createOrgMxEdgeCluster
POST https://{{host}}/api/v1/orgs/:org_id/mxclusters
Generic Body Parameters
| Name | Type | Description |
|---|
proxy | object | Proxy Configuration to talk to Mist |
tunterm_hosts | list | hostnames or IPs where a Mist Tunnel will use as the Peer (i.e. they are reachable from AP) |
tunterm_hosts_selection | string | shuffle (default) / shuffle-by-site / ordered. Ordering of tuntermhosts for mxedge within the same mxcluster. When shuffle, the ordering of tuntermhosts is randomized by the device’s MAC. When shuffle-by-site, we shuffle by siteid+tunnelid (so when client connects to a specific Tunnel, it will go to the same (order of) mxedge, and we load-balancing between tunnels). When ordered, the order is decided by tuntermhostsorder. |
tunterm_hosts_order | list | list of index of tunterm_hosts |
tunterm_ap_subnets | list | list of subnets where we allow AP to establish Mist Tunnels from |
tunterm_extra_routes | object | extra routes for Mist Tunneled VLANs |
tunterm_dhcpd_config | object | DHCP server/relay configuration of Mist Tunneled VLANs |
Dynamic Authorization (mist_das)
| Name | Type | Description |
|---|
enabled | boolean | whether to enable mist das, default is false |
coa_servers | list | list of COA (change of authorization) servers allowed as dynamic authorization clients |
disable_event_timestamp_check | boolean | whether to disable Event-Timestamp Check, optional, default is false |
RADIUS Proxy (RADSec)
| Name | Type | Description |
|---|
enabled | boolean | whether to enable service on Mist Edge i.e. RADIUS proxy over TLS |
proxy_hosts | list | hostnames or IPs for Mist AP to use as the TLS Server (i.e. they are reachable from AP) in addition to tunterm_hosts |
match_ssid | boolean | whether to match ssid in request message to select from a subset of RADIUS servers |
server_selection | string | ordered (default) / unordered. When ordered, Mist Edge will prefer and go back to the first radius server if possible |
auth_servers | list | list of RADIUS authentication servers, order matters where the first one is treated as primary |
acct_servers | list | list of RADIUS accounting servers, optional, order matters where the first one is treated as primary |
source | string | tunnel / oob / tunnel6 / oob6 / any (default). Specify source address to use when connecting to RADIUS servers |
RADIUS Server
| Name | Type | Description |
|---|
host | string | ip / hostname of RADIUS server |
port | int | port of RADIUS server, default is 1812 for auth server and 1813 for acct server |
secret | string | secret of RADIUS server |
ssids | list | list of ssids that will use this server if match_ssid is true and match is found |
Request Body
{"id"=>"572586b7-f97b-a22b-526c-8b97a3f609c4", "name"=>"Guest Cluster", "proxy"=>{"url"=>"http://proxy.corp.com:8080/"}, "mxedge_mgmt"=>{"fips_enabled"=>true, "oob_ip_type"=>"disabled", "oob_ip_type6"=>"disabled"}, "tunterm_hosts"=>["guest-sj1.corp.com"], "tunterm_ap_subnets"=>["0.0.0.0/0"], "tunterm_hosts_selection"=>"shuffle", "tunterm_hosts_order"=>[0, 1], "mist_das"=>{"enabled"=>true, "coa_servers"=>[{"enabled"=>false, "host"=>"aaa.internal", "secret"=>"testing456", "disable_event_timestamp_check"=>false}]}, "radsec"=>{"enabled"=>true, "proxy_hosts"=>["mxedge1.corp.com"], "match_ssid"=>false, "server_selection"=>"ordered", "auth_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123", "ssids"=>["corporate"], "keywrap_enabled"=>true, "keywrap_format"=>"hex", "keywrap_kek"=>"1122334455", "keywrap_mack"=>"1122334455"}, {"host"=>"radius.internal", "port"=>1812, "secret"=>"testing123", "ssids"=>["guest"]}], "acct_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123"}], "source"=>"tunnel"}, "mist_nac"=>{"enabled"=>true, "secret"=>"testing123", "client_ips"=>{"10.0.3.0/24"=>{"vendor"=>"cisco-ios", "secret"=>"alternative_one", "site_id"=>"00000000-0000-0000-1234-000000000000"}}, "auth_server_port"=>1812, "acct_server_port"=>1813}, "tunterm_monitoring_disabled"=>false, "tunterm_monitoring"=>[{"protocol"=>"ping", "host"=>"10.2.8.15", "timeout"=>300, "port"=>80}], "tunterm_extra_routes"=>{"11.0.0.0/8"=>{"via"=>"10.3.3.1"}}, "tunterm_dhcpd_config"=>{"enabled"=>false, "servers"=>["11.2.3.4"], "2"=>{"enabled"=>true, "servers"=>["11.2.3.44"]}}}
| Key | Datatype | Required | Description |
|---|
Accept | string | | |
X-CSRFToken | string | | |
Content-Type | string | | |
RESPONSES
status: OK
{"id":"572586b7-f97b-a22b-526c-8b97a3f609c4","name":"Guest Cluster","tunterm_hosts":["guest-sj1.corp.com"],"tunterm_ap_subnets":["0.0.0.0/0"],"radsec":{"enabled":true,"auth_servers":[{"host":"1.2.3.4","port":1812,"secret":"testing123"},{"host":"radius.internal","port":1812,"secret":"testing123"}],"acct_servers":[{"host":"1.2.3.4","port":1812,"secret":"testing123"}]}}