway) |
ssids |
list | List of SSIDs |
bssids |
list | List of BSSIDs |
Count alarms within a site.
GET /api/v1/sites/:site_id/alarms/count
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
type |
string | query | Key-name of the alarms; accepts multiple values separated by comma |
ack_admin_name |
string | query | Name of the admins who have acked the alarms; accepts multiple values separated by comma |
acked |
boolean | query | |
group |
string | query | Alarm group name; accepts multiple values separated by comma |
severity |
string | query | Alarm severity; accepts multiple values separated by comma |
distinct |
string | query | (optional)Group by and count the alarms by some distinct field (e.g. type, group, severity etc.); default=type |
Status: 200 OK
{
"results": [
{
"type": "switch_restarted", // here `type` is a value (<group-by>) to parameter `distinct`
"count": 2
},
{
"type": "device_down",
"count": 1
},
{
"type": "device_restarted",
"count": 1
}
],
"start": 1625477727.0,
"end": 1625566540.9141023,
"limit": 10,
"distinct": "group",
"total": 1,
}
| Name | Type | Description |
|---|---|---|
results |
list | List of result objects |
<group-by> |
string | A field based on which alarms are grouped & counted |
count |
int | Number of alarms grouped by distinct parameter value |
Get version compliance metrics for managed or monitored switches
GET /api/v1/sites/:site_id/stats/switches/metrics
No input parameter is required for default
For switch level, the following parameters can be used. Switch level query is applicable only for metric type: active_ports_summary
{
"type": "active_ports_summary",
"scope": 'switch',
"switch_mac": "fc334262ef00"
}
| Name | Type | Description |
|---|---|---|
scope |
string |
metric scope, site/switch |
type |
string |
metric type, only active_ports_summary metric type is supported |
switch_mac |
string |
switch mac, used only with metric type active_ports_summary |
{
"version_compliance": {
"total_switch_count": 2,
"score": 100.0,
"details": {
"major_versions": [
{
"major_version": "21.4R3.5",
"system_names": [],
"model": "EX2300-C-12P",
"major_count": 1
},
{
"major_version": "6.0.4-11",
"system_names": [],
"model": "SSR120",
"major_count": 1
}
]
}
},
"config_success": {
"total_switch_count": 2,
"score": 100.0,
"details": {
"config_success_count": 2
}
},
"active_ports_summary": {
"total_switch_count": 2,
"score": 100.0,
"details": {
"total_port_count": 4,
"active_port_count": 4
}
}
}
"active_ports_summary": {
"total_switch_count": 1,
"score": 50.0,
"switch_id": "67970e46-4e12-11e6-9188-0242ac110007_fc334262ef00", // site_id + switch_mac
"details": {
"total_port_count": 2,
"active_port_count": 1
}
}
}
Get a list of switches that we discovered, with connected AP list
GET /api/v1/sites/:site_id/stats/discovered_switches/search
GET /api/v1/sites/:site_id/stats/discovered_switches/count
{
"results": [
{
"system_name": "mist-lab-ex2300c",
"hostname": "mist-lab-ex2300c",
"mgmt_addr": "10.1.1.1",
"vendor": "Juniper Networks",
"org_id": "6748cfa6-4e12-11e6-9188-0242ac110007",
"aps": [
{
"inactive_wired_vlans": [],
"hostname": "ap41nearlab",
"when": "2019-06-13T19:53:16.870+0000",
"mac": "5c5b352e2001",
"poe_status": true
}
],
"site_id": "67970e46-4e12-11e6-9188-0242ac110007",
"system_desc": "Juniper Networks, Inc. ex2300-c-12p Ethernet Switch, kernel JUNOS 18.2R2.6, Build date: 2018-12-07 13:19:04 UTC Copyright (c) 1996-2018 Juniper Networks, Inc.",
"version": "18.2R2.6",
"timestamp": 1560457177.037,
"model": "EX2300-C-12P",
"ap_redundancy": {
"num_aps": 15,
"num_aps_with_switch_redundancy": 8,
# for a VC / stacked switches
"modules": {
"1": {
"num_aps": 15,
"num_aps_with_switch_redundancy": 8
}
...
}
}
}
]
}
Discovered switches related metrics, lists related switch system names & details if not compliant
GET /api/v1/sites/:site_id/stats/discovered_switches/metrics
{
"version_compliance": {
"score": 75,
"details": {
"major_versions": [
{
"model": "EX2300-C-12P",
"major_count": 2,
"system_names": [
"switch1",
"mist-lab-ex2300c"
]
},
{
"model": "EX4300-48P",
"major_count": 1,
"system_names": []
},
],
"total_switch_count": 5
}
},
"switch_ap_affinity": {
"score": 33.3333,
"details": {
"threshold": 12,
"system_name": [
"mist-lab-ex2300c",
"switch1"
]
}
},
"inactive_wired_vlans": {
"score": 100.0,
"details": {}
},
"poe_compliance": {
"score": 100.0,
"details": {
"total_power": 981500.0,
"total_aps": 63
}
}
}
| Name | Type | Description |
|---|---|---|
threshold |
string |
configurable # ap per switch threshold, default 12 |
system_name |
string |
system name for switch level metrics, optional |
Get a list of wired assurance metrics, lists related switch system names & details if not compliant
GET /api/v1/sites/:site_id/stats/discovered_switch_metrics/search
{
"results": [
{
"details": {
"system_names": [
"CORP-D-SW-2"
]
},
"site_id": "c1698122-c14c-11e5-8e81-1258369c38a9",
"org_id": "c168ddee-c14c-11e5-8e81-1258369c38a9",
"timestamp": 1568917200,
"scope": "site",
"score": 95,
"type": "inactive_wired_vlans"
},
{
"timestamp": 1568917200,
"site_id": "c1698122-c14c-11e5-8e81-1258369c38a9",
"org_id": "c168ddee-c14c-11e5-8e81-1258369c38a9",
"scope": "site",
"type": "poe_compliance",
"score": 100.0,
"details": {
"total_power": 78000.0,
"total_aps": 4
}
},
{
"timestamp": 1568917201,
"site_id": "c1698122-c14c-11e5-8e81-1258369c38a9",
"org_id": "c168ddee-c14c-11e5-8e81-1258369c38a9",
"scope": "site",
"total_switch_count": 1,
"type": "version_compliance",
"score": 100.0,
"details": {
"major_versions": [
{
"major_version": "18.2R3-S6.5",
"system_names": [],
"model": "EX2300-48P",
"major_count": 1
}
]
}
},
{
"timestamp": 1568917201,
"site_id": "c1698122-c14c-11e5-8e81-1258369c38a9",
"org_id": "c168ddee-c14c-11e5-8e81-1258369c38a9",
"scope": "site",
"type": "switch_ap_affinity",
"score": 100.0,
"details": {
"threshold": 12
}
}
]
}
| Name | Type | Description |
|---|---|---|
scope |
string |
metric scope, site/switch, default is site, optional |
type |
string |
metric type, inactive_wired_vlans/switch_ap_affinity/poe_compliance/version_compliance, optional |
GET /api/v1/sites/:site_id/stats/ports/search
The following fields are available for searching.
| Name | Type | Description |
|---|---|---|
full_duplex |
boolean |
indicates full or half duplex |
mac |
string |
device identifier |
device_type |
string |
device type, ap / ble / switch / gateway / mxedge / nac |
port_usage |
string |
gateway port usage, wan / lan |
neighbor_mac |
string |
Chassis identifier of the chassis type listed |
neighbor_port_desc |
string |
Description supplied by the system on the interface E.g. “GigabitEthernet2/0/39” |
neighbor_system_name |
string |
Name supplied by the system on the interface E.g. neighbor system name E.g. “Kumar-Acc-SW.mist.local” |
poe_disabled |
boolean |
whether PoE capabilities are disabled for a port, default is false |
poe_mode |
string |
PoE mode depending on class. 802.3af / 802.3at / 802.3bt |
poe_on |
boolean |
is the device attached to POE |
port_id |
string |
interface name |
port_mac |
string |
interface mac address |
power_draw |
float |
Amount of power being used by the interface at the time the command is executed. Unit in watts. |
tx_pkts |
int |
Output packets |
rx_pkts |
int |
Input packets |
tx_bytes |
int |
Output bytes |
rx_bytes |
int |
Input bytes |
tx_bps |
int |
Output rate |
rx_bps |
int |
Input rate |
tx_errors |
int |
Output errors |
rx_errors |
int |
Input errors |
tx_mcast_pkts |
int | Multicast output packets |
tx_bcast_pkts |
int | Broadcast output packets |
rx_mcast_pkts |
int | Multicast input packets |
rx_bcast_pkts |
int | Broadcast input packets |
speed |
int |
port speed |
mac_limit |
int |
Limit on number of dynamically learned macs |
mac_count |
int |
Number of mac addresses in the forwarding table |
up |
boolean |
indicates if interface is up |
stp_state |
string |
if up == true, forwarding / blocking / learning / listening / disabled |
stp_role |
string |
if up == true, designated / backup / alternate / root / root-prevented |
xcvr_part_number |
string |
Optic Slot Partnumber, Check for null/empty |
xcvr_serial |
string |
Optic Slot SerialNumber, Check for null/empty |
xcvr_model |
string |
Optic Slot ModelName, Check for null/empty |
optics_bias_current |
float |
Optic port laser bias current in mA |
optics_tx_power |
float |
Optic port output power in dBm |
optics_rx_power |
float |
Optic port laser receiver power in dBm |
optics_module_temperature |
float |
Optic port laser module temperature in Celsius |
optics_module_voltage |
float |
Optic port laser module voltage in V |
auth_state |
string |
if up == true && has Authenticator role, init / authenticated / authenticating / held |
lte_imsi |
string |
LTE IMSI value, Check for null/empty |
lte_iccid |
string |
LTE ICCID value, Check for null/empty |
lte_imei |
string |
LTE IMEI value, Check for null/empty |
active |
boolean |
Indicates if interface is active/inactive |
jitter |
float |
Last sampled jitter of the interface |
loss |
float |
Last sampled loss of the interface |
latency |
float |
Last sampled latency of the interface |
unconfigured |
boolean |
indicates if interface is unconfigured |
disabled |
boolean |
indicates if interface is disabled |
last_flapped |
float |
indicates when the port was last flapped |
E.g. /api/v1/sites/:site_id/stats/ports/search?mac=001122334455
E.g.
{
"start": 1511967600,
"end": 1513177200,
"limit": 10,
"total": 100,
"results": [
{
"rx_bytes": 4563443626,
"rx_pkts": 30360265,
"xcvr_part_number":"740-021487",
"xcvr_serial":"N6AA9HT",
"xcvr_model":"SFP+-10G-SR",
"site_id": "c1698122-c14c-11e5-8e81-1258369c38a9",
"neighbor_system_name": "CORP-D-SW-2",
"org_id": "c168ddee-c14c-11e5-8e81-1258369c38a9",
"up": true,
"port_mac": "5c4527a96580",
"neighbor_port_desc": "GigabitEthernet1/0/21",
"tx_pkts": 14610886,
"mac": "5c4527a96580",
"tx_bytes": 11299516780,
"neighbor_mac": "64d814353400",
"poe_disabled": true,
"speed": 1000,
"port_id": "me0"
},
{
"rx_bps": 1176,
"rx_bytes": 2628451,
"rx_pkts": 11829,
"org_id": "c168ddee-c14c-11e5-8e81-1258369c38a9",
"full_duplex": true,
"site_id": "c1698122-c14c-11e5-8e81-1258369c38a9",
"up": true,
"poe_mode": "802.3at",
"port_mac": "0c8126c6ff6f",
"mac": "0c8126c6ff6c",
"tx_pkts": 492176,
"neighbor_port_desc": "ETH0",
"tx_bps": 14264,
"port_id": "ge-0/0/0",
"tx_bytes": 96810192,
"neighbor_mac": "5c5b350eb361",
"neighbor_system_name": "kevinsap",
"speed": 1000,
"poe_on": true,
"power_draw": 5.4,
"last_flapped": 1571174567.807,
},
...
]
}
GET /api/v1/sites/:site_id/stats/ports/count
In addition to the filters that you can have in the search
| Name | Type | Description |
|---|---|---|
distinct |
string |
port_id, port_mac, full_duplex, mac, neighbor_mac, neighbor_port_desc, neighbor_system_name, poe_disabled, poe_mode, poe_on, speed, up |
NOTE: the filters from /stats/ports/search can also be used. (E.g. /stats/ports/count?distinct=mac)
{
"start": 1511967600,
"end": 1513177200,
"limit": 100,
"distinct": "mac",
"total": 20,
"results": [
{
"count": 217,
"mac": "112233445566"
},
{
"count": 35,
"mac": "001122334455"
},
...
]
}
Gateway related metrics, lists scores for version compliance and config success for gateway devices in a site.
GET /api/v1/sites/:site_id/stats/gateways/metrics
Status: 200 OK
{
"version_compliance": {
"score": 100.0,
"major_versions": {
"SRX320": {
"major_version": "19.4R2-S1.2",
"major_count": 1
}
},
"type": "gateway"
},
"config_success": 100.0
}
| Name | Type | In | Description |
|---|---|---|---|
site_id |
string | path | UUID of the site |
version_compliance |
object | body | version compliance score, major versions for gateway, type |
config_success|float|body|config success score
GET /api/v1/sites/:site_id/wired_clients/search
The following fields are available for searching.
| Name | Type | Description |
|---|---|---|
device_mac |
string |
device mac |
mac |
string |
client mac |
port_id |
string |
port id |
vlan |
int |
vlan |
nacrule_id |
string |
nacrule_id |
dhcp_hostname |
string |
dhcp hostname |
dhcp_fqdn |
string |
dhcp full qualified domain name |
dhcp_client_identifier |
string |
dhcp client identifier |
dhcp_vendor_class_identifier |
string |
dhcp vendor class identifier |
dhcp_request_params |
string |
dhcp request parameters |
auth_state |
string |
authentication state |
auth_method |
string |
authentication method |
source |
string |
source from where the client was learned (lldp, mac) |
E.g. /api/v1/sites/:site_id/wired_clients/search?client=001122334455
{
"results": [
{
"device_mac": [
"001122334455"
],
"org_id": "c168ddee-c14c-11e5-8e81-1258369c38a9",
"vlan": [
0,
1001
],
"site_id": "c168ddee-c14c-11e5-8e81-1258369c38a9",
"mac": "112233445566",
"timestamp": 1571174567.807,
"port_id": [
"et-0/0/1"
],
"device_mac_port": [
{
"device_mac": "9c5a80414500",
"port_id": "ge-0/0/33",
"start": "2025-04-18T11:12:25.806+0000",
"when": "2025-05-13T18:33:11.565+0000",
"ip": "10.204.34.209",
"ip6": "",
"port_parent": "",
"node": ""
"source": "lldp"
}
],
"dhcp_hostname": "ITS-VMMT0-D1N02",
"dhcp_fqdn": "ITS-VMMT0-D1N02.mgthub.local",
"dhcp_client_identifier": "MAC address 00155df6d500",
"dhcp_vendor_class_identifier": "MSFT 5.0",
"dhcp_request_params": "1 3 6 15 31 33 43 44 46 47 119 121 249 252",
"dhcp_client_options": [
{
"code": "DHO_DHCP_MESSAGE_TYPE(53)",
"data": "DHCPREQUEST"
}, {
"code": "DHO_DHCP_CLIENT_IDENTIFIER(61)",
"data": "MAC address 00155df6d500",
}, {
"code": "DHO_DHCP_REQUESTED_ADDRESS(50)",
"data": "172.17.10.255",
}, {
"code": "DHO_DHCP_SERVER_IDENTIFIER(54)",
"data": "172.17.8.1"
}, {
"code": "DHO_DHCP_MAX_MESSAGE_SIZE(57)",
"data": "1280"
}, {
"code": "DHO_DHCP_PARAMETER_REQUEST_LIST(55)",
"data": " 1 3 6 12 15 28 43 180"
}, {
"code": "DHO_VENDOR_CLASS_IDENTIFIER(60)",
"data": "MSFT 5.0"
}, {
"code": "DHO_HOST_NAME(12)",
"data": "ITS-VMMT0-D1N02"
}
]
}
],
"start": 1538071200,
"end": 1538074800,
"limit": 10,
"total": 1
}
GET /api/v1/sites/:site_id/wired_clients/count
| Name | Type | Description |
|---|---|---|
distinct |
string |
port_id, vlan, mac, default is mac |
{
"start": 1511967600,
"end": 1513177200,
"limit": 100,
"distinct": "",
"total": 20,
"results": [
{
"count": 217,
"vlan": 0
},
{
"count": 35,
"vlan": 1
},
...
]
}
POST /api/v1/sites/:site_id/wired_clients/:mac/coa
| Name | Type | Description |
|---|---|---|
mac |
string |
wired_client mac |
{
"device_mac": "5c5b35000002",
"port_id": "ge-0/0/0",
"session": "0a2a11b8-4b30-40d8-a6d1-e91ea540d86f"
}
GET /api/v1/sites/:site_id/pcaps?start=1461099816&end=1461089816&limit=100
| Name | Type | Description |
|---|---|---|
start |
int |
start time |
end |
int |
end time |
client_mac |
string |
optional client mac filter |
{
"start": 1461099816,
"end": 1461089816,
"limit": 100,
"next": "/api/v1/sites/67970e46-4e12-11e6-9188-0242ac110007/pcaps?start=1461099816&limit=100&end=1461089816
"results": [
{
"type": "new_assoc",
"timestamp": 1461869041,
"ap_macs": ["5c5b35000010"],
"url": "https://..."
},
{
"last_seen": 1694055531.513,
"aps": [
"5c5b35000010"
],
"format": "stream",
"termination_reason": "default",
"type": "scan",
"max_num_packets": 1024.0,
"duration": 600.0,
"timestamp": 1694098696.981433,
"org_id": "00000000-0000-0000-0000-000000000000",
"site_id": "00000000-0000-0000-0000-000000000000",
"id": "12981770-dd35-4111-9f2f-ae54c26b3e2a",
"pcap_url": "https://...",
"pcap_aps": {
"5c5b35000010": {
"band": "6",
"bandwidth": "20",
"channel": 133,
"tcpdump_expression": null
}
}
"num_packets": 1024.0
}
]
}
| Name | Type | Description |
|---|---|---|
pcap_aps |
dict |
contains AP specific configuration selected by user during scan pcap. |
| similar to below response. |
GET /api/v1/sites/:site_id/pcaps/capture
{
// from the initiation of the packet capture
"type": "radiotap",
"max_pkt_len": 128,
"includes_mcast": false,
"ssid": null,
"ap_mac": null,
"client_mac": "60a10a773412",
"max_num_packets": 1000,
"num_packets" : 999,
"duration": 300,
"id": "87093aed-94d6-4310-83a9-d7248c9e2d93"
"tcpdump_expression" : "vlan and icmp"
// what's actually being done
"started_time": 1435080709
"aps": ["5c5b350e001c","5c5b350e001b"],
"ok": ["5c5b350e001c","5c5b350e001b"],"
"failed": []
"pcap_aps": {
"5c5b35000010": {
"band": "6",
"bandwidth": "20",
"channel": 133,
"tcpdump_expression": null
}
}
}
| Name | Type | Description |
|---|---|---|
type |
string |
packet capture type, for example: new_assoc, client, wired, wireless, radiotap, gateway |
aps |
[]string |
List of target APs to capture packets |
ok |
[]string |
List of target APs successfully configured to capture packets |
failed |
[]string |
List of APs where configuration attempt failed |
gateways |
dict |
Information on gateways to capture packets on if a gateway capture type is specified |
switches |
dict |
Information on switches to capture packets on if a switch capture type is specified. irb port interface is automatically added to capture as needed to ensure all desired packets are captured. |
mxedges |
dict |
Information on mxedges to capture packets on if a mxedge capture type is specified |
id |
string |
unique id for the capture |
max_num_packets |
int |
max number of packets configured by user |
num_packets |
int |
total number of packets captured by all AP, not applicable for type [client, new_assoc] |
tcpdump_expression |
string |
tcpdump expression provided by the user (common) |
wired_tcpdump_expression |
string |
wired_tcpdump_expression provided by the user when type = ‘wired’ |
radiotap_tcpdump_expression |
string |
radiotap_tcpdump_expression expression provided by the user when type = ‘rdiotap’ |
scan_tcpdump_expression |
string |
scan_tcpdump_expression provided by the user when type = ‘scan’ |
wireless_tcpdump_expression |
string |
wireless_tcpdump_expression provided by the user when type = ‘wireless’ |
pcap_aps |
dict |
contains AP specific configuration selected by user during scan pcap. |
POST /api/v1/sites/:site_id/pcaps/capture
{
"type": "client",
"client_mac": "60a10a773412",
"num_packets": 1000,
"duration": 300,
"max_pkt_len": 128,
"includes_mcast": false,
"ssid": null,
"ap_mac": null
}
| Name | Type | Description |
|---|---|---|
client_mac |
string |
client mac, required if type==client; optional otherwise |
num_packets |
int |
number of packets to capture, 0 for unlimited, default is 1024, maximum is 10000 |
duration |
int |
duration of the capture, in seconds, default is 600, minimum is 60 and maximum is 86400 |
max_pkt_len |
int |
max_len of each packet to capture, default is 512, minimum is 64 and maximum is 2048 |
ssid |
string |
optional filter by ssid |
ap_mac |
string |
optional filter by ap_mac |
POST /api/v1/sites/:site_id/pcaps/capture
{
"type": "new_assoc",
"num_packets": 100,
"duration": 600,
"max_pkt_len": 128,
"includes_mcast": false,
"ssid": null,
"ap_mac": null,
"client_mac": "60a10a773412"
}
see above
POST /api/v1/sites/:site_id/pcaps/capture
{
"type": "wired",
"num_packets": 100,
"duration": 600,
"max_pkt_len": 512,
"tcpdump_expression": "tcp port 80",
"ap_mac": null
}
| Name | Type | Description |
|---|---|---|
num_packets |
int |
number of packets to capture, 0 for unlimited, default is 1024, maximum is 10000 |
duration |
int |
duration of the capture, in seconds, default is 600, minimum is 60 and maximum is 86400 |
max_pkt_len |
int |
max_len of each packet to capture, default is 512, minimum is 64 and maximum is 2048 |
tcpdump_expression |
string |
tcpdump expression |
ap_mac |
string |
optional filter by ap_mac |
format |
string |
pcap format, pcap / stream, default is pcap |
POST /api/v1/sites/:site_id/pcaps/capture
{
"type": "wireless",
"num_packets": 100,
"duration": 600,
"max_pkt_len": 512,
"ap_mac": null,
"band": "24"
}
| Name | Type | Description |
|---|---|---|
num_packets |
int |
number of packets to capture, 0 for unlimited, default is 1024, maximum is 10000 |
duration |
int |
duration of the capture, in seconds, default is 600, minimum is 60 and maximum is 86400 |
max_pkt_len |
int |
max_len of each packet to capture, default is 512, minimum is 64 and maximum is 2048 |
ap_mac |
string |
optional filter by ap_mac |
format |
string |
pcap format, pcap / stream, default is pcap |
wlan_id |
string |
WLAN ID |
band |
string |
24 / 5 / 6, default is 24 |
POST /api/v1/sites/:site_id/pcaps/capture
{
"type": "radiotap",
"num_packets": 100,
"duration": 600,
"max_pkt_len": 512,
"ap_mac": null,
"band": "24",
"format": "stream"
"tcpdump_expression": "tcp port 80",
"ssid": "atest"
"wlan_id": "fac8e973-feb9-421a-b381-aabbc4b61f5a"
"client_mac": "38f9d3972ff1"
}
| Name | Type | Description |
|---|---|---|
num_packets |
int |
number of packets to capture, 0 for unlimited, default is 1024, maximum is 10000 |
duration |
int |
duration of the capture, in seconds, default is 600, minimum is 60 and maximum is 86400 |
max_pkt_len |
int |
max_len of each packet to capture, default is 512, minimum is 64 and maximum is 2048 |
ap_mac |
string |
optional filter by ap_mac |
format |
string |
pcap format, pcap / stream, default is pcap |
band |
string |
24,5,6 / 24 / 5 / 6, default is 24 |
tcpdump_expression |
string |
tcpdump expression specific to radiotap |
ssid |
string |
optional filter by ssid |
wlan_id |
string |
wlan id associated with the respective ssid. |
client_mac |
string |
optional filter by client mac |
POST /api/v1/sites/:site_id/pcaps/capture
{
"type": "scan",
"num_packets": 100,
"duration": 600,
"max_pkt_len": 512,
"ap_mac": null,
"band": "24",
"format": "stream"
"tcpdump_expression": "tcp port 80",
"client_mac": "38f9d3972ff1",
"band": "24", // 24 / 5 (default) / 6
"bandwidth": 20, // 20 (default) / 40
"channel": 1, // 1 (default), if band == 5 then default value of channel is 7.
// optional, if specified, `ap_mac` is ignored and only specified APs will be used. If not specified, all APs in the site will be used
"aps": {
"5c5b35000001": {
// all optional, if not specified, parent one will be used
"channel": 7,
"band": "5",
"bandwidth": 20,
"tcpdump_expression": "..."
},
...
}
}
| Name | Type | Description |
|---|---|---|
num_packets |
int |
number of packets to capture, 0 for unlimited, default is 1024, maximum is 10000 |
duration |
int |
duration of the capture, in seconds, default is 600, minimum is 60 and maximum is 86400 |
max_pkt_len |
int |
max_len of each packet to capture, default is 512, minimum is 64 and maximum is 2048 |
ap_mac |
string |
optional filter by ap_mac |
format |
string |
pcap format, pcap / stream, default is pcap |
band |
string |
24 / 5 / 6, default is 5 (for scan) and 24 (for other). Only Single value allowed, default value gets applied when user provides wrong values |
tcpdump_expression |
string |
tcpdump expression specific to radiotap |
client_mac |
string |
optional filter by client mac |
channel |
int |
specify the channel value where scan PCAP has to be started, default value gets applied when user provides wrong values |
bandwidth |
int |
channel width for the band, 20 / 40 / 80 / 160, 80 is only applicable for band_5 and 160 is only for band_6, defaults to ‘20’ when user provides wrong values |
aps |
dict |
dictionary key is AP mac and value is a dictionary which contains key “band”, “bandwidth”, “channel” and “tcpdump_expression”. In case keys are missed we will take parent value if parent values are not set we will use default value. |
POST /api/v1/sites/:site_id/pcaps/capture
{
"type": "radiotap,wired",
"num_packets": 100,
"duration": 600,
"max_pkt_len": 512,
"tcpdump_expression":<common>,
"wired_tcpdump_expression": "tcp port 80",
"radiotap_tcpdump_expression": "type data",
"wireless_tcpdump_expression": ""
"ap_mac": null,
"format": "stream",
"band": "24",
"ssid": "atest"
"wlan_id": "fac8e973-feb9-421a-b381-aabbc4b61f5a"
"client_mac": "38f9d3972ff1"
}
| Name | Type | Description |
|---|---|---|
type |
string |
packet capture type, currently supported value is radiotap,wired. |
num_packets |
int |
number of packets to capture, 0 for unlimited, default is 1024, maximum is 10000 |
duration |
int |
duration of the capture, in seconds, default is 600, minimum is 60 and maximum is 86400 |
max_pkt_len |
int |
max_len of each packet to capture, default is 512, minimum is 64 and maximum is 2048 |
tcpdump_expression |
string |
tcpdump expression common for wired,radiotap |
wired_tcpdump_expression |
string |
tcpdump expression for wired interface |
wireless_tcpdump_expression |
string |
tcpdump expression for wireless interface (802.11) |
radiotap_tcpdump_expression |
string |
tcpdump expression for radiotap interface (802.11 + radio headers) |
ap_mac |
string |
optional filter by ap_mac |
format |
string |
pcap format, pcap / stream, default is pcap |
band |
string |
24,5,6 / 24 / 5 / 6, default is 24, config used only for radiotap |
ssid |
string |
optional filter by ssid |
wlan_id |
string |
wlan ID associated with the respective ssid, only used for configuring radiotap |
client_mac |
string |
optional filter by client mac, only used for configuring radiotap |
POST /api/v1/sites/:site_id/pcaps/capture
{
"type": "gateway",
"num_packets": 100,
"duration": 600,
"max_pkt_len": 1500,
"gateways": {
"001122334455": {
"ports": {"ge-0/0/0": {"tcpdump_expression": "tcp"},
"ge-0/0/1": {"tcpdump_expression": "port 443"},
"ge-1/0/0": {"tcpdump_expression": "tcp"},
"ge-1/0/1": {"tcpdump_expression": "port 443"}}
},
"001122334466": {
"ports": {"ge-0/0/0": {"tcpdump_expression": "udp"},
"ge-0/0/1": {"tcpdump_expression": "port 32768"}}
},
},
"format": "stream"
}
| Name | Type | Description |
|---|---|---|
num_packets |
int |
number of packets to capture, 0 for unlimited, default is 1024, maximum is 10000 |
duration |
int |
duration of the capture, in seconds, default is 600, minimum is 60 and maximum is 86400 (24h) |
max_pkt_len |
int |
max_len of each packet to capture in bytes, default is 512, minimum is 64 (SSR) / 68 (SRX) maximum is 10240 (SSR) / 1520 (SRX). |
gateways |
dict |
dict of gateways which uses mac as the key |
ports |
list |
dict of port which uses port id as the key |
tcpdump_expression |
string |
tcpdump expression per port |
format |
string |
pcap format: stream (default, the only supported option) |
POST /api/v1/sites/:site_id/pcaps/capture
{
"type": "switch",
"num_packets": 100,
"duration": 600,
"max_pkt_len": 1500,
"switches": {
"001122334455": {
"ports": {"irb": {"tcpdump_expression": "udp"}, // irb port auto-included (with no tcpdump filter) if not provided in request
"ge-0/0/1": {},
"ge-1/0/0": null}
// 6 ports max per switch supported, or 5 max with irb port auto-included into capture request
},
"001122334466": {
"ports": {"ge-0/0/0": {}}
},
},
"tcpdump_expression": "port 443",
"format": "stream"
}
| Name | Type | Description |
|---|---|---|
num_packets |
int |
number of packets to capture, 0 for unlimited, default is 1024, maximum is 10000 |
duration |
int |
duration of the capture, in seconds, default is 600, minimum is 60 and maximum is 10800 |
max_pkt_len |
int |
max_len of each packet to capture, default is 512, minimum is 64 and maximum is 2048 |
switches |
dict |
dict of switches which uses mac as the key |
ports |
dict |
dict of port which uses port id as the key; 6 ports max per switch supported, or 5 max with irb port auto-included into capture request |
tcpdump_expression |
string |
tcpdump expression, port specific if specified under ports dict, otherwise applicable across ports if specified at top level of payload. Port specific value overrides top level value when both exist. |
format |
string |
pcap format: stream (default, the only supported option) |
POST /api/v1/sites/:site_id/pcaps/capture
{
"type": "mxedge",
"num_packets": 100,
"duration": 600,
"max_pkt_len": 1500,
"mxedges": {
"00000000-0000-0000-1000-001122334455": {
"interfaces": {"port1": {"tcpdump_expression": "udp port 67 or udp port 68"},
}
},
},
"tcpdump_expression": "vlan 999",
"format": "tzsp",
"tzsp_host": "192.168.1.2",
"tzsp_port": 37008
}
| Name | Type | Description |
|---|---|---|
num_packets |
int |
number of packets to capture, default is 1024, maximum of 10000 |
duration |
int |
duration of the capture, in seconds, default is 600, maximum is 10800 |
max_pkt_len |
int |
max_len of each packet to capture, default is 512, maximum is 2048 |
mxedges |
dict |
dict of mxedges which uses mxedge_id as the key, currently limited to one mxedge per site capture session |
interfaces |
dict |
dict of interfaces to capture for, for given mxedge (examples: port1, kni0, lacp0, ipsec, drop, oobm), currently limited to specifying one interface per mxedge |
tcpdump_expression |
string |
tcpdump expression, interface specific if specified under interfaces dict, otherwise applicable across interfaces if specified at top level of payload. Interface specific value overrides top level value when both exist. |
format |
string |
pcap format: stream (default, to Mist cloud), tzsp (stream packets (over UDP as TZSP packets) to a remote host (typically running Wireshark) instead of Mist cloud) |
tzsp_host |
string |
remote host accessible to mxedges over the network for receiving the captured packets. Required when format is tzsp. |
tzsp_port |
int |
optional port on remote host for receiving the captured packets, default (if not provided) 37008 (TZSP). |
DELETE /api/v1/sites/:site_id/pcaps/capture
PUT /api/v1/sites/:site_id/pcaps/:pcap_id
{
"notes": "wired pcap test", //Empty allowed
}
POST /api/v1/sites/:site_id/analyze_spectrum
NOTE: only one can be executed per site at any give moment
{
"device_id": "00000000-0000-0000-1000-5c5b35bd76bb",
"duration": 600, // default is 300, max is 600
"band": "5", // required, 24 / 5 / 6, depending on scan radio capability
"format": "stream" // json (default) / stream
}
{
"session_id": "19e73828-937f-05e6-f709-e29efdb0a82b"
}
WS /api-ws/v1/stream
{
"subscribe": "/sites/:site_id/analyze_spectrum"
}
{
"event": "data",
"channel": "/sites/4ac1dcf4-9d8b-7211-65c4-057819f0862b/analyze_spectrum",
"data": {
"session": "session_id",
"fft_samples": [
{
"frequency": 2437.0,
"rssi / signal ?": -93
},
...
],
"channel_usage": [
{
"channel": 36,
"noise": -78,
"wifi": 0.13,
"non_wifi": 0.08
},
...
]
}
}
GET /api/v1/sites/:site_id/analyze_spectrum
{
"started_time": 1435080709
"device_id": "00000000-0000-0000-1000-5c5b35bd76bb",
"duration": 600,
"band": "5",
"format": "stream"
}
GET /api/v1/sites/:site_id/stats/analyze_spectrum?start=1461099816&end=1461089816&limit=100
{
"results": [
{
"org_id": "f2695c32-0e83-4936-b1b2-96fc88051213",
"mac": "5c5b35bd76bb",
"band": "5",
"timestamp": 1694098696,
"fft_samples": [
{
"frequency": 2437.0,
"rssi / signal ?": -93
},
...
],
"channel_usage": [
{
"channel": 36,
"noise": -78,
"wifi": 0.13,
"non_wifi": 0.08
},
...
]
},
...
],
"start": 1694622179,
"end": 1694708579,
"limit": 10,
"total": 4
}
The main design goals of RRM are
disabled per band governs thischannels governs thisEach AP derives their radio config from Site Settings if there’s no overwrite on a band.
GET /api/v1/sites/:site_id/rrm/current
Status: 200 OK
{
"status": "ready",
"timestamp": 1428949501,
"band_24": {
"00000000-0000-0000-1000-5c5b350e0024": {
"curr_channel": 6,
"curr_power": 18,
"curr_bandwidht": 20,
"curr_usage": "24"
"channel": 1,
"power": 19,
"bandwidth": 20,
"usage": "24"
},
...
},
"band_5": {
...
},
"band_6": {
...
},
"band_24_metric": {
"noise": -82.7,
"cochannel_neighbors": 1.0,
"neighbors": 3.0,
"density": 1.0
},
"band_5_metric": {
"noise": -82.7,
"cochannel_neighbors": 1.0,
"neighbors": 3.0,
"density": 1.0,
"interferences": {
"149": {
"radar": 0.3
},
"153": {
"radar": 0.2
},
}
},
"band_6_metric": {
...
},
"rftemplate": {
"id": "bb8a9017-1e36-5d6c-6f2b-551abe8a76a2",
"name": "5G-Restricted",
"country_code": "US",
"band_24_usage": "24",
"band_24": {
"disabled": false,
"channels": [ 1, 6, 11 ],
"bandwidth": 20,
"power": 16
},
"band_5": {
"disabled": false,
"channels": null,
"bandwidth": 40,
"power": 0
},
"band_6": {
"disabled": false,
"channels": null,
"bandwidth": 65,
"power": 0
}
}
}
| Name | Type | Description |
|---|---|---|
status |
string |
unknown / updating / ready |
timestamp |
long |
time where the status was updated |
band_24 |
object |
proposal on band 2.4G, key is ap_id, value is the proposal |
band_5 |
object |
proposal on band 5G, key is ap_id, value is the proposal |
band_6 |
object |
proposal on band 6G, key is ap_id, value is the proposal |
curr_channel |
int |
current channel |
curr_power |
int |
current tx power |
curr_bandwidth |
int |
current bandwidth |
channel |
int |
proposed channel |
power |
int |
proposed tx power |
bandwidth |
int |
proposed bandwidth |
band_24_metric |
object |
metric about 2.4G |
band_5_metric |
object |
metric about 5G |
band_6_metric |
object |
metric about 6G |
noise |
float |
average noise in dBm |
cochannel_neighbors |
float |
average number of co-channel neighbors |
neighbors |
float |
average number of neighbors |
density |
float |
defined by how APs can hear from one and another, 0 - 1 (everyone can hear everyone) |
rftemplate |
object |
RF Template if used if it uses RFTemplate from Org |
POST /api/v1/sites/:site_id/synthetic_test
{
"email": "john@abc.com"
}
{
"id": "68b329da-9893-e340-99c7-d8ad5cb9c940",
"email": "john@abc.com"
}
GET /api/v1/sites/:site_id/synthetic_test
{
"id": "68b329da-9893-e340-99c7-d8ad5cb9c940",
// TBD extra information populated
"start_time": 1675718807,
"end_time": 1675718873,
"status": "ready"
"report_url": TBD
}
GET /api/v1/sites/:site_id/synthetic_test/search
The following fields are available for searching.
| Name | Type | Description |
|---|---|---|
mac |
string |
device identifier |
port_id |
string |
port_id used to run the test (for SSR only) |
type |
string |
synthetic test type |
vlan_id |
int |
Vlan ID |
by |
string |
entity who triggers the test |
reason |
string |
(optional) test failure reason |
tenant |
string |
(optional) tenant network in which lan_connectivity test was run |
protocol |
string |
(optional) lan_connectivity protocol (ping / traceroute) |
{
"results": [
{
"timestamp": 1706824045.059036,
"type": "speedtest",
"failed": false,
"port_id": "ge-0/0/2",
"vlan_id": 20,
"latency": 40,
"rx_mbps": 322,
"tx_mbps": 199,
"device_type": "gateway",
"mac": "001122334455"
"by": "user"
},
{
"timestamp": 1706824045.059036,
"type": "speedtest",
"failed": true,
"port_id": "ge-0/0/2",
"vlan_id": 100,
"latency": 0,
"rx_mbps": 0,
"tx_mbps": 0,
"reason": "interface not ready to perform test",
"device_type": "gateway",
"mac": "001122334455",
"by": "marvis"
}
]
}
GET /api/v1/sites/:site_id/rrm/current/devices/:device_id/band/:band
| Name | Type | Description |
|---|---|---|
band |
string |
24 / 5 / 6 |
{
"results": [
{
"channel": 36,
"noise": -78,
"non_wifi": 0.08,
"wifi": 0.13
// omitted if there's no near-by APs in the same site
"rssi": -48,
// omitted if there's no near-by APs
"other_rssi": -66,
"other_ssid": "Rivendell5G",
"util_score": 0.1, // total utilization (in a score format that's currently relevant / comparable against other channels)
"util_score_other": 0.05, // utilizatyion contributed by other SSIDs served
"util_score_non_wifi": 0.01, // utilization contributed by non-wifi
}
]
}
| Name | Type | Description |
|---|---|---|
channel |
int |
channel |
noise |
float |
noise floor |
non_wifi |
float |
non-wifi RF utilization |
wifi |
float |
WIFI RF utilization |
rssi |
int |
the avg RSSI heard from neighbor APs (that belongs to the same site) |
other_rssi |
int |
the avg RSSI heard from other APs (that does NOT belongs to the same site) |
max_other_ssid |
string |
SSID from other AP that we heard from with the max RSSI |
util_score |
float |
utilization score, 0-1, lower means less utilization (cleaner RF) |
insite_channel_weight |
float |
channel weight score, 0-1, lower means less utilization (cleaner RF) |
GET /api/v1/sites/:site_id/rrm/neighbors/band/:band?limit=100&page=1
| Name | Type | Description |
|---|---|---|
band |
string |
24 / 5 / 6 |
limit |
int |
page size, 1-100, default is 100 |
{
"band": 6,
"limit": 100,
"page": 1,
"total": 360,
"results": [
{
"mac": "5c5b35000001",
"neighbors": [
{
"mac": "5c5b35000311",
"rssi": -66,
},
...
]
},
...
]
}
POST /api/v1/sites/:site_id/rrm/optimize
{
"bands": [ "24", "5", "6" ],
"macs": [ "5c5b35000001" ], // targeting AP (neighbor APs may get changed, too), default is empty for ALL APs
"txpower_only": true // only changng TX Power (will not disconnect clients), default is false
}
| Name | Type | Description |
|---|---|---|
bands |
list |
list of bands |
POST /api/v1/sites/:site_id/devices/reset_radio_config
{
"bands": [ "24", "5", "6" ],
"force": false
}
| Name | Type | Description |
|---|---|---|
bands |
list |
list of bands |
force |
boolean |
whether to reset those with radio disabled. default is false (i.e. if user intentionally disables a radio, honor it) |
GET /api/v1/sites/:site_id/rrm/events?band=24&limit=100&duration=1d
| Name | Type | Description |
|---|---|---|
band |
string |
24 / 5 / 6, required |
{
"start": 1428939600,
"end": 1428954000,
"limit": 100,
"results": [
{
"timestamp": 1428939600,
// for periodical
"event": "scheduled-site-rrm",
// for user-triggered
"event": "triggered-site-rrm",
// for interference-induced
"event": "interference-ap-co-channel",
// for non-wifi-interference-induced
"event": "interference-ap-non-wifi",
// for radar-triggered
"event": "radar-detected",
// for ap-outage
"event": "neighbor-ap-down",
"event": "neighbor-ap-recovered",
"ap_id": 00000000-0000-0000-1000-5c5b359e4fe0",
"band": "24",
"usage": "24",
"channel": 6,
"bandwidth": 20,
"power": 5,
"pre_usage": "24",
"pre_channel": 1,
"pre_power": 11,
"pre_bandwidth": 20
}
]
"next": "/api/v1/sites/dca0a44b-324c-11e6-a776-0243ad110007/events/rrm?start=1428939600&end=1428949600&limit=200&token=001a0010000000120010000005005880ec18000004776c616e007fffffeb067ab8e29c1d659b6a7c8cf698bf81490003"
}
| Name | Type | Description |
|---|---|---|
timestamp |
string |
timestamp of the event |
event |
string |
schedule-site-rrm / triggered-site-rrm / interference-ap-co-channel / rrm-radar |
band |
string |
for 2.4G or 5G or 6G |
ap_id |
string |
ap id |
channel |
string |
channel for the band from rrm |
bandwidth |
string |
channel width for the band 20/40/80/160. 160 is 6G only. |
power |
string |
tx power of the radio |
pre_channel |
string |
(previously) channel for the band, 0 means no previously available |
pre_bandwidth |
string |
(previously) channel width for the band 20/40/80/160, 0 means no previously available |
pre_power |
string |
(previously) tx power of the radio, 0 means no previously available |
next |
string |
the link to query next set of results. value is null if no next page exists. |
GET /api/v1/sites/:site_id/events/fast_roam?type=success&start=1500940800&end=1501023379&limit=2
| Name | Type | Description |
|---|---|---|
type |
string |
success / fail / none |
Start and end will provide granular data within the given day, going back to a year. Note: Date passed will not be honored.
{
"start": 1500940800,
"next": "/api/v1/sites/dca0a44b-324c-11e6-a776-0243ad110007/events/fast_roam?type=success&start=1428939600&end=1428949600&limit=200&token=AAAAEgAIAAVVJh4hF8AAAARzc2lkAH%2F%2F%2F%2F0%3D",
"end": 1501023379,
"limit": 2,
"results": [
{
"latency": 0.1874195,
"ssid": "marvis_test",
"subtype": "CLIENT_AUTHENTICATED_11R",
"timestamp": 1501000002283782,
"ap_mac": "5c5b350e040b",
"fromap": "5c5b350e0569",
"client_mac": "dc2b2a3fb13d"
}
]
}
| Name | Type | Description |
|---|---|---|
timestamp |
string |
timestamp of the event in nsec |
type |
string |
success / fail / none / poor/ pingpong / slow |
next |
string |
the link to query next set of results. value is null if no next page exists. |
Note:
success: List of successful 11R events.fail: List of failed 11R events.none: List of roams where Clients that are capable of doing fast roam did a slow roam on a SSID where fast roam is
enabled.slow: List of roams on a SSID where there is no fast roaming enabled.GET /api/v1/const/languages
[
{
"key": "en-US",
"display": "English (US)",
"display_native": "English (US)"
},
{
"key": "zh-TW",
"display": "Chinese Traditional (Taiwan)",
"display_native": "中文(台灣)"
}
]
GET /api/v1/const/license_types
[
{
"key": "sub_eng",
"type": "SUB-ENG",
"description": "vBLE Engagement"
},
{
"key": "sub_ex12",
"type": "SUB-EX12",
"description": "Wired Assurance 12"
},
{
"key": "sub_ex12a",
"type": "SUB-EX12A",
"description": "Wired Assurance 12 Advanced",
"entitled_licenses": ["sub_ex12", "sub_sadv1"]
},
{
"key": "sub_sadv1",
"type": "SUB-SADV1",
"description": "Advanced Add-on for Wired Assurance 12"
},
...
]
Get a list of applications that we recognize
GET /api/v1/const/applications
[
{
"key": "dropbox",
"name": "Dropbox",
"group": "File Sharing",
"app_probe": true, // whether it can be used for app_probing for SRX
"app_id": true // whether it can be used as an app in Service for gateways
},
...
]
Get the full list of applications that we recognize
GET /api/v1/const/gateway_applications
[
{
"key": "4shared",
"name": "4shared",
"ssr_app_id": true, // whether this can be identified by SSR
"app_id": true // whether this can be identified by SRX
}
]
GET /api/v1/const/device_events
[
{
"key": "AP_ASSIGNED",
"display": "AP Assigned",
"description": "AP was assigned to a site",
"example": {
"type": "AP_ASSIGNED",
"timestamp": 1552408871,
"org_id": "2818e386-8dec-2562-9ede-5b8a0fbbdc71",
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"ap": "5c5b35000001",
"audit_id": "e9a88814-fa81-5bdc-34b0-84e8735420e5"
}
},
...
]
GET /api/v1/const/client_events
[
{
"key": "CLIENT_IP_ASSIGNED",
"display": "DHCP Success"
},
...
]
GET /api/v1/const/ap_led_status
[
{
"code": "02",
"key": "NO_ETHERNET_LINK",
"name": "No ethernet link",
"description": "Has no link (Seen using power injectors, but not connected to a switch)"
},
...
]
GET /api/v1/const/marvisclient_versions
[
{
"os": "android",
"version": "1.1.9",
"url": "https://mobile.mist.com/installers/marvisclient/android/1.1.9/marvisclient-installer.apk",
"label": "latest",
"notes": ""
},
{
"os": "macos",
"version": "0.100.29",
"url": "https://mobile.mist.com/installers/marvisclient/macos/0.100.29/marvisclient-installer.dmg",
"label": "rc1",
"notes": ""
},
{
"os": "windows",
"version": "0.100.26",
"url": "https://mobile.mist.com/installers/marvisclient/windows/0.100.26/marvisclient-installer.zip",
"label": "default",
"notes": ""
}
]
GET /api/v1/const/webhook_topics
[
{
"key": "alarms",
"for_org": true,
"has_delivery_results": true
},
{
"key": "client-info",
"for_org": true
},
{
"key": "ping",
"for_org": true,
"internal": true,
"has_delivery_results": true
},
{
"key": 'device-events',
"for_org": true,
"allows_single_event_per_message": true
},
{
"key": "sdkclient-scan-data"
},
...
]
| Name | Type | Description |
|---|---|---|
key |
string |
webhook topic name |
for_org |
bool |
can be used in org webhooks, optional, default false |
internal |
bool |
internal topic (not selectable in site/org webhooks) |
has_delivery_results |
bool |
supports webhook delivery results /api/v1/:scope/:scope_id/webhooks/:webhook_id/events/search |
allows_single_event_per_message |
bool |
supports single event per message results |
Support / Upload Mist Edge support files
POST /api/v1/sites/:site_id/mxedges/:mxedge_id/support
Get /api/vi/sites/:site_id/stats/mxedges
[
{
"status": "disconnected",
"magic": "S2ZD-srTcoOp9GGttZpq1ISQEq4iPY3EhWpAKB9pb9JdWjeP12bjIbFYsDy5jP3a",
"name": "staging_edge",
"tunterm_port_config": {
"separate_upstream_downstream": false,
"upstream_ports": [
"0"
],
"downstream_ports": [
"0"
]
},
"org_id": "5a5ed2f4-632f-41f3-b8ed-d3afa4b27f96",
"site_id": "c88aa7a2-ac27-7d87-b633-1ac3a7837928",
"mxcluster_id": null,
"modified_time": 1574117211,
"tunterm_registered": false,
"for_site": true,
"services": [
"tunterm"
],
"created_time": 1574114372,
"model": "ME-100",
"tunterm_ip_config": {
"ip": "",
"netmask": "",
"gateway": ""
},
"id": "b025de9b-7bb6-43bd-8a71-bf3cu840c9ad",
"mxagent_registered": false,
"fwupdate": {
"timestamp": 1574117214,
"status": "inprogress",
"progress": 23
}
}
]
See Org:Mxedge for fields description
Get /api/vi/sites/:site_id/stats/mxedges/:mxedge_id
GET /api/v1/sites/:site_id/mxedges/events/search
| Name | Type | Description |
|---|---|---|
mxedge_id |
string | mist edge id |
mxcluster_id |
string | mist edge cluster id |
type |
string | mist edge event type Supported Events |
service |
string | service running on mist edge(mxagent, tunterm etc) |
start |
string |
start datetime, can be epoch or relative time like -1d, -1w; -1d if not specified |
end |
string |
end datetime, can be epoch or relative time like -1d, -2h; now if not specified |
duration |
string |
duration like 7d, 2w |
component |
string |
component like PS1, PS2 |
{
"results": [
{
"mxcluster_id": "2815c917-58e7-472f-a190-bfd44fb58d05",
"timestamp": 1694678225.927,
"org_id": "f2695c32-0e83-4936-b1b2-96fc88051213",
"mxedge_id": "00000000-0000-0000-1000-020000dc585c",
"type": "ME_SERVICE_STOPPED",
"service": "tunterm"
},
{
"timestamp": 1694678004.821,
"org_id": "f2695c32-0e83-4936-b1b2-96fc88051213",
"mxedge_id": "00000000-0000-0000-1000-020000dc585c",
"type": "ME_SERVICE_STARTED",
"service": "tunterm"
},
{
"package": "radsecproxy",
"timestamp": 1694678010.108,
"org_id": "f2695c32-0e83-4936-b1b2-96fc88051213",
"mxedge_id": "00000000-0000-0000-1000-020000dc585c",
"type": "ME_PACKAGE_INSTALLED",
"to_version": "1.9.1-1.mist.16"
},
{
"timestamp": 1694679111.253,
"org_id": "f2695c32-0e83-4936-b1b2-96fc88051213",
"mxedge_id": "00000000-0000-0000-1000-020000dc585c",
"type": "ME_POWERINPUT_DISCONNECTED",
"component": "PS1"
}
],
"start": 1694622179,
"end": 1694708579,
"limit": 10,
"total": 4
}
GET /api/v1/sites/:site_id/mxedges/events/count?distinct=type
| Name | Type | Description |
|---|---|---|
distinct |
string |
mxedge_id(default) / type / mxcluster_id / package |
start |
string |
start datetime, can be epoch or relative time like -1d, -1w; -1d if not specified |
end |
string |
end datetime, can be epoch or relative time like -1d, -2h; now if not specified |
duration |
string |
duration like 7d, 2w |
{
"results": [
{
"type": "ME_SERVICE_RESTARTED",
"count": 5003
},
{
"type": "ME_SERVICE_STARTED",
"count": 124
},
{
"type": "ME_SERVICE_FAILED",
"count": 120
}
],
"start": 1694622935,
"end": 1694709335,
"limit": 10,
"distinct": "type",
"total": 3
}
POST /api/v1/sites/:site_id/ssr/:device_id/upgrade
{
"channel": "stable",
"version": "5.3.0-93",
"start_time": 1624405840
}
| Name | Type | Description |
|---|---|---|
channel |
string |
upgrade channel to follow, stable (default) / beta / alpha |
version |
string |
128T firmware version to upgrade (e.g. 5.3.0-93) |
start_time |
long |
128T firmware download start time in epoch seconds, default is now, -1 disables download |
reboot_at |
long |
reboot start time in epoch seconds, default is start_time, -1 disables reboot |
GET /api/v1/sites/:site_id/ssr/upgrade/:upgrade_id
{
"status": "upgrading",
"versions": {},
"channel": "stable",
"device_type": "gateway",
"id": "5cbcee0a-c620-4bb4-a25e-15000934e9d8",
"targets": {
"queued": [],
"upgrading": ["8e525f1d-4178-4ae1-a988-2b0176855e55"],
"success": [],
"failed": []
}
}
GET /api/v1/sites/:site_id/stats/bgp_peers/search
{
"results": [
{
"org_id": "0c160b7f-1027-4cd1-923b-744534c4b070",
"site_id": "725a8d34-a126-4f2c-b990-d1219421cb75",
"mac": "020001c04668",
"timestamp": 1666251056.07,
"local_as": 65000,
"neighbor_as": 65000,
"vrf_name": "default", // default (default) / or VRF name
"neighbor": "15.8.3.5",
"neighbor_mac": "020001e53153", // if it's another device in the same org
"uptime": 31355,
"up": true,
"for_overlay": true, // if this is created for overlay
"state": "established", // idle, connect, active, open_sent, open_confirm and established
"tx_pkts": 1735,
"rx_pkts": 63366,
"rx_routes": 60,
"tx_routes": 60,
"evpn_overlay": true // if this is created for evpn overlay
},
],
"start": 1619518689.4989705,
"end": 1619518989.4989712,
"limit": 10,
"total": 1
}
| Name | Type | Description |
|---|---|---|
org_id |
string |
router org ID |
site_id |
string |
router site ID |
mac |
string |
router mac address |
timestamp |
long |
sampling time (in epoch) |
local_as |
string |
local AS |
neighbor_as |
string |
neighbor AS |
vrf_name |
string |
VRF name |
neighbor |
string |
IP of neighbor |
neighbor_mac |
string |
Mac of neighbor |
state |
string |
idle, connect, active, open_sent, open_confirm and established |
up |
boolean |
true/false |
tx_pkts |
int |
tx pkts |
rx_pkts |
int |
rx pkts |
rx_routes |
int |
number of received routes |
tx_routes |
int |
number of sent routes |
uptime |
int |
uptime |
for_overlay |
boolean |
true/false, if this is created for overlay |
evpn_overlay |
boolean |
true/false, if this is created for evpn overlay |
GET /api/v1/sites/:site_id/stats/bgp_peers/count?state=disconnected&distinct=mac
{
"results": [
{
"mac": "02000111d2dc",
"count": 2
}
],
"start": 1619518707.800029,
"end": 1619519007.8000295,
"limit": 10,
"distinct": "mac",
"total": 1,
}
The API below returns a combined view of the VC status which includes topology and stats.
GET /api/v1/sites/:site_id/devices/:device_id/vc
{
"id": "00000000-0000-0000-1000-dc38e1dbf3cd",
"site_id": "9bf047be-1911-225c-a541-d6637a373633",
"org_id": "eb6a1083-1e3a-48cc-8888-78ff7772c588",
"mac": "dc38e1dbf3cd",
"vc_mac": "dc38e1dbf3cd",
"model": "EX4600",
"type": "switch",
"serial": "TC3714190003",
"status": "connected",
"locating": true,
"members": [
{
"_idx": 0,
"vc_role": "master",
"model": "EX4600",
"serial": "TC3714190003",
"vc_state": "present",
"locating": true,
"fans": [
{
"name": "Fan 0"
"status": "absent",
},
{
"name": "Fan 1"
"airflow": "out",
"status": "ok"
}
],
"temperatures": [
{
"name": "CPU",
"status": "ok",
"celsius": 45.0
}
],
"psus": [
{
"name": "Power Supply 0",
"status": "ok"
},
{
"name": "Power Supply 1",
"status": "failed"
}
],
"poe": {
"max_power": 250.0,
"power_draw": 120.3
},
"vc_links": [
{
"port_id": "vcp-255/1/0",
"neighbor_module_idx": 1,
"neighbor_port_id": "vcp-255/1/0"
}
]
}
],
"num_routing_engines": 1 // routing-engine count
}
For models (e.g. EX4300 and up) having dedicated VC ports, it is easier to form a VC by just connecting cables with the dedicated VC ports. Cloud will detect the new VC and update the inventory.
In case that the user would like to choose the dedicated switch as a VC master. Or for EX2300-C-12P and EX2300-C-12T which doesn’t have dedicated VC ports, below are procedures to automate the VC creation:
POST /api/v1/sites/:site_id/devices/:device_id/vc
{
"members": [
{
"mac": "aff827549235", // fpc0, same as the mac of device_id
"vc_ports": ["xe-0/1/0"],
"vc_role": "master", // vc_role is enforced to be master when creating the VC
},
{
"mac": "8396cd006c8c",
"vc_ports": ["xe-0/1/0"]
"vc_role": "backup",
}
]
}
POST /api/v1/sites/:site_id/devices/:device_id/vc
{
"members": [
{
"mac": "aff827549235", // fpc0, same as the mac of device_id
"vc_ports": ["xe-0/1/0"],
"vc_role": "master"
},
{
"mac": "8396cd006c8c",
"vc_ports": ["xe-0/1/0", "xe-0/1/1"],
"vc_role": "backup"
},
{
"mac": "8396cd00888c",
"vc_ports": ["xe-0/1/0"],
"vc_role": "linecard"
}
]
}
POST /api/v1/sites/:site_id/devices/:device_id/vc
{
"preprovisioned": true,
"members": [
{
"mac": "aff827549235", // fpc0, same as the mac of device_id
"vc_role": "master",
"member_id": 0,
"vc_ports": ["xe-0/1/0", "xe-0/1/1"]
},
{
"mac": "8396cd006c8c",
"vc_role": "linecard",
"member_id": 1,
"vc_ports": ["xe-0/1/0"],
},
{
"mac": "8396cd00888c",
"vc_role": "backup",
"member_id": 2,
"vc_ports": ["xe-0/1/0"]
}
]
}
For models (e.g. EX4300 and up) having dedicated VC ports, it is easier to add new member switches into a VC by just connecting cables with the dedicated VC ports. Cloud will detect the new members and update the inventory.
For EX2300 VC, adding new members requires to follow the procedures below:
PUT /api/v1/sites/:site_id/devices/:device_id/vc
{
"op": "add",
"members": [
{
"mac": "aff827549235", // same as the mac of device_id
"member": 0, // enabling vc port xe-0/1/1 on member 0
"vc_ports": ["xe-0/1/1"],
},
{
"mac": "8396cd00777c",
"vc_ports": ["xe-0/1/0"],
"vc_role": "linecard"
}
]
}
PUT /api/v1/sites/:site_id/devices/:device_id/vc
{
"op": "add",
"members": [
{
"mac": "aff827549235", // same as the mac of device_id
"member": 0, // enabling vc port xe-0/1/1 on member 0
"vc_ports": ["xe-0/1/1"],
},
{
"mac": "aff827549235", // same as the mac of device_id
"member": 2, // enabling vc port xe-0/1/1 on member 2
"vc_ports": ["xe-0/1/1"],
},
{
"mac": "8396cd00777c",
"vc_ports": ["xe-0/1/0"],
"vc_role": "linecard"
},
{
"mac": "8396cd00888c",
"vc_ports": ["xe-0/1/0"],
"vc_role": "linecard"
}
]
}
To remove a member switch from the VC, following the procedures below:
Please notice that member ID 0 (fpc0) cannot be removed. When a VC has two switches left, unpluging the cable may result in the situation that fpc0 becomes a line card (LC). When this situation is happened, please re-plug in the cable, wait for both switches becoming present (show virtual-chassis) and then removing the cable again.
PUT /api/v1/sites/:site_id/devices/:device_id/vc
{
"op": "remove",
"members": [
{
"member": 2,
},
{
"member": 3,
},
]
}
When a member switch doesn’t work properly and needed to be replaced, the renumber API could be used. The following two types of renumber are supported:
For renumber to work, the following procedures are needed: 1. Ensuring the VC is connected to the cloud and the state of the member switch to be replaced must be non present. 2. Adding the new member switch to the VC 3. Waiting for the VC state (vc_state) of this VC to be updated to API server 4. Invoke vc with renumber to replace the new member switch from fpc X to
PUT /api/v1/sites/:site_id/devices/:device_id/vc
{
"op": "renumber",
"member": 3,
"new-member": 2
}
PUT /api/v1/sites/:site_id/devices/:device_id/vc
{
"op": "renumber",
"member": 3,
"new-member": 0
}
{
'adopted': true,
'virtual_chassis': {
...
},
'managed': true,
'id': '00000000-0000-0000-1000-a874b9710001',
'site_id': '1916d52a-4a90-11e5-8b45-1258369c38a9',
'org_id': '2818e386-8dec-2562-9ede-5b8a0fbbdc71',
'mac': 'a874b9710001',
'serial': 'SW-REG-01',
'model': 'EX4300-48P',
'type': 'switch',
...
}
When all the member switches of VC are removed and only member ID 0 is left, the cloud would detect this situation and automatically changes the single switch to non-VC role.
For some unexpected cases that the VC is gone and disconncted, the API below could be used to change the state of VC’s switches to be standalone. After it is executed, all the switches will be shown as standalone switches under Inventory.
DELETE /api/v1/sites/:site_id/devices/:device_id/vc
The VC creation and adding member switch API will update the device’s virtual chassis config which is applied after VC is formed to create JUNOS pre-provisioned virtual chassis configuration. To modify the device’s VC config after VC is created, the device config API is leveraged:
PUT /api/v1/sites/:site_id/devices/:device_id
{
"virtual_chassis": {
"preprovisioned": false, // to configure whether the VC is preprovisioned or nonprovisioned. default is false
"members": [
{
"mac": "aff827549235", // fpc0, same as the mac of device_id
"vc_role": "master"
},
{
"mac": "8396cd006c8c",
"vc_role": "linecard"
},
{
"mac": "8396cd00888c",
"vc_role": "backup"
}
]
}
}
To switch the VC to use preprovisioned VC, enable preprovisioned in virtual_chassis config. Both vc_role master and backup will be matched to routing-engine role in Junos preprovisioned VC config.
In this config, fpc0 has to be the same as the mac of device_id. Use renumber if you want to replace fpc0 which involves device_id change.
Notice: to configure preprovisioned VC, every member of the VC must be in the inventory.
{
"virtual_chassis": {
"preprovisioned": true,
"members": [
{
"mac": "aff827549235", // fpc0, same as the mac of device_id
"vc_role": "master",
"member_id": 0
},
{
"mac": "8396cd006c8c",
"vc_role": "linecard",
"member_id": 1
},
{
"mac": "8396cd00888c",
"vc_role": "backup",
"member_id": 2
}
]
}
}
By specifying “preprovision” op, you can convert the current VC to pre-provisioned mode, update VC members as well as specify vc_ports when adding new members for device models without dedicated vc ports. Use renumber for fpc0 replacement which involves device_id change.
Note: 1. vc_ports is used for adding new members and not needed if * the device model has dedicated vc ports, or * no new member is added 2. New VC members to be added should exist in the same Site as the VC
Update Device’s VC config can achieve similar purpose by directly modifying current virtual_chassis config. However, it cannot fulfill requests to enabling vc_ports on new members that are yet to belong to current VC.
PUT /api/v1/sites/:site_id/devices/:device_id/vc
{
"op": "preprovision",
"members": [
{
"mac": "aff827549235", // fpc0, same as the mac of device_id of current VC
"vc_role": "master",
"member_id": 0,
"vc_ports": ["xe-0/1/1"] // enabling vc port xe-0/1/1 on member 0
},
{
"mac": "8396cd006c8c",
"vc_role": "linecard",
"member_id": 1
},
{
"mac": "8396cd00888c",
"vc_role": "backup",
"member_id": 2,
"vc_ports": ["xe-0/1/0"] // enabling vc port xe-0/1/1 on member 2
}
]
}
To change ports to VC port or delete a VC port, below is the API for this purpose.
POST /api/v1/sites/:site_id/devices/:device_id/vc/vc_port
POST /api/v1/sites/:site_id/devices/:device_id/vc/vc_port
{
"op": "set",
"members": [
{
"member": 0, // enabling vc port xe-0/1/1 on member 0
"vc_ports": ["xe-0/1/1"],
},
{
"member": 2, // enabling vc port xe-0/1/1 on member 2
"vc_ports": ["xe-0/1/1"],
},
]
}
POST /api/v1/sites/:site_id/devices/:device_id/vc/vc_port
{
"op": "delete",
"members": [
{
"member": 0, // enabling vc port xe-0/1/1 on member 0
"vc_ports": ["xe-0/1/1"],
},
{
"member": 2, // enabling vc port xe-0/1/1 on member 2
"vc_ports": ["xe-0/1/1"],
},
]
}
Some switch model allows changing VCP port behaviors, e.g. - use them as regular network ports - change vcp protocol Note, this command will reboot the switch
POST /api/v1/sites/:site_id/devices/:device_id/set_vc_port_mode
{
"mode": "network", // required. network / vcp-higig / vcp-hgoe (EX4400-24X only supports this)
}
In a pre-provisioned VC, mastership is system-determined. This command allows manual toggling between primary and backup Routing Engines.
POST /api/v1/sites/:site_id/devices/:device_id/vc/switch_master
Status: 200 OK
Status: 400 Bad Request. Possible reasons:
- The device is not an OC device
- The VC is currently disconnected
- The backup routing engine is not present
- Non-provisioned VC is not supported currently
Converts an FPC0-based VC to a Virtualmac VC, removing the limitation where the device ID must change whenever FPC0 is renumbered or removed.
POST /api/v1/sites/:site_id/devices/:device_id/vc/convert_to_virtualmac
Status: 200 OK
Status: 400 Bad Request. Possible reasons:
- The device is not an OC device
- Virtualmac VC is disabled in the Org Knob settings
- The VC is already a Virtualmac VC
- The VC is currently disconnected
- The device is standalone
- A new FPC0 exists with its own device config, causing ambiguity.
see Chassis Cluster User Guide for SRX Series Devices Here’s the recommended cabling.
From ZTP / default state, ge-0/0/0 and ge-0/0/7 (SFP) are default WAN ports and will get DHCP IP. However, ge-0/0/0 becomes OOB/fxp0 after cluster is enabled (i.e. using it for reach Mist is not recommended)
{
"port_config": {
"ge-0/0/2,ge-1/0/2": {
"usage": "ha_data"
},
"ge-0/0/7,ge-1/0/7": {
"usage": "wan",
"redundant": true,
"reth_idx": 0,
"ip_config": {"type": "dhcp"}
},
}
}
From ZTP / default state, ge-0/0/0, ge-0/0/7 (SFP) and cl-1/0/0 (LTE) are default WAN ports and will get DHCP IP. However, ge-0/0/0 becomes OOB/fxp0 after cluster is enabled (i.e. using it for reach Mist is not recommended)
Similar to SRX300
SRX340/SRX345 has dedicated OOB/fxp0 ports
ge-0/0/0 becomes OOB/fxp0 after cluster is enabled, make suenable oob_ip_config as dhcp to maintain cloud connectivity
SRX1500 has, additionally, dedicated HA Control port
SRX1600 has, additionally, two dedicated HA Control port
SRX4100 has dedicated ha_control and ha_data (fabric) ports
When standalone, VSRX has fxp0 as first Network Adapter, then ge-0/0/0-N When clustered, VSRX has fxp0, em0, then ge-0/0/0-N
Both nodes has to be in the same site. We expect the user to configure ha / ha_data port in port_configs already
POST /api/v1/sites/:site_id/devices/:device_id/ha
{
"nodes": [
{
"mac": "aff827549235" // node0, same as the mac of device_id
},
{
"mac": "8396cd006c8c" // node1
}
]
}
After deleting the HA Cluster, both nodes will become a standalone device in the same site
DELETE /api/v1/sites/:site_id/devices/:device_id/ha
Usually Device Replacement is done by Device Replacement API. For a HA cluster, you can also replace a node by another device in the same site.
PUT /api/v1/sites/:site_id/devices/:device_id/ha
{
// either mac has to remain the same as existing cluster
"nodes": [
{
"mac": "aff827549235" // node0
},
{
"mac": "8396cd006c8c" // node1
}
]
}
To preempt AP’s which are not connected to preferred peer to the preferred peer
POST /api/v1/sites/:site_id/mxtunnels/:mxtunnel_id/preempt_aps
{
"preempted_aps": ["5c5b35000001", "5c5b35000002"]
}
POST /api/v1/sites/:site_id/devices/:device_id/ha
{
"nodes": [
{
"mac": "aff827549235" // node0, same as the mac of device_id
},
{
"mac": "8396cd006c8c" // node1
}
]
}
DELETE /api/v1/sites/:site_id/devices/:device_id/ha
GET /api/v1/sites/:site_id/stats/apps/count?distinct=services&device_mac=&app=Facebook&wired=True
| Name | Type | Description |
|---|---|---|
distinct |
string |
For wireless devices - ‘ap’, ‘wcid’, ‘ssid’, ‘wlan_id’ ‘app’, default is ‘ap’. For wired devices - ‘device_mac’, ‘wcid’, ‘src_ip’, ‘port_id’, ‘app’, ‘category’, ‘service’ , default is device_mac |
device_mac |
string |
MAC of the device |
app |
string |
Application name |
wired |
string |
If a device is wired or wireless. Default is False. |
{
"results": [
{
"service": "internet",
"count": 4
},
{
"service": "Corp.internet",
"count": 4
}
],
"start": 1633046421.0,
"end": 1636636504.0,
"limit": 10,
"distinct": "service",
"total": 2
}
GET /api/v1/sites/:site_id/stats/calls/search
The following fields are available for searching.
| Name | Type | Description |
|---|---|---|
mac |
string |
device identifier |
app |
string |
Third party app name |
E.g. /api/v1/sites/:site_id/stats/calls/search?mac=001122334455&app=zoom&start=1511967600&end=1513177200
{
"start": 1511967600,
"end": 1513177200,
"limit": 10,
"total": 100,
"results": [
{
"app": "zoom",
"end_time": 1665465341,
"org_id": "85e1d87d-6541-4ebd-941a-272cac140948",
"site_id": "a16fdfc0-8540-47ab-be59-9dd2d00e7c84",
"meeting_id": 82126359919,
"rating": 5,
"start_time": 1665460836,
"mac": "adf1c481b989",
"audio_quality": 1,
"video_quality": 2,
"screen_share_quality": 3
},
{
"app": "zoom",
"end_time": 1665465339,
"org_id": "0c160b7f-1027-4cd1-923b-744534c4b070",
"site_id": "a16fdfc0-8540-47ab-be59-9dd2d00e7c84",
"meeting_id": 87578079426,
"rating": 4,
"start_time": 1665460914,
"mac": "983a78ea4a44",
"audio_quality": 3,
"video_quality": 1,
"screen_share_quality": 4
},
{
"app": "zoom",
"end_time": 1665465339,
"org_id": "0c160b7f-1027-4cd1-923b-744534c4b070",
"site_id": "a16fdfc0-8540-47ab-be59-9dd2d00e7c84",
"meeting_id": 97588079429,
"rating": 3,
"start_time": 1665460850,
"mac": "25e9ddf8b1b9",
"audio_quality": 4,
"video_quality": 2,
"screen_share_quality": 1
},
...
]
}
GET /api/v1/sites/:site_id/stats/calls/count
In addition to the filters that you can have in the search
| Name | Type | Description |
|---|---|---|
distinct |
string |
mac |
rating |
list |
feedback rating between 1-5 |
NOTE: the filters from /stats/calls/search can also be used. (E.g. /stats/calls/count?distinct=mac&app=zoom&mac=112233445566&start=1511967600&end=1513177200&rating=1,2)
{
"start": 1511967600,
"end": 1513177200,
"limit": 100,
"distinct": "mac",
"total": 20,
"results": [
{
"count": 217,
"mac": "112233445566"
}
...
]
}
GET /api/v1/sites/:site_id/stats/calls/client/:mac/troubleshoot?meeting_id=87578079426
In addition to the filters that you can have in the search
| Name | Type | Description |
|---|---|---|
meeting_id |
string |
meeting_id, required |
{
"mac": "983a78ea4a44",
"meeting_id": 87578079426,
"results": [
{
"timestamp": 1695425115,
// latencies contributors
"audio_in": {
"expected": 30.941595,
"client_tx_bytes": 0.15803306,
"client_n_streams": 0.15803306,
"client_wifi_version": 0.18267937,
"client_rssi": -1.0839354,
"client_radio_band": 0.5576923,
"client_tx_rates": 0.62357205,
"client_rx_bytes": 2.2622051,
"client_tx_retries": 0.77553505,
"client_rx_rates": 0.26726437,
"client_tx_bytes": 6.6164713,
"client_tx_retries": 1.702031,
"client_vpn_distaince": 1.6474955, // when client is connected to an AP in a site but connected to VPN server far away
"client_cpu": 3.7028809,
"ap_rtt": 0.16559607,
"ap_num_clients": -0.6565111,
"radio_bandwidth": -0.06538621,
"radio_channel": -0.73391086,
"radio_util": 12.770318,
"radio_util_interference": -3.079999,
"radio_tx_power": 0.10027129,
"site_num_clients": 0.017364305,
"wan_rtt": 46.77899,
"wan_jitter": 5.9680853,
"wan_avg_download_mbps": 1.4803165,
"wan_avg_upload_mbps": -0.038184267,
"wan_max_download_mbps": 1.4803165,
"wan_max_upload_mbps": -0.038184267,
},
"audio_out": { ... },
"video_in": { ... },
"video_out": { ... },
"expected": -2.86300010566701889,
"ap_num_clients": -0.08802365511655807,
"client_rx_rates": 0.02441493794322014,
"client_rx_retries": -0.14325742423534393,
"client_rssi": 0.7594696879386902,
"ap_rtt": 0.09924473613500595,
"radio_bandwidth": -0.021175479516386986,
"radio_channel": 0.11686426401138306,
"radio_util": 0.2452986091375351,
"client_radio_band": 0.5841414928436279,
"radio_util_interference": 3.4367904663085938,
"radio_rx_failed": 1.1782013177871704,
"radio_ap_change": 0.01850946433842182,
"client_cpu": 0.00834270566701889,
"client_vpn_distance": -0.0001660545531194657,
"client_n_streams": 0.00734270566701889,
"client_wifi_version": 0.00000070566701889,
"client_tx_rates": 0.22236637771129608,
"client_rx_bytes": 0.00002365511655807,
"client_tx_bytes": 0.00102365511655807,
"client_tx_retries": 0.3308201730251312,
"radio_tx_power": 0.121039018034935,
"site_num_clients": 0.055026158690452576,
"site_wan_rtt": 0.00000040566701889,
"site_wan_jitter": 0.00000100566701889,
"site_wan_avg_download_mbps": 0.00000030566701889,
"site_wan_avg_upload_mbps": 0.00000005566701889,
"site_wan_download_mbps": 0.00000080566701889,
"site_wan_upload_mbps": 0.00000020566701889
}
]
}
GET /api/v1/sites/:site_id/stats/calls/troubleshoot?start=1531776183&end=1531862583&ap=:mac
| Name | Type | Description |
|---|---|---|
start |
int |
Start time |
end |
int |
End time |
ap |
string |
AP MAC, optional |
{
"start" : 1531776183,
"end" : 1531862583,
"count": 245,
// average latencies contributor
"audio_out": {
"client_tx_rates": 10.668423069847954,
"client_tx_bytes": 1.8379177401463191,
"client_tx_retries": 43.323209603627525,
"site_wan_upload_mpbs": -0.8131117953194512,
"site_wan_avg_upload_mpbs": -0.988989942603641,
"ap_num_clients": 45.48306793636746,
"client_rssi": 17.251008563571506,
"ap_rtt": 6.352042701509264,
"radio_bandwidth": -0.1533682727151447,
"radio_channel": 0.662909648484654,
"radio_util": 27.891777674357098,
"client_radio_band": 1.5325644097982958e-06,
"radio_util_interference": 4.38913492154744,
"site_wan_rtt": 15.094849904378256,
"site_wan_jitter": 0.7875519659784105,
"client_cpu": 9.323452578650581,
"site_num_clients": -0.2855822932389047,
"client_vpn_distance": 112.4420166015625,
"expected": 29.74261474609375,
},
"audio_in": { ... },
"video_out": { ... },
"video_in": { ... },
"expected": -2.86300010566701889,
"ap_num_clients": -0.08802365511655807,
"client_rx_rates": 0.02441493794322014,
"client_rx_retries": -0.14325742423534393,
"client_rssi": 0.7594696879386902,
"ap_rtt": 0.09924473613500595,
"radio_bandwidth": -0.021175479516386986,
"radio_channel": 0.11686426401138306,
"radio_util": 0.2452986091375351,
"client_radio_band": 0.5841414928436279,
"radio_util_interference": 3.4367904663085938,
"radio_rx_failed": 1.1782013177871704,
"radio_ap_change": 0.01850946433842182,
"client_cpu": 0.00834270566701889,
"client_vpn_distance": -0.0001660545531194657,
"client_n_streams": 0.00734270566701889,
"client_wifi_version": 0.00000070566701889,
"client_tx_rates": 0.22236637771129608,
"client_rx_bytes": 0.00002365511655807,
"client_tx_bytes": 0.00102365511655807,
"client_tx_retries": 0.3308201730251312,
"radio_tx_power": 0.121039018034935,
"site_num_clients": 0.055026158690452576,
"site_wan_rtt": 0.00000040566701889,
"site_wan_jitter": 0.00000100566701889,
"site_wan_avg_download_mbps": 0.00000030566701889,
"site_wan_avg_upload_mbps": 0.00000005566701889,
"site_wan_download_mbps": 0.00000080566701889,
"site_wan_upload_mbps": 0.00000020566701889
}
GET /api/v1/sites/:site_id/stats/calls/summary?start=1531776183&end=1531862583&ap_mac=:mac
| Name | Type | Description |
|---|---|---|
start |
int |
Start time |
end |
int |
End time |
ap_mac |
string |
AP MAC, optional |
app |
string |
app name (zoom or teams). default is both. Optional |
{
"num_users": 3,
"num_aps": 1,
"total_minutes": 575217.0,
"bad_minutes": 5566.0,
"bad_minutes_site_wan": 3612.0,
"bad_minutes_wireless": 1428.0,
"bad_minutes_client": 526.0
}
POST /api/v1/sites/:site_id/maps/:map_id/auto_placement
{
"macs": [<list of device macs>, ...],
"force_collection": true,
"override": false,
"dryrun": false,
}
| Name | Type | Description |
|---|---|---|
macs |
list |
Optional list of MAC addresses to filter map devices by. |
force_collection |
boolean |
Set to true to recollect auto placement data; set to false to rerun the localizer on existing FTM data. |
override |
boolean |
Set to true to run auto placement even if there are invalid APs in the selected APs. |
dryrun |
boolean |
Set to true to perform an invalid AP check and provide an estimated run time without enqueuing the run into the auto placement service. |
This API is called to trigger auto placement for a map. For the auto placement feature to work, RTT-FTM data needs to be collected from the APs on the map. This scan is disruptive, and users must be notified of service disruption during the auto placement process. Repeated POST requests to this endpoint while a map is still running will be rejected.
force_collection is set to false by default. If force_collection is set to false, the API attempts to start localization with existing data. If no data exists, the API attempts to start orchestration. If force_collection is set to true, the API attempts to start orchestration.
Providing a list of devices is optional. If provided, autoplacement suggestions will be made only for the specified devices. If no list is provided, all APs associated with the map are considered by default.
{
"valid": true,
"reason": "Map has met the minimum requirements for auto placement",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
}
},
"estimated_runtime" : 30,
"wifi_interrupting": false
}
{
"started": true,
"valid": true,
"reason": "Started localization for auto placement",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
}
}
}
{
"started": true,
"valid": true,
"reason": "Started collection for auto placement",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
}
},
"estimated_runtime": 30,
"wifi_interrupting": true
}
{
"started": true,
"valid": false,
"reason": "Started localization for auto placement",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
},
"00000000004": {
"valid": false,
"reason": "Device model AP41 is not supported for auto placement"
},
"00000000005": {
"valid": false,
"reason": "Device firmware 0.14.28300 does not meet the minimum requirement 0.14.28310"
}
}
}
{
"started": true,
"valid": false,
"reason": "Started collection for auto placement",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
},
"00000000004": {
"valid": false,
"reason": "Device model AP41 is not supported for auto placement"
},
"00000000005": {
"valid": false,
"reason": "Device firmware 0.14.28300 does not meet the minimum requirement 0.14.28310"
}
},
"estimated_runtime": 30,
"wifi_interrupting": false
}
{
"started": false,
"valid": false,
"reason": "Map has APs that do not meet the minimum requirements for auto placement",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
},
"00000000004": {
"valid": false,
"reason": "Device model AP41 is not supported for auto placement"
},
"00000000005": {
"valid": false,
"reason": "Device firmware 0.14.28300 does not meet the minimum requirement 0.14.28310"
}
}
}
{
"started": false,
"valid": false,
"reason": "Map has less than 3 APs associated with it to perform auto placement",
"devices": {}
}
{
"started": false,
"valid": true,
"reason": "Map Already Enqueued",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
}
},
"estimated_runtime" : 30
}
{
"started": false,
"valid": true,
"reason": "Unable to reach auto placement service",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
}
},
"estimated_runtime" : 30
}
| Name | Type | Description |
|---|---|---|
started |
boolean |
Indicates whether the autoplacement process has started. |
valid |
boolean |
Indicates whether the autoplacement request is valid. |
reason |
string |
Provides the reason for the status. |
devices |
object |
Contains the validation status of each device. |
estimated_runtime |
int |
Estimated runtime for the process in seconds. |
wifi_interrupting |
boolean |
Indicates whether running collection disrupt WIFI service for map. |
NOTE: If all APs are both FTM and UWB capable, FTM valid is disabled to prevent interruption of WIFI service.
| Name | Type | Description |
|---|---|---|
valid |
boolean |
Indicates whether the ap is valid. |
reason |
string |
Provides the reason for the status if the AP is invalid. |
GET /api/v1/sites/:site_id/maps/:map_id/auto_placement
This API is called to view the current status of auto placement for a given map.
{
"status": "done",
"start_time": 1678900062,
"stop_time": 1678900362,
}
"status": "inprogress",
"start_time": 1678900062,
"est_time_left": 0.0,
| Name | Type | Description |
|---|---|---|
status |
String |
the status of autoplacement for a given map |
start_time |
float |
time when autoplacement process was last queued for this map |
est_time_left |
float |
(Only when inprogress) estimate of the time to completion |
stop_time |
float |
time when autoplacement completed or was manually stopped |
| Status | Description |
|---|---|
pending |
Autoplacement has not been requested for this map |
inprogress |
Autoplacement is currently processing |
done |
The autoplacement process has completed |
data_needed |
Additional position data is required for autoplacement. Users should verify the requested anchor APs have a position on the map |
invalid_model |
Autoplacement is not supported on the model of the APs on the map |
invalid_version |
Autoplacement is not supported with the APs current firmware version |
error |
There was an error in the autoplacement process |
DELETE /api/v1/sites/:site_id/maps/:map_id/auto_placement
This API is called to force stop auto placement for a given map
400 Bad Request - Autoplacement was not triggered200, Success - Autoplacement Process has stopped for this mapPOST /api/v1/sites/:site_id/maps/:map_id/auto_orient
{
"macs": [<list of device macs>, ...],
"force_collection": true,
"override": false,
"dryrun": false
}
| Name | Type | Description |
|---|---|---|
macs |
list |
Optional list of MAC addresses to filter map devices by. |
force_collection |
boolean |
Set to true to recollect auto orient data; set to false to rerun auto orient on existing run results. |
override |
boolean |
Set to true to run auto orient even if there are invalid APs in the selected APs. |
dryrun |
boolean |
Set to true to perform an invalid AP check and provide an estimated run time without enqueuing the run into the auto orient service. |
This API is called to trigger a map for auto orient. For auto orient feature to work, BLE data needs to be collected from the APs on the map. This precess is not disruptive unlike FTM collection. Repeated POST requests to this endpoint while a map is still running will be rejected.
force_collection is set to false by default. If force_collection is set to false, the API attempts to start orientation with existing data. If no data exists, the API attempts to start collecting orientation data. If force_collection is set to true, the API attempts to start collecting orientation data.
Providing a list of device macs is optional. If provided, auto orientation suggestions will be made only for the specified devices. If no list is provided, all APs associated with the map are considered by default.
{
"valid": true,
"reason": "Map has met the minimum requirements for auto orient",
"devices": {
"00000000001": {
"valid": true
"reason": "Device meets the minimum requirements for auto orient"
},
"00000000002": {
"valid": true
"reason": "Device meets the minimum requirements for auto orient"
},
"00000000003": {
"valid": true
"reason": "Device meets the minimum requirements for auto orient"
}
},
"estimated_runtime" : 300
}
{
"started": true,
"valid": true,
"reason": "Started localization for auto orient",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
}
},
}
{
"started": true,
"valid": true,
"reason": "Started collection for auto orient",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
}
},
"estimated_runtime" : 300
}
{
"started": true,
"valid": false,
"reason": "Started localization for auto orient",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
},
"00000000004": {
"valid": false,
"reason": "Device model AP32 is not supported for auto orient"
},
"00000000005": {
"valid": false,
"reason": "Device firmware 0.14.28300 does not meet the minimum requirement 0.14.28310"
}
}
}
{
"started": true,
"valid": false,
"reason": "Started collection for auto orient",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
},
"00000000004": {
"valid": false,
"reason": "Device model AP32 is not supported for auto orient"
},
"00000000005": {
"valid": false,
"reason": "Device firmware 0.14.28300 does not meet the minimum requirement 0.14.28310"
}
},
"estimated_runtime" : 300
}
{
"started": false,
"valid": false,
"reason": "Map has APs that do not meet the minimum requirements for auto orient",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
},
"00000000004": {
"valid": false,
"reason": "Device model AP41 is not supported for auto orient"
},
"00000000005": {
"valid": false,
"reason": "Device firmware 0.14.28300 does not meet the minimum requirement 0.14.28310"
}
}
}
{
"started": false,
"valid": false,
"reason": "Map has less than 3 APs associated with it to perform auto orient",
"devices": {}
}
{
"started": false,
"valid": true,
"reason": "Map Already Enqueued",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
}
},
"estimated_runtime" : 300
}
{
"started": false,
"valid": true,
"reason": "Unable to reach auto orient service",
"devices": {
"00000000001": {
"valid": true
},
"00000000002": {
"valid": true
},
"00000000003": {
"valid": true
}
},
"estimated_runtime" : 300
}
| Name | Type | Description |
|---|---|---|
started |
boolean |
Indicates whether the auto orient process has started. |
valid |
boolean |
Indicates whether the auto orient request is valid. |
reason |
string |
Provides the reason for the status. |
devices |
object |
Contains the validation status of each device. |
estimated_runtime |
int |
Estimated runtime for the process in seconds. |
| Name | Type | Description |
|---|---|---|
valid |
boolean |
Indicates whether the ap is valid. |
reason |
string |
Provides the reason for the status if the AP is invalid. |
GET /internal/sites/:site_id/maps/:map_id/auto_orient
This API is called to view the current status of auto orient for a given map.
{
"status": "done",
"start_time": 1678900062,
"stop_time": 1678900362,
}
"status": "inprogress",
"start_time": 1678900062,
"est_time_left": 300.0,
| Name | Type | Description |
|---|---|---|
status |
String |
the status of auto orient for a given map |
start_time |
float |
time when auto orient process was last queued for this map |
est_time_left |
float |
(Only when inprogress) estimate of the time to completion |
stop_time |
float |
time when auto orient completed or was manually stopped |
| Status | Description |
|---|---|
pending |
Auto orient has not been requested for this map |
inprogress |
Auto orient is currently processing |
done |
The auto orient process has completed |
error |
There was an error in the auto orient process |
DELETE /api/v1/sites/:site_id/maps/:map_id/auto_orient
This API is used to cancel Auto Orientation for a map
400 Bad Request - Auto orient was not triggered200, Success - Auto orient process has stopped for this mapPOST /api/v1/sites/:site_id/maps/:map_id/use_auto_ap_values
{
"for": "placement",
"accept": true,
"macs": [<list of device macs>],
}
"for": "orientation",
"accept": false,
"macs": [<list of device macs>],
| Name | Type | Description |
|---|---|---|
for |
String |
The selector to choose auto placement or auto orientation. default: placement |
accept |
bool |
If accept is true, accepts placement for devices in list otherwise. If false, reject for devices in list. default: false |
device_macs |
list |
A list of macs to accept/reject. If a list is not provided the API will accept/reject for the full map. |
This API is used to accept or reject the cached autoplacement and auto-orientation values of a map or subset of APs on a map. Any APs that have autoplacement values are stored in cache for up to 7 days while awaiting acceptance or rejection.
Accepting the autoplacement values overwrites the existing X, Y, and orientation of the accepted APs with their cached autoplacement values.
Rejecting the autoplacement values causes the APs to retain their current X, Y, and orientation.
Once a decision (accept or reject) is made, or the 7-day time-to-live (TTL) expires, the cached values are deleted.
400 Bad Request - Map does not exist or belong to specified site400 Bad Request - Invalid localization service. Expected [placement, orientation]200, SuccessPOST /api/v1/sites/:site_id/maps/:map_id/clear_autoplacement
{
"macs": [<list of device macs>, ...]
}
This API is used to destroy the cached autoplacement locations of a map or subset of APs on a map.
POST /api/v1/sites/:site_id/maps/:map_id/clear_auto_orient
{
"macs": [<list of device macs>, ...]
}
This API is used to destroy the autoorientations of a map or subset of APs on a map.
GET /api/v1/sites/:site_id/otherdevices/events/search?mac=4c9614a78e00
| Name | Type | Description |
|---|---|---|
org_id |
string |
org id |
site_id |
string |
site id |
mac |
string |
mac |
device_mac |
string |
mac of attached device |
vendor |
string |
vendor name |
type |
string |
event type |
model |
string |
device model |
{
"results": [
{
"org_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862a",
"site_id": "4ac1dcf4-9d8b-7211-65c4-057819f0862b",
"vendor": "cradlepoint",
"mac": "5c5b351e13b5",
"device_mac": "5c5b351e13b5",
"text": "Plugged: The Internal 5GB (SIM1) has been inserted into Internal 1.",
"timestamp": 1547235620.89,
"type": "CELLULAR_EDGE_MODEM_WAN_PLUGGED",
"model": "W1850"
},
...
]
}
GET /api/v1/sites/:site_id/otherdevices/events/count?distinct=mac
{
"end": 1545874660.211871,
"distinct": "mac",
"results": [
{
"count": 22,
"mac": "0030448c6e40"
}
],
"start": 1545788260.21184,
"limit": 10,
"total": 1
}
GET /api/v1/sites/:site_id/wan_usages/search
| Name | Type | Description |
|---|---|---|
mac |
string |
MAC address |
peer_mac |
string |
Peer MAC address |
port_id |
string |
Port ID for the device |
peer_port_id |
string |
Peer Port ID for the device |
policy |
string |
policy for the wan path |
tenant |
string |
tenant network in which the packet is sent |
path_type |
string |
path_type of the port |
| ### Response |
{
"results": [
{
"mac": "5c5b35000001",
"port_id": "ge-0/0/0.0",
"path_weight" : 10,
"policy": "policy1",
"tenant": "tenant1",
"path_type": "vpn",
"peer_mac": "0200018c95e1",
"peer_port_id": "ge-0/0/3",
}
]
}
GET /api/v1/sites/:site_id/wan_usages/count
In addition to the filters that you can have in the search
| Name | Type | Description |
|---|---|---|
mac |
string |
MAC address |
peer_mac |
string |
Peer MAC address |
port_id |
string |
Port ID for the device |
peer_port_id |
string |
Peer Port ID for the device |
policy |
string |
policy for the wan path |
tenant |
string |
tenant network in which the packet is sent |
path_type |
string |
path_type of the port |
{
"start": 1511967600,
"end": 1513177200,
"limit": 100,
"distinct": "mac",
"total": 20,
"results": [
{
"count": 217,
"Policy": "P1"
}
]
}
GET /api/v1/sites/:site_id/wan_clients/search
| Name | Type | Description |
|---|---|---|
mac |
string |
partial / full MAC address |
hostname |
string |
partial / full hostname |
ip |
string |
client IP |
mfg |
string |
Manufacture |
network |
string |
network |
ip_src |
string |
IP source |
{
"results": [
{
"wcid": "8bbe7389-212b-c65d-2208-00fab2017936",
"hostname": [
"sonoszp"
],
"ip": [
"192.168.1.139",
"192.168.1.122"
],
"mfg": "Sonos",
"last_hostname": "sonoszp",
"timestamp": 1718791390,
"org_id": "b4e16c72-d50e-4c03-a952-a3217e231e2c",
"site_id": "f688779c-e335-4f88-8d7c-9c5e9964528b",
"last_ip": "192.168.1.139",
"network": "lan",
"ip_src": "dhcp",
"dhcp_expire_time": 1718798190,
"dhcp_start_time": 1718788190
},
{
"hostname": [
"inband-management",
],
"ip": [
"169.254.127.127"
],
"last_hostname": "inband-management",
"When": "2022-12-31T23:59:43.497+0000",
"org_id": "b4e16c72-d50e-4c03-a952-a3217e231e2c",
"site_id": "f688779c-e335-4f88-8d7c-9c5e9964528b",
"last_ip": "169.254.127.127"
}
]
}
GET /api/v1/sites/:site_id/wan_clients/count?distinct=mfg
| Name | Type | Description |
|---|---|---|
distinct |
string |
hostname, ip, mfg, network, default is mac |
{
"start": 1511967600,
"end": 1513177200,
"limit": 10,
"distinct": "device",
"total": 2,
"results": [
{
"mfg": "Apple",
"count": 61
},
{
"mfg": "Sonos",
"count": 44
}
]
}
GET /api/v1/sites/:site_id/wan_clients/events/search
| Name | Type | Description |
|---|---|---|
type |
string |
Event type, e.g. CLIENT_IP_ASSIGNED, CLIENT_IP_RENEWED, CLIENT_IP_EXPIRED |
mac |
string |
partial / full MAC address |
hostname |
string |
partial / full hostname |
ip |
string |
client IP |
mfg |
string |
Manufacture |
{
"start": 1512572151,
"end": 1513176951,
"limit": 10,
"total": 1,
'results': [
{
"When": "2022-12-31T23:59:59.293Z",
"org_id": "b0b9f142-aaba-11e6-aafc-0242ac110002",
"site_id": "fc656275-b157-43fd-b922-5f4f341c19bf",
"wcid": "62bbfb75-10d8-49d1-dec7-d2df91624287",
"random_mac": False,
"ev_type": "CLIENT_IP_ASSIGNED",
"text": "DHCP Ack IP 192.168.88.216",
"metadata": {
"client_ip": "192.168.88.216",
"expiration": 1672823632.127
}
}
]
}
GET /api/v1/sites/:site_id/wan_client/events/count?distinct=type
| Name | Type | Description |
|---|---|---|
distinct |
string |
type, hostname, ip, mfg, mac |
{
"start": 1513276353,
"end": 1513362753,
"limit": 3,
"total": 3,
"results": [
{
"type": "CLIENT_IP_ASSIGNED",
"count": 4
},
{
"type": "CLIENT_IP_RENEWED",
"count": 2
},
{
"type": "CLIENT_IP_EXPIRED",
"count": 2
}
]
}
POST /uri/... HTTP/1.1
Host: hooks.abc.com:443
User-Agent: Mist-webhook
Content-Type: application/json
Content-Length: 596
X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{
"topic": "nac-accounting",
"events": [
{
"timestamp": 1547235620.89,
"ap": "5c5b355005be",
"type": "NAC_ACCOUNTING_STOP",
"mac": "6e795836d5f9",
"auth_type": "eap-tls",
"bssid": "5c5b35546bb4",
"client_type": "wireless",
"client_ip": "172.16.87.4",
"nas_vendor": "juniper-mist",
"rx_pkts": 9523,
"tx_pkts": 5233,
"ssid": "Test-CMR SSID",
"username": "hi"
"org_id": "625aba64-fe72-4b14-8985-cbf31ec3d78a",
"site_id": "ec9d1e85-af24-43f9-8d65-d620580e8631"
}
]
}
| Name | Type | Description |
|---|---|---|
timestamp |
long |
sampling time (in epoch) |
ap |
string |
mac address of the AP the client roamed or disconnected from |
type |
string |
type of event. E.g. “ACCOUNTING_START”, “ACCOUNTING_UPDATE”, “ACCOUNTING_STOP” |
mac |
string |
the client’s mac |
auth_type |
string |
radius authentication type |
bssid |
string |
it’s the MAC physical address of the access point |
client_type |
string |
client type E.g. “wired”, “wireless”, “vty” |
client_ip |
string |
IP Address of client |
nas_vendor |
string |
NAS Device vendor name E.g. “Juniper”, “Cisco” |
rx_pkts |
int |
number of packets received |
tx_pkts |
int |
number of packets sent |
ssid |
string |
ESSID |
username |
string |
username authenticated with |
org_id |
string |
Org ID |
site_id |
string |
Site ID |
### Example Delivery of nac-events
POST /uri/… HTTP/1.1
Host: hooks.abc.com:443 User-Agent: Mist-webhook Content-Type: application/json Content-Length: 596 X-Mist-Signature: ce3af7760f1289d02bf6a7ad19f3214c4e5c7c2e
{ “topic”: “nac-events”, “events”: [ { “type”: “NAC_CLIENT_PERMIT”, “nacrule_id”: “32f27e7d-ff26-4a9b-b3d1-ff9bcb264c62”, “nacrule_matched”: true, “dryrun_nacrule_id”: “32f27e7d-ff26-4a9b-b3d1-ff9bcb264012”, “dryrun_nacrule_matched”: true, “auth_type”: “eap-ttls”, “vlan”: “750”, “nas_vendor”: “juniper-mist”, “bssid”: “5c5b355fafcc”, “idp_id”: “912ef72e-2239-4996-b81e-469e87a27cd6”, “idp_role”: [ “itsuperusers”, “vip” ], “resp_attrs”: [ “Tunnel-Type=VLAN”, “Tunnel-Medium-Type=IEEE-802”, “Tunnel-Private-Group-Id=750”, “User-Name=anonymous” ], “ssid”: “##mist_nac”, “username”: “user@deaflyz.net”, “timestamp”: 1691512031.358188, “org_id”: “27547ac2-d114-4e04-beb1-f3f1e6e81ec6”, “site_id”: “441a1214-6928-442a-8e92-e1d34b8ec6a6”, “random_mac”: False, “ap”: “5c5b35513227”, “mac”: “ac3eb179e535” } ] }
Name|Type| Description
----|----|------------
`type`|`string`| event type, e.g. NAC_CLIENT_PERMIT
`nacrule_id` | `string` | NAC Policy Rule ID, if matched
`nacrule_matched` | `bool` | NAC Policy Rule Matched
`dryrun_nacrule_id` | `string` | NAC Policy Dry Run Rule ID, if present and matched
`dryrun_nacrule_matched` | `bool` | True - if dryrun rule present and matched with priority, False - if not matched or not present
`auth_type`|`string`| authentication type, e.g. "eap-tls", "eap-peap", "eap-ttls", "eap-teap", "mab", "device-auth"
`vlan`|`string`| Vlan ID
`nas_vendor`|`string`| vendor of NAS device
`bssid`|`string`| SSID
`idp_id` | `string` | SSO ID, if present and used
`idp_role` | `string` | IDP returned roles/groups for the user
`resp_attrs` | `list` | Radius attributes returned by NAC to NAS Devive
`ssid`|`string`| SSID
`username`|`string`| Username presented by the client
`timestamp`|`long`| start time, in epoch
`org_id`| `string` | org id
`site_id`| `string` | site id if assigned, null if not assigned
`ap`|`string`| AP MAC
`random_mac`|`boolean`| random mac
`mac`| `string` | MAC address
GET /api/v1/sites/:site_id/nac_clients/events/search
| Name | Type | Description |
|---|---|---|
type |
string |
event type, e.g. NAC_CLIENT_PERMIT |
nacrule_id |
string |
NAC Policy Rule ID, if matched |
dryrun_nacrule_id |
string |
NAC Policy Dry Run Rule ID, if present and matched |
auth_type |
string |
authentication type, e.g. “eap-tls”, “peap-tls”, “eap-ttls”, “eap-teap”, “mab”, “psk”, “device-auth” |
vlan |
string |
Vlan ID |
nas_vendor |
string |
vendor of NAS device |
bssid |
string |
SSID |
ssid |
string |
SSID |
idp_username |
string |
Username presented to the Identity Provider |
username |
string |
Username presented by the client |
org_id |
string |
org id |
site_id |
string |
site id if assigned, null if not assigned |
ap |
string |
AP MAC |
mac |
string |
MAC address |
mxedge_id |
string |
Mist Edge ID used to connect to cloud |
port_type |
string |
Type of client i.e wired, wireless |
device_mac |
string |
Switch MAC Address |
ip |
string |
IP addressed assigned to client |
port_id |
string |
Port ID for the device |
usermac_label |
list |
labels derived from usermac entry |
text |
string |
partial / full MAC address, username, device_mac or ap |
nas_ip |
string |
IP address of NAS device |
sort |
string |
sort options, ‘-‘ prefix represents DESC order, default is wcid in ASC order |
ingress_vlan |
string |
vendor specific Vlan ID in radius requests |
{
"start": 1512572151,
"end": 1513176951,
"limit": 10,
"total": 1,
"results": [
{
"type": "NAC_CLIENT_PERMIT",
"nacrule_id": "32f27e7d-ff26-4a9b-b3d1-ff9bcb264c62",
"nacrule_matched": true,
"auth_type": "eap-ttls",
"vlan": "750",
"nas_vendor": "juniper-mist",
"bssid": "5c5b355fafcc",
"idp_id": "912ef72e-2239-4996-b81e-469e87a27cd6",
"idp_role": [
"itsuperusers",
"vip"
],
"resp_attrs": [
"Tunnel-Type=VLAN",
"Tunnel-Medium-Type=IEEE-802",
"Tunnel-Private-Group-Id=750",
"User-Name=anonymous"
],
"ssid": "##mist_nac",
"username": "user@deaflyz.net",
"timestamp": 1691512031.358188,
"org_id": "27547ac2-d114-4e04-beb1-f3f1e6e81ec6",
"site_id": "441a1214-6928-442a-8e92-e1d34b8ec6a6",
"random_mac": false,
"ap": "5c5b35513227",
"mac": "ac3eb179e535"
}
]
}
GET /api/v1/sites/:site_id/nac_clients/events/count?distinct=type
| Name | Type | Description |
|---|---|---|
distinct |
string |
type / nacrule_id / dryrun_nacrule_id / auth_type / vlan / nas_vendor / username / ap / mac / ssid |
{
"start": 1513276353,
"end": 1513362753,
"limit": 3,
"total": 3,
"results": [
{
"count": 80,
"type": "NAC_CLIENT_PERMIT"
},
{
"count": 36,
"type": "NAC_CLIENT_CERT_CHECK_SUCCESS"
},
{
"count": 19,
"type": "NAC_CLIENT_DENY"
}
]
}
GET /api/v1/sites/:site_id/nac_clients/search
| Name | Type | Description |
|---|---|---|
nacrule_id |
string |
NAC Policy Rule ID, if matched |
nacrule_matched |
bool |
If NAC Policy Rule Matched |
auth_type |
string |
authentication type, e.g. “eap-tls”, “peap-tls”, “eap-ttls”, “eap-teap”, “mab”, “device-auth” |
vlan |
string |
Vlan name or ID assigned to the client |
nas_vendor |
string |
vendor of NAS device |
nas_ip |
string |
IP address of NAS device |
idp_id |
string |
SSO ID, if present and used |
ssid |
string |
SSID |
username |
string |
Username presented by the client |
timestamp |
long |
start time, in epoch |
org_id |
string |
org id |
site_id |
string |
site id if assigned, null if not assigned |
ap |
string |
AP MAC connected to by client |
mac |
string |
MAC address |
device_mac |
string |
Switch MAC Address |
status |
string |
Connection status of client i.e “permitted”, “denied, “session_started”, “session_ended” |
type |
string |
Client type i.e. “wireless”, “wired” etc. |
mdm_compliance |
string |
MDM compliancy of client i.e “compliant”, “not compliant” |
mdm_managed |
bool |
Filters NAC clients that are managed by MDM providers |
mdm_provider |
string |
MDM provider of client’s organisation eg “intune”, “jamf” |
edr_status |
string |
EDR Status of client i.e “sentinelone_healthy”, “sentinelone_infected”, “crowdstrike_low”, “crowdstrike_medium”, “crowdstrike_high”, “crowdstrike_critical”, “crowdstrike_informational” |
edr_managed |
bool |
Filters NAC clients that are integrated with EDR providers |
edr_provider |
string |
EDR provider of client’s organisation eg “sentinelone”, “crowdstrike” |
mxedge_id |
string |
ID of Mist Edge that the client is connected through |
nacrule_name |
string |
NAC Policy Rule Name matched |
text |
string |
partial / full MAC address, last_username, device_mac, nas_ip or last_ap |
sort |
string |
sort options, ‘-‘ prefix represents DESC order, default is wcid in ASC order |
usermac_label |
string |
Labels derived from usermac entry |
mfg |
string |
Manufacturer of the client’s device |
family |
string |
Family of the client’s device |
model |
string |
Model of the client’s device |
os |
string |
Operating system of the client’s device |
hostname |
string |
Hostname of the client’s device |
{
"start": 1512572151,
"end": 1513176951,
"limit": 10,
"total": 2,
"results": [
{
"ap": ["5c5b35bf16bb", "d4dc090041b4"],
"auth_type": "eap-tls",
"cert_cn": ["werqwerty"],
"cert_issuer": ["/DC=com/DC=onmicrosoft/DC=Juniper461/CN=Juniper461-CA"],
"idp_id": "a13df686-dc39-4bdd-920f-89a412444c06",
"idp_role": ["Employee"],
"ip": ["10.7.51.74"],
"last_ap": "d4dc090041b4",
"last_cert_cn": "werqwerty",
"last_cert_expiry": 1725373986,
"last_cert_issuer": "/DC=com/DC=onmicrosoft/DC=Juniper461/CN=Juniper461-CA",
"last_ip": "10.7.51.74",
"last_nacrule_id": "558d6c97-d3c2-43e7-941d-244603ef5ce6",
"last_nacrule_name": "mdm_complaince",
"last_nas_vendor": "juniper-mist",
"last_ssid": "mdm_test",
"last_status": "permitted",
"nacrule_id": ["558d6c97-d3c2-43e7-941d-244603ef5ce6"],
"nacrule_matched": true,
"nacrule_name": ["mdm_complaince"],
"nas_vendor": ["juniper-mist"],
"nas_ip": "10.206.96.100",
"mac": "ac3eb179e535",
"org_id": "9301bff6-8992-49d6-b1ea-907ee81bb5fb",
"random_mac": true,
"site_id": "13d69fb2-5456-43a1-90c4-89513487dde2",
"ssid": ["mdm_test"],
"timestamp": 1694689718.612,
"type": "wireless",
"usermac_label": [
"non-compliant",
"building26",
"floor52"
],
"last_mfg": "Apple, Inc.",
"last_family": "Phone/Tablet/Wearable",
"last_model": "iPhone 16 Pro",
"last_os": "iOS 18.1",
"last_hostname": "Apple iPhone Work",
"edr_status": "sentinelone_healthy",
"edr_provider": "sentinelone",
"edr_managed": true
},
{
"auth_type": "mab",
"group": "employee",
"type": "wired",
"last_status": "session_started",
"device_mac": "0c599c646778",
"gbp_tag": "3005",
"last_nacrule_id": "85abd6a3-c4a4-497d-a568-2765046e0dba",
"last_nacrule_name": "Allowed Printers",
"last_nas_vendor": "juniper-mist",
"last_port_id": "ge-0/0/1.0",
"last_username": "CanonPrinter1",
"last_vlan": "750",
"nacrule_id": [
"85abd6a3-c4a4-497d-a568-2765046e0dba"
],
"nacrule_matched": true,
"nacrule_name": [
"Allowed Printers"
],
"nas_vendor": [
"juniper-mist"
],
"org_id": "9301bff6-8992-49d6-b1ea-907ee81bb5fb",
"port_id": [
"ge-0/0/1.0"
],
"random_mac": false,
"site_id": "441a1214-6928-442a-8e92-e1d34b8ec6a6",
"site_ids": [
"441a1214-6928-442a-8e92-e1d34b8ec6a6"
],
"username": [
"CanonPrinter1",
"6c3c7c7573e7"
],
"vlan": [
"750",
"751"
],
"vlan_source": "usermac",
"timestamp": 1721641794.344
}
]
}
GET /api/v1/sites/:site_id/nac_clients/count?distinct=type
| Name | Type | Description |
|---|---|---|
distinct |
string |
type / auth_type / nacrule_matched / mxedge_id / ssid / status / username / nacrule_id / nas_vendor / vlan / mdm_compliance / mdm_provider / idp_id / nacrule_name / device_mac / ap / usermac_label / mdm_managed / mfg / model / os / family / hostname / nas_ip / edr_provider / edr_status / edr_managed |
{
"start": 1513276353,
"end": 1513362753,
"limit": 3,
"total": 2,
"results": [
{
"count": 10,
"type": "wired"
},
{
"count": 15,
"type": "wireless"
}
]
}
GET /api/v1/sites/:site_id/services/events/search
| Name | Type | Description |
|---|---|---|
type |
string |
Event type, e.g. GW_SERVICE_PATH_DOWN |
text |
string |
Description of the event including the reason it is triggered |
vpn_name |
string |
Peer name |
vpn_path |
string |
Peer path name |
policy |
string |
Service policy associated with that specific path |
port_id |
string |
Network interface |
peer_port_id |
string |
Port ID of the peer gateway |
peer_mac |
string |
MAC address of the peer gateway |
model |
string |
Device model |
version |
string |
Device firmware version |
timestamp |
long |
Start time, in epoch |
org_id |
string |
Org id |
site_id |
string |
Site id |
mac |
string |
MAC address |
path_weight |
int |
Path weight |
{
"results": [
{
"timestamp": 1697037334.204,
"org_id": "a3c6718f-2823-4e48-bf5e-b841768a4c9b",
"site_id": "4279edbd-1d24-41ea-9505-2eb26c8590fa",
"port_id": "ge-0/0/0",
"model": "SSR120",
"type": "GW_SERVICE_PATH_DOWN",
"text": "Probe Down",
"version": "6.1.5-14.lts",
"mac": "90ec7734b374",
"policy": "management",
"path_weight": 10
},
{
"vpn_name": "Syracuse_HUB",
"timestamp": 1697037328.651775,
"org_id": "a3c6718f-2823-4e48-bf5e-b841768a4c9b",
"site_id": "4279edbd-1d24-41ea-9505-2eb26c8590fa",
"vpn_path": "Syracuse_HUB-Wan0",
"text": "Peer Path Down",
"port_id": "ge-1/0/6",
"model": "SSR120",
"type": "GW_SERVICE_PATH_REMOVE",
"version": "6.1.5-14.lts",
"mac": "90ec7734b374",
"policy": "INTERNET",
"path_weight": 20
},
{
"timestamp": 1697037325.37843,
"org_id": "a3c6718f-2823-4e48-bf5e-b841768a4c9b",
"site_id": "4279edbd-1d24-41ea-9505-2eb26c8590fa",
"port_id": "ge-1/0/6",
"model": "SSR120",
"type": "GW_SERVICE_PATH_ADD",
"version": "6.1.5-14.lts",
"mac": "90ec7734b374",
"policy": "policy1",
"path_weight": 30
}
],
"start": 1697009979,
"end": 1697096379,
"limit": 10,
"total": 3
}
GET /api/v1/sites/:site_id/services/events/count?distinct=type
| Name | Type | Description |
|---|---|---|
distinct |
string |
type / mac / vpn_name / vpn_path / policy / port_id / model / site_id |
{
"results": [
{
"type": "GW_SERVICE_PATH_ADD",
"count": 14
},
{
"type": "GW_SERVICE_PATH_REMOVE",
"count": 1
}
],
"start": 1697010188,
"end": 1697096588,
"limit": 10,
"distinct": "type",
"total": 2
}
The auto zones service is a map parsing service that uses map image data to suggest spaces to designate as location zones.
POST /api/v1/sites/:site_id/maps/:map_id/auto_zones
This API starts the auto zones service for a specified map. This map must have an image to parse for the auto zones service. Repeated POST requests to this endpoint while the auto zones service is proccessing the map or awaiting review will be rejected.
400 Bad Request - Map does not contain image data400 Bad Request - Auto zones is already in progress for this map400 Bad Request - Unable to reach auto zones service200 SuccessGET /api/v1/sites/:site_id/maps/:map_id/auto_zones
This API provides the current status of the auto zones service for a given map
{
"status":"in_progress"
}
{
"status": "awaiting_review",
"zones": [
{
"name": "zone1",
"vertices": [
{
"x": 0,
"y": 0
},
{
"x": 0,
"y": 10
},
{
"x": 10,
"y": 10
},
{
"x": 10,
"y": 0
}
]
},
{
"name": "zone2",
"vertices": [
{
"x": 0,
"y": 0
},
{
"x": 0,
"y": 20
},
{
"x": 20,
"y": 20
},
{
"x": 20,
"y": 0
}
]
}
]
}
| Name | Type | Description |
|---|---|---|
status |
String |
The status for the auto zones service for a given map |
zones |
list |
A list of suggested zones to review and accept for a given map |
name |
String |
The name of the suggested zone |
vertices |
list |
A list of of points comprising the zones map location in pixels |
| Status | Description |
|---|---|
not_started |
The auto zones service has not been run on this map or the results were cleared by the user |
in_progress |
The auto zones service is currently in progress |
awaiting_review |
The auto zones service has completed and suggested location zones to be added to the map |
error |
There was an error with the auto zones service |
DELETE /api/v1/sites/:site_id/maps/:map_id/auto_zones
This API is called to cancel auto zones for a given map and to delete the suggested zones returned by the service. If the service was not it will still delete any suggested zones and clear the auto zones service status.
200, Success