Create Onbox Agent
You need full admin / root privileges to create onbox agents. We recommend creating a dedicated user on the device using Apstra ZTP or other means. Make sure that you've:
- Added login credentials for the devices.
- Configured management IP connectivity between devices and the Apstra server. You must do this before installing agents so it’s out-of-band (OOB). Configuring management connectivity in-band (through the fabric) is not supported and could cause connectivity issues when changes are made to the blueprint.
- Uploaded required packages.
Before creating/installing onbox device agents on Cisco NX-OS and Arista EOS, configure the following minimum configuration on them as shown below. (SONiC Enterprise has no specific configuration requirements other than Management Network and privileged user access.)
Cisco NX-OS Onbox Agent Minimum Configuration
! copp profile strict ! username admin password <admin-password> role network-admin ! vrf context management ip route 0.0.0.0/0 <management-default-gateway> ! interface mgmt0 ip address <address>/<cidr> !
Arista EOS Onbox Agent Minimum Configuration
! service routing protocols model multi-agent ! aaa authorization exec default local ! username admin privilege 15 role network-admin secret <admin-password> ! interface Management1 ip address <address>/<cidr> ! ip route vrf management 0.0.0.0/0 <management-default-gateway> !
Make sure the following configuration is not on the device:
- VLANs other than VLAN 1
- VRFs other than "management"
- Interface IP addresses other than "management"
- Loopback interfaces
- VLAN interfaces
- VXLAN interfaces
- AS-Path access-lists
- IP prefix-lists
- Route maps or policies
- BGP configuration
During the agent install process, device configuration is validated, and if the device contains configuration that could prevent the deployment of service configuration, the agent install process raises an error (as of Apstra 4.0.1).
In this case, manually remove conflicting configuration and start the agent installation process again.
If you must complete the agent installation with configuration validation errors, you can disable pristine configuration validation. To do this, from Devices > Managed Devices, click Advanced Settings (top-right), select Skip Pristine Configuration Validation, then click Update.
For information about retaining pre-existing configuration when bringing devices under Apstra management, see Device Configuration Lifecycle.
On some platforms (Junos for example) you can configure rate-limiting for management traffic (SSH for example). When the Apstra server interacts directly with devices it can be more bursty than when it interacts with a user. Rate-limiting configurations that are used for hardening security can impact device management, and lead to deployment failures and other agent-related issues.
Parameter | Description |
---|---|
Device addresses | Management IP(s) of the device(s) |
Operation Mode |
|
Username / Password | If you're not using an agent profile with credentials, check these boxes and add credentials. |
Agent Profile | If you don't want to manually enter credentials and packages, use agent profiles that you previously defined. |
Job to run after creation |
|
Install Requirements (servers only) | For servers only: If servers don't have Internet connectivity, uncheck the box. |
Packages | Before creating the agent, install required packages so they are available. Packages associated with selected agent profiles are listed here as well. |
- Confirm that you've installed the minimum configuration as described above, and that the device doesn't contain configuration that would raise validation errors.
- From the left navigation menu, navigate to Devices > Managed Devices and click Create Onbox Agent(s).
- Specify agent details as described in the parameters table above.
- Click Create. While the task is active you can view its progress at the bottom of the screen in the Active Jobs section. The job status changes from Initialized to In Progress to Succeeded.