Juniper Device Agent¶
This document describes how to manually install Juniper device agents.
Juniper ZTP¶
Note
For an option that’s simpler and easier to support at scale, see Apstra ZTP Documentation, which shows you how to automatically boot and install Apstra device agents and prerequisite switch configuration.
Disabling ZTP¶
Important
If you want to install agents manually because a previous attempt to install
them with Apstra ZTP failed, you must first delete the ZTP mode (since it
remains active) with the command delete chassis auto-image-upgrade.
If you’re going to provision the Juniper switch without ZTP (ZTP Disabled),
make sure that the ZTP process is disabled before proceeding. After logging into
the switch for the first time and setting system root-authentication,
configure delete chassis auto-image-upgrade.
{master:0}
root> edit
Entering configuration mode
{master:0}[edit]
root# delete chassis auto-image-upgrade
{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode
{master:0}
root>
Initial Juniper Junos Configuration¶
Juniper Junos devices require the below minimal configuration before installing Apstra device system agents.
system {
login {
user aosadmin {
uid 2000;
class super-user;
authentication {
encrypted-password "xxxxx";
}
}
}
services {
ssh;
netconf {
ssh;
}
}
management-instance;
}
interfaces {
em0 {
unit 0 {
family inet {
address <address>/<cidr>;
}
}
}
}
routing-instances {
mgmt_junos {
routing-options {
static {
route 0.0.0.0/0 next-hop <management-default-gateway>;
}
}
}
}
Configuring super-user User¶
For the device system agent to connect to the Juniper Junos
device, you must configure a local device user with class super-user.
{master:0}
root> edit
Entering configuration mode
{master:0}[edit]
root# set system login user aosadmin class super-user
{master:0}[edit]
root# set system login user aosadmin authentication plain-text-password
New password:
Retype new password:
{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode
{master:0}
root>
Note
If you intend to use another authentication method for device access (for example, RADIUS), you must use local password authentication first.
system authentication-order [ password radius ]
Configuring IP address and Management VRF¶
Device system agents use the Junos mgmt_junos
management-instance VRF and the management interface (for example, em0).
{master:0}
root> edit
Entering configuration mode
{master:0}[edit]
root# set system management-instance
{master:0}[edit]
root# set interfaces em0.0 family inet address 192.168.59.11/24
{master:0}[edit]
root# set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 192.168.59.1
{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode
{master:0}
root>
If the Juniper device uses another management interface (such as vme.0), configure the management IP address on it instead.
Configure SSH and NETCONF¶
Device system agents require Junos SSH and NETCONF access to be
configured under system services.
{master:0}
root> edit
Entering configuration mode
{master:0}[edit]
root# set system services ssh
{master:0}[edit]
root# set system services netconf ssh
{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode
{master:0}
root>
Add Junos License Configuration¶
You can add license configuration before installing the system agent (to make it part of the pristine configuration), but the preferred method is to add license configuration with configlets.