Step 2: Up and Running
Generate a Voucher Certificate
To onboard your device, you'll need to generate a voucher certificate through the Juniper Agile Licensing (JAL) portal. This voucher certificate validates that a device with a serial number belongs to the correct owner. You can generate a voucher certificate for one device or for multiple devices.
Generate a Voucher Certificate for One Device
Here's how to generate a voucher certificate for your network device using the JAL Portal.
Generate Voucher Certificates for Multiple Devices
Here's how to generate voucher certificates for multiple network devices using the JAL Portal.
Workflow for Onboarding Devices with Secure ZTP
Here’s an overview of the steps for onboarding a factory-default device with Secure ZTP
-
Boot the device in a factory-default state.
-
Deploy your DHCP and DNS servers. Configure DCHP option 143 on your DHCP server so it can advertise the names of your redirect and bootstap servers.
-
Deploy your redirect and bootstrap servers.
-
Generate redirect and bootstrap information for each network device.
-
Use the redirect and bootstrap information that the redirect and bootstrap servers provide to provision your network devices
-
Acquire DevID trust anchors from Juniper Networks.
-
Connect to DHCP:
-
The DHCP client sends a request to the DHCP server to obtain the bootstrap server information.
-
The DHCP server sends the bootstrap server IP address and requested information.
-
-
Connect to PHC:
-
The phone-home client (PHC) on your device sends a bootstrap request to either the bootstrap server or DNS to obtain the IP address of the phone-home server. The PHC also requests the device's serial number and activation code of the server.
-
The bootstrap server responds and sends the IP address of the phone-home server as well as its owner certificate to the PHC.
-
If needed, the PHC requests for the Junos OS software image. The bootstrap server responds and sends the image and configuration to the PHC.
-
-
Software Installation:
-
Your network device reboots after the software image installation completes.
-
The PHC runs pre-configuration scripts, commits the configuration, runs post-configuration scripts, sends a bootstrap complete message to the bootstrap server, cleans up the PHC related configurations and resources, and terminates the session.
-