Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Step 2: Up and Running

To onboard a Juniper device to Paragon Automation, you must commit the outbound SSH command to connect with Paragon Automation, on the device. This method of onboarding a device by committing the outbound SSH commands is also referred to as "Adopting a Device".

You can onboard a Juniper device to Paragon Automation by using any of the following methods:

To onboard a non-Juniper device, see Onboard a non-Juniper Device.

Note:

Among non-Juniper devices, only Cisco Systems devices are supported in this release. For a list of supported Cisco Systems devices, see Supported Hardware.

Onboard a Juniper Device

Paragon Automation provides the outbound SSH configuration that you can commit on the device to enable the device to connect with Paragon Automation.

To onboard a Juniper device by committing the SSH configuration:

  1. Navigate to Inventory > Network Inventory on the Paragon Automation GUI.
  2. On the Routers tab, click Add Device.
  3. On the Add Devices page, click Adopt Router.
  4. Click the Select Site drop-down list to select the site where the device is installed.
    The outbound SSH configuration that is required for the device to establish a connection with Paragon Automation is displayed.
  5. Click Copy Cli Commands to copy the CLI commands under the Apply the following CLI commands to adopt a Juniper Device if it meets the requirements section to clipboard and close OK.
  6. Access the device by using SSH and log in to the device in configuration mode.
  7. Paste the contents of the clipboard and commit the configuration on the device.
    The device connects to Paragon Automation and can be managed from Paragon Automation.
    After you adopt a device, you can verify connectivity status by running the following command on the device:

    user@host> show system connections |match 2200

    tcp 0 0 ip-address:38284 ip-address:2200 ESTABLISHED 6692/sshd: jcloud-stcp 0 0 <varname>ip-address</varname>:38284 <varname>ip-address</varname>:2200 ESTABLISHED 6692/sshd:

    Established in the output indicates that the device is connected with Paragon Automation.

After the device is onboarded, the status of the device on the Inventory page (Inventory > Devices > Network Inventory) shows as Connected, You can now start managing the device. See Device Management Workflow.

Also, you can move the device to In Service after onboarding so that services can be provisioned on the device. See Approve a Device for Service.

Onboard a Device by Using ZTP

Prerequisites:

  • (Recommended) A network implementation plan be configured for the device.

  • The device should be zeroized or in its factory-default settings.

  • A TFTP server reachable from the device.

  • A DHCP server reachable from the device, with the ability to respond to the device with the TFTP server and configuration file (Python or SLAX script) name.

To onboard a device by using ZTP:

  1. Create an onboarding script (in Python or SLAX) by saving the outbound SSH configuration statements in a file. You can obtain the outbound SSH configuration statements by using the getOutboundSshCommand REST API.

    See API Docs under the Help menu of the Paragon Automation GUI for information about using the API.

  2. Upload the onboarding script to the TFTP server.
  3. Configure the DHCP server with the onboarding script filename and path in the TFTP server.
  4. Install the device, connect it to the network, and power on the device.

    For information about installing the device, see the respective Hardware guide at https://www.juniper.net/documentation/.

    After the device is powered on:
    1. The factory default settings in the device triggers a built-in script (ztp.py) which obtains the IP addresses for the management interface, default gateway, DNS server, TFTP server, and the path of the onboarding script (Python or SLAX) on the TFTP server, from the DHCP server.

    2. The device configures its management IP address, static default route, and the DNS server address, based on the values obtained from the DHCP network.

    3. The device downloads the onboarding script, based on the values from the DHCP network, and executes it, resulting in the onboarding configuration statements being committed.

    4. The device opens an outbound SSH session with Paragon Automation based on the committed onboarding configuration.

  5. After the device connects with Paragon Automation, Paragon Automation configures management and telemetry parameters including gNMI by using NETCONF. Paragon Automation also uses NETCONF to configure the interfaces and protocols based on the network implementation plan associated with the device.
  6. Log in to the Paragon Automation GUI and view the status of device onboarding on the Inventory (Inventory > Devices > Network Inventory) page. After the device status changes to Connected, you can start managing the device. See Device Management Workflow for details.

Sample Onboarding Script for Committing SSH Configuration on a Device

The following is a sample of the onboarding script that is downloaded from the TFTP server to the device:

Onboard a non-Juniper Device

Note:

In this release, you can onboard a non-Juniper device by using REST APIs. Onboarding a non-Juniper device by using GUI is a Beta feature and may not work as expected. See Help > API Docs for information about Paragon Automation REST APIs.

To onboard a non-Juniper device:

  1. Navigate to Inventory > Network Inventory on the Paragon Automation GUI.
  2. On the Routers tab, click Add Device.
  3. On the Add Devices page, click Adopt a Device.
  4. In the Adopt a Device section, enter the device details—Device name, IPv4 address and port, site, vendor, model, operating system, connection timeout (in minutes), and retry delay (in minutes).
  5. Under Authorization, click:
    • Upload a Certificate to use TLS certificates to authenticate the device.

      If you use the Upload a Certificate option, upload:

      • TLS certificate for the device in Certificate.

      • Certificate key for the device in Key Certificate.

      • Root certificate of the Certificate Authority (CA) in the Certificate Authority.

    • Credentials to authenticate by using username and password.

      If you use the Credentials option, enter the username and password to authenticate the device.

  6. Click OK.

    Paragon Automation connects with the device. You can now manage the device by using Paragon Automation.

    After the device connects with Paragon Automation, you can view the details of the device on the Inventory page (Inventory > Devices > Network Inventory).