IN THIS PAGE

Configuring a Device Template

Device templates contain global parameters and workflows. Global parameters are a set of variables that can be customized easily.

Configuring Template Settings in a Device Template

To configure the device template settings:

Select Resources > Device Template.
The Device Templates page appears.
Select a device template for which you want to configure the settings and then select Edit Device Template > Template Settings.
The Template Settings page appears.
Complete the configuration settings according to the guidelines provided in Table 1.
Click Save.

Table 1: Fields on the Template Settings Page

Name	Description
Customer Parameters
AUTO_DEPLOY_STAGE2_CONFIG	Specify whether to automatically deploy stage-2 configuration at the end of the Zero Touch Provisioning (ZTP) workflow. Example: Enabled
ZTP_ENABLED	Specify whether to enable ZTP for the device. Note: This option is supported on SRX Series Services Gateways only. Example: Enabled
PRE_STAGED_CPE	Specify whether the CPE device is pre-staged with WAN configuration. Note: This option is supported on SRX Series Services Gateways only. Example: Enabled
ACTIVATION_CODE_ENABLED	Specify whether the customer must use an activation code to activate the CPE device. Example: Enabled
OOB_OAM_Port	Specify the name of the port used for out-of-band Operation, Administration, and Maintenance (OAM) traffic. This port is used in deployments where OAM and data traffic are on separate physical ports. Note: This option is supported on SRX Series Services Gateways only. Example: fxp0
S2_MODEL_HUGEPAGE_COUNT	Specify the number of 1-GB huge pages to be used by the VNFs on an NFX250-S2 device with a total memory of 32 GB. Example: 21
USE_SINGLE_SSH_TO_NFX	Specify whether to enable device-initiated connections (outbound SSH) with port-forwarding capability. Port forwarding enables Contrail Service Orchestration to manage an NFX250 device through a single IP address. Example: Enabled
S1_MODEL_HUGEPAGE_COUNT	Specify the number of 1-GB huge pages to be used by the VNFs on an NFX250-S1 device with a total memory of 16 GB. Example: 21
VNF_OAM_TRANSLATED_PORT_START	Specify the first port number that can be used to expose a port on the gateway router’s OAM or WAN interface through port translation. Use this option in cases where the VNF does not have its own OAM IP address from the in-band OAM network.
ENC_ROOT_PASSWORD	Specify the Junos OS-encrypted root password to be set on an NFX250 device. Example: *****************
WAN Port Names	Specify the mapping Junos OS interface descriptors for the hardware ports. The RJ-45 port is the default port for the NFX250 device. You can change the default port if you want to use a different type of connector, such as SFP.
GWR_LAN_PORT	Specify the mapping of the gateway router’s LAN port names to the corresponding front panel physical port names on the NFX250 device. Currently, the logical ports are created on the ge-0/0/4 interface.
JCP_LAN_PORT_NAMES	Specify the port names from LAN_0 through LAN_9.
GWR_LAN_PORT_NAMES	Specify the port names from LAN_0 through LAN_9.
LAN_PORT_NAMES	Specify the port names from LAN_0 through LAN_10.
CONTROL_LINK_PORT_NAME	Enter the physical port name for control link connection. Example: xe-0/0/12
FAB_LINK_PORT_NAME	Enter the physical port name for fabric link connection. Example: xe-0/0/13
OOB_MGMT_ENABLED	Specify whether to use the out-of-band (OOB) management port of the device for management connectivity. If the field is enabled, a default route will be available through this interface. If the field is disabled, there is no connectivity through the OOB management port of the device and the stage-1 configuration that is generated will include a static default route.
AUTO_INSTALL_LICENSE_TO_DEVICE	Click the toggle button to enable automatic installation of the license on CPE device at the end of ZTP workflow.
GWR_VSRX_IMAGE_LOCAL_FILE_PATH	Enter the local path of the vSRX image that is installed on the NFX250 device. The image file is required when the gateway router VM is created. If this parameter is not set, or if the file is not present on the NFX250 device, then a vSRX image is downloaded from the CSO file server to the NFX250 device. Example: ./var/third-party/images/vsrx-15.1X*.qcow2
GWR_VSRX_IMAGE_CNAME_IN_CSO	Enter the name of the vSRX image uploaded into the Image Management Service in CSO. When creating the gateway VM, if the vSRX image file is not present locally, then the image with this name is downloaded to the NFX250 device.
INTERNAL_OAM_SUBNET	Enter the IP address for the subnet that is used for internal OAM.
ADSL_VPI	Enter the Virtual Path Identifier (VPI) setting to connect to the ADSL service provider through PPPoE. Example: 8
ADSL_ENCAP	Enter the encapsulation that is used to connect to the ADSL service provider through PPPoE. Example: llcsnap-bridged-802.1q
ADSL_VCI	Enter the VCI (Virtual Channel Identifier) setting to connect to the ADSL service provider through PPPoE. Example: 36
DSL_VLAN	Enter the reserved internal VLAN ID to be used as the native-vlan-id on xDSL ports to ensure that untagged control frames are processed. Example: 4087
CLUSTER_OFFSET	Enter the cluster slot number for designated secondary node.

Updating Stage-2 Configuration Template in a Device Template

Each device template has a set of configuration templates that can be used to deploy additional configuration on to the CPE device after it is activated. These templates are known as stage-2 configuration templates. You can add or remove stage-2 configuration templates from a device template.

Note

By default, the CPE device configuration is not supported on the CPE device. If you need the CPE device configuration, then you must configure it through stage-2 configuration in the device templates.

To add a stage-2 configuration template:

Select Resources > Device Template.
The Device Templates page appears.
Select a device template for which you want to add the stage-2 configuration and select Edit Device Template > Stage-2 Config Templates.
The Stage-2 Configuration Templates page appears. Table 2 lists the fields (and their descriptions) on the Stage-2 Configuration Templates page.
Click the add icon (+) and complete the configuration settings according to the guidelines provided in Table 3.
Click Save.
The new stage-2 configuration template is included in the device template.

Table 2: Fields on the Stage-2 Configuration Templates Page

Name	Description
Name	View the name of the stage-2 configuration template. Example: LAN side config
Component Name	View the name of the component through which the settings are configured. The components that are currently supported are: JUNOS—Supported only on SRX Series Services Gateway. Juniper Device Manager (JDM)—Supported on NFX250 device. JDM is a Linux container that manages software components. Juniper Control Plane (JCP)—Supported on NFX250 device. JCP is the Junos VM running on the hypervisor. Administrators can use JCP to configure the network ports of the NFX250 device. JCP is used to configure the switching and routing function on the NFX250 device. Gateway Router (GWR)—Supported on NFX250 device. vSRX as a gateway provides the same capabilities as Juniper Networks SRX Series Services Gateways in a virtual form factor, providing perimeter security, IPsec connectivity, and filtering for malicious traffic without sacrificing reliability, visibility, or policy control. This virtual security and routing appliance ensures reliability and high availability for each application. Example: JUNOS
Hide	Displays whether the template is hidden on Customer Portal. true—Template is not visible on Customer Portal. false—Template is visible on Customer Portal. Example: false
Copy input from	Displays the template from which you copied the settings.
Auto Deploy	Displays whether the stage-2 configuration is automatically pushed to the device during ZTP process.
Enable for	Displays whether the stage-2 configuration template is enabled for all tenants, no tenants, or specific tenants.

Table 3: Fields on the Add New Template Page

Name	Description
Template	Select the configuration template from the drop-down list. The configuration templates are designed in the Configuration Designer tool. Example: srx-basic-sdwan-cpe-config
Display Name	Specify the name of the template that you want to display on the configuration interface. Example: SDWAN Config
Component Name	Specify the component name through which the settings are configured. The components that are currently supported are: JUNOS—Supported on SRX Series Services Gateway. Juniper Device Manager (JDM)— Supported on NFX250 device. JDM is a Linux container that manages software components. Juniper Control Plane (JCP)—Supported on NFX250 device. JCP is the Junos VM running on the hypervisor. Administrators can use JCP to configure the network ports of the NFX250 device. JCP is used to configure the switching and routing function on the NFX250 device. Gateway Router (GWR)—Supported on NFX250 device. vSRX as a gateway provides the same capabilities as Juniper Networks SRX Series Services Gateways in a virtual form factor, providing perimeter security, IPsec connectivity, and filtering for malicious traffic without sacrificing reliability, visibility, or policy control. This virtual security and routing appliance ensures reliability and high availability for each application. Example: JUNOS
Hide	Specify whether you want to hide the configuration template on Customer Portal. You might want to choose to hide the template if you are reusing the template for multiple components. hide—White dot on right with blue background. show—White dot on left with gray background. Example: hide
Copy From Template	If you have chosen to hide the configuration template on the user interface, then specify the template from which you want to copy the settings. Example: srx-mis-lan-to-wan-config
Auto Deploy	Specify whether the stage-2 configuration must be automatically pushed to the device during ZTP process. The available options are Same as global settings Yes No
Enabled for	You can enable the stage-2 configuration template for all tenants, specific tenants, an SP administrator or an OpCo administrator. Note: Only users with SP administrator or OpCo administrator role can enable stage-2 configuration templates. The available options are: All Tenants—Select this option to enable stage-2 configuration template for all tenants. Both SP and OpCo administrators can view templates for all tenants by switching the scope to the specific tenant. By default, stage-2 configuration templates assigned to all tenants are automatically applied to any new tenant. No Tenants—Select this option to enable stage-2 configuration template for an SP administrator or an OpCo administrator. An SP administrator can modify the stage-2 configuration template. An OpCo administrator cannot modify the stage-2 configuration template. However, an OpCo administrator can clone the stage-2 configuration template and then modify the template. Selective Tenants—Select this option to enable stage-2 configuration template for specific tenants. A tenant administrator can view and manage stage-2 template for a specific tenant. When you select the Selective Tenants option, the Tenants section is displayed. Select one or more tenants. Click the greater-than icon (>) to move the selected tenant or tenants from the Available column to the Selected column. You can use the search icon on the top right of each column to search for tenant names. The default option is All Tenants.

To remove a stage-2 configuration template:

Select Resources > Device Templates.
The Device Templates page appears.
Select the device template for which you want to remove the stage-2 configuration and then select Edit Device Template > Stage-2 Config Templates.
The Stage-2 Config Templates page appears.
Select a configuration template and click the delete icon (X).
A page requesting confirmation for the deletion appears.
Click Yes to confirm that you want to delete the stage-2 configuration template.
The configuration template is deleted.

Configuring Stage-2 Initial Configuration

In general, the tenant administrators initiate stage-2 configuration through Customer Portal. However, in certain cases, the same stage-2 configuration needs to be deployed to CPE devices in all sites that are activated using a specific device template. In such cases, you can attach an initial configuration to a stage-2 config template of a device template. When a new CPE device in the site is activated using the device template, the initial configuration is automatically deployed to the CPE device.

The list of initial configurations that are supported are:

Policies configuration
LAN configuration
SD-WAN configuration
Routing configuration

To update an initial configuration for stage-2 configuration template:

Select Resources > Device Templates.
The Device Templates page appears.
Select the device template for which you want to configure the stage-2 configuration and then select Edit Device Template > Stage-2 Initial Config.
The Stage-2 Initial Configuration page appears, listing the existing settings.
Complete the configuration settings according to the guidelines provided in Table 4, Table 5, and Table 6.
Click Ok.

Table 4: Fields for the VLAN Settings on the Stage-2 Initial Configuration Page

Field	Description
VLAN ID	Specify the identifier for the Layer 2 VLAN for the CPE device. Example: 230
IRB IP Prefix	Specify the IP address, including the subnet prefix, and the integrated routing and bridging (IRB) interface on the CPE device. Example: 192.0.2.15/24
LAN Ports	Specify the LAN ports on the CPE device. Example: ge-0/0/0

Field

Description

VLAN ID

Specify the identifier for the Layer 2 VLAN for the CPE device.

Example: 230

IRB IP Prefix

Specify the IP address, including the subnet prefix, and the integrated routing and bridging (IRB) interface on the CPE device.

Example: 192.0.2.15/24

LAN Ports

Specify the LAN ports on the CPE device.

Example: ge-0/0/0

Table 5: Fields for the LAN Settings on the Stage-2 Initial Configuration Page

Field	Description
LAN port	Specify the LAN ports on the CPE device. Example: ge-0/0/0
IP Address	Specify the IP address on the CPE device. Example: 192.0.2.255

Field

Description

LAN port

Specify the LAN ports on the CPE device.

Example: ge-0/0/0

IP Address

Specify the IP address on the CPE device.

Example: 192.0.2.255

Table 6: Fields for the SRX Basic SD-WAN Settings on the Stage-2 Initial Configuration Page

Field	Description
Manage App Group	Click to manage the application groups. The application group is predefined in the system for all SRX Series and vSRX configuration settings. The settings are preloaded and displayed on the portal. You can also create new application groups.
Manage App SLA Profile	Click to manage the application service-level agreements (SLA) profiles.
Rule Name	Specify the rule name. Example: critical-apps
Application/Groups	Specify the applications or application groups for the rule. Example: Oracle, SAP
Application SLA Profile	Specify the application SLA profile for the rule. Example: critical-apps

IN THIS PAGE

Configuring a Device Template

Configuring Template Settings in a Device Template

Updating Stage-2 Configuration Template in a Device Template

Configuring Stage-2 Initial Configuration

See also

Related Documentation