createOrgMxEdgeCluster

POST https://{{host}}/api/v1/orgs/:org_id/mxclusters

Generic Body Parameters

NameTypeDescription
proxyobjectProxy Configuration to talk to Mist
tunterm_hostslisthostnames or IPs where a Mist Tunnel will use as the Peer (i.e. they are reachable from AP)
tunterm_hosts_selectionstringshuffle (default) / shuffle-by-site / ordered. Ordering of tuntermhosts for mxedge within the same mxcluster. When shuffle, the ordering of tuntermhosts is randomized by the device’s MAC. When shuffle-by-site, we shuffle by siteid+tunnelid (so when client connects to a specific Tunnel, it will go to the same (order of) mxedge, and we load-balancing between tunnels). When ordered, the order is decided by tuntermhostsorder.
tunterm_hosts_orderlistlist of index of tunterm_hosts
tunterm_ap_subnetslistlist of subnets where we allow AP to establish Mist Tunnels from
tunterm_extra_routesobjectextra routes for Mist Tunneled VLANs
tunterm_dhcpd_configobjectDHCP server/relay configuration of Mist Tunneled VLANs

Dynamic Authorization (mist_das)

NameTypeDescription
enabledbooleanwhether to enable mist das, default is false
coa_serverslistlist of COA (change of authorization) servers allowed as dynamic authorization clients
disable_event_timestamp_checkbooleanwhether to disable Event-Timestamp Check, optional, default is false

RADIUS Proxy (RADSec)

NameTypeDescription
enabledbooleanwhether to enable service on Mist Edge i.e. RADIUS proxy over TLS
proxy_hostslisthostnames or IPs for Mist AP to use as the TLS Server (i.e. they are reachable from AP) in addition to tunterm_hosts
match_ssidbooleanwhether to match ssid in request message to select from a subset of RADIUS servers
server_selectionstringordered (default) / unordered. When ordered, Mist Edge will prefer and go back to the first radius server if possible
auth_serverslistlist of RADIUS authentication servers, order matters where the first one is treated as primary
acct_serverslistlist of RADIUS accounting servers, optional, order matters where the first one is treated as primary
sourcestringtunnel / oob / tunnel6 / oob6 / any (default). Specify source address to use when connecting to RADIUS servers
RADIUS Server
NameTypeDescription
hoststringip / hostname of RADIUS server
portintport of RADIUS server, default is 1812 for auth server and 1813 for acct server
secretstringsecret of RADIUS server
ssidslistlist of ssids that will use this server if match_ssid is true and match is found

Request Body

{"id"=>"572586b7-f97b-a22b-526c-8b97a3f609c4", "name"=>"Guest Cluster", "proxy"=>{"url"=>"http://proxy.corp.com:8080/"}, "mxedge_mgmt"=>{"fips_enabled"=>true, "oob_ip_type"=>"disabled", "oob_ip_type6"=>"disabled"}, "tunterm_hosts"=>["guest-sj1.corp.com"], "tunterm_ap_subnets"=>["0.0.0.0/0"], "tunterm_hosts_selection"=>"shuffle", "tunterm_hosts_order"=>[0, 1], "mist_das"=>{"enabled"=>true, "coa_servers"=>[{"enabled"=>false, "host"=>"aaa.internal", "secret"=>"testing456", "disable_event_timestamp_check"=>false}]}, "radsec"=>{"enabled"=>true, "proxy_hosts"=>["mxedge1.corp.com"], "match_ssid"=>false, "server_selection"=>"ordered", "auth_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123", "ssids"=>["corporate"], "keywrap_enabled"=>true, "keywrap_format"=>"hex", "keywrap_kek"=>"1122334455", "keywrap_mack"=>"1122334455"}, {"host"=>"radius.internal", "port"=>1812, "secret"=>"testing123", "ssids"=>["guest"]}], "acct_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123"}], "source"=>"tunnel"}, "mist_nac"=>{"enabled"=>true, "secret"=>"testing123", "client_ips"=>{"10.0.3.0/24"=>{"vendor"=>"cisco-ios", "secret"=>"alternative_one", "site_id"=>"00000000-0000-0000-1234-000000000000"}}, "auth_server_port"=>1812, "acct_server_port"=>1813}, "tunterm_monitoring_disabled"=>false, "tunterm_monitoring"=>[{"protocol"=>"ping", "host"=>"10.2.8.15", "timeout"=>300, "port"=>80}], "tunterm_extra_routes"=>{"11.0.0.0/8"=>{"via"=>"10.3.3.1"}}, "tunterm_dhcpd_config"=>{"enabled"=>false, "servers"=>["11.2.3.4"], "2"=>{"enabled"=>true, "servers"=>["11.2.3.44"]}}}

HEADERS

KeyDatatypeRequiredDescription
Acceptstring
X-CSRFTokenstring
Content-Typestring

RESPONSES

status: OK

{"id":"572586b7-f97b-a22b-526c-8b97a3f609c4","name":"Guest Cluster","tunterm_hosts":["guest-sj1.corp.com"],"tunterm_ap_subnets":["0.0.0.0/0"],"radsec":{"enabled":true,"auth_servers":[{"host":"1.2.3.4","port":1812,"secret":"testing123"},{"host":"radius.internal","port":1812,"secret":"testing123"}],"acct_servers":[{"host":"1.2.3.4","port":1812,"secret":"testing123"}]}}