Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

ZTP of an EX Series Switch is Failing

 

Problem

Description: ZTP of an EX Series switch is failing.

Solution

ZTP of an EX Series switch may fail because of the following reasons:

For a switch connected behind a CPE or firewall:

  • DHCP may not be configured on the link connecting the switch to the CPE, firewall, or Internet gateway.

    To rectify this issue, try connecting the switch to CPE or next-generation firewall after the CPE is fully provisioned.

  • If the CPE or next-generation firewall connected to the switch is an SRX Series device, there may be issues with the certificates installed on the SRX series device.

    To rectify this issue, disable the AUTO_INSTALL_DEFAULT_TRUSTED_CERTS_TO_DEVICE parameter in the SRX Series device template and retry adding the site with the SRX series device and the switch. Reinstall certificates on the SRX Series device after ZTP of the CPE and the switch is successful.

  • If the CPE or next-generation firewall connected to the switch is an SRX Series device running on Junos OS release 19.3R2-S1 or 19.3R2-S2, the port connecting to the CPE or next-generation firewall and the switch might be blocked by RSTP.

    To resolve this issue, disable the RSTP protocol on the SRX Series device or add the set protocols rstp force-version stp statement as part of the stage-2 configuration on the SRX Series device.

  • The trunk ports connecting the CPE or next-generation firewall and the EX Series switch may be assigned to a LAN segment.

    To resolve this issue, check the ports connecting the switch and the CPE or firewall. If the trunk port is assigned to a LAN segment, remove the association of the LAN segment configured on the trunk port and retry ZTP,

  • If the bootstrap process is failing, check the trunk ports connecting the CPE or next-generation firewall and the switch by using the show lldp neighbors command. The port that you assigned in the CPE may not be actually connected to the trunk ports of the switch and therefore, the switch might not be getting the DHCP information resulting in ZTP not succeeding.

    To resolve this issue, reconnect the CPE or next-generation firewall and the switch.