Juniper Device Agent

This document describes how to manually install Juniper device agents.

Juniper ZTP

Note

For an option that’s simpler and easier to support at scale, see Apstra ZTP Documentation, which shows you how to automatically boot and install Apstra device agents and prerequisite switch configuration.

Disabling ZTP

Important

If you want to install agents manually because a previous attempt to install them with Apstra ZTP failed, you must first delete the ZTP mode (since it remains active) with the command delete chassis auto-image-upgrade.

If you’re going to provision the Juniper switch without ZTP (ZTP Disabled), make sure that the ZTP process is disabled before proceeding. After logging into the switch for the first time and setting system root-authentication, configure delete chassis auto-image-upgrade.

Disabling ZTP
{master:0}
root> edit
Entering configuration mode

{master:0}[edit]
root# delete chassis auto-image-upgrade

{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode

{master:0}
root>

Initial Juniper Junos Configuration

Juniper Junos devices require the below minimal configuration before installing Apstra device system agents.

Juniper Junos Minimum Configuration for Off-box Agent
system {
    login {
        user aosadmin {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "xxxxx";
            }
        }
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
    management-instance;
}
interfaces {
    em0 {
        unit 0 {
            family inet {
                address <address>/<cidr>;
            }
        }
    }
}
routing-instances {
    mgmt_junos {
        routing-options {
            static {
                route 0.0.0.0/0 next-hop <management-default-gateway>;
            }
        }
    }
}

Configuring super-user User

For the device system agent to connect to the Juniper Junos device, you must configure a local device user with class super-user.

Configuring super-user User
{master:0}
root> edit
Entering configuration mode

{master:0}[edit]
root# set system login user aosadmin class super-user

{master:0}[edit]
root# set system login user aosadmin authentication plain-text-password
New password:
Retype new password:

{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode

{master:0}
root>

Note

If you intend to use another authentication method for device access (for example, RADIUS), you must use local password authentication first.

system authentication-order [ password radius ]

Configuring IP address and Management VRF

Device system agents use the Junos mgmt_junos management-instance VRF and the management interface (for example, em0).

Configuring IP address and Management VRF
{master:0}
root> edit
Entering configuration mode

{master:0}[edit]
root# set system management-instance

{master:0}[edit]
root# set interfaces em0.0 family inet address 192.168.59.11/24

{master:0}[edit]
root# set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 192.168.59.1

{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode

{master:0}
root>

If the Juniper device uses another management interface (such as vme.0), configure the management IP address on it instead.

Configure SSH and NETCONF

Device system agents require Junos SSH and NETCONF access to be configured under system services.

Configure SSH and Netconf
{master:0}
root> edit
Entering configuration mode

{master:0}[edit]
root# set system services ssh

{master:0}[edit]
root# set system services netconf ssh

{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode

{master:0}
root>

Add Junos License Configuration

You can add license configuration before installing the system agent (to make it part of the pristine configuration), but the preferred method is to add license configuration with configlets.