Software Installation and Upgrade

Support for secure ZTP and ZTP (ACX7024)—Starting in Junos OS Evolved Release 23.2R1, we support secure zero-touch provisioning (secure ZTP) and ZTP on the ACX7024 router. You can use RFC-8572-based secure ZTP to bootstrap remotely located network devices that are in a factory-default state. Secure ZTP enables mutual authentication between the bootstrap server and the network device before provisioning the remote network device. By default, the ACX7024 router uses ZTP.

To use secure ZTP for bootstrapping, the bootstrap protocol should be changed from the default ZTP to secure ZTP using the following CLI commands over the console connection:
- request system zeroize ztp-option secure-enable—Enables secure ZTP from the default ZTP.
  
  Note:
  If the device is secure ZTP capable, the system boots in secure ZTP mode. If the device is not secure ZTP capable, the system issues a warning stating that the device is not secure capable and boots in ZTP mode.
- request system zeroize ztp-option secure-disable—Disables secure ZTP mode and defaults to ZTP.
To learn about secure ZTP, see Secure Zero Touch Provisioning.

To onboard your Juniper devices with secure ZTP, see Secure ZTP Quick Start Guide.
Switching between secure ZTP and ZTP on secure platforms (ACX7024)—Starting in Junos OS Evolved Release 23.2R1, you can switch between using secure zero-touch provisioning (ZTP) and ZTP on secure platforms.

When you issue the request system zeroize ztp-option secure enable command, the system boots in secure-ZTP mode if the platform is secure capable. The system issues an error if that device is not secure capable and will boot in classic ZTP mode.

When you issue the request system zeroize ztp-option secure disable command, the system disables secure ZTP and defaults to ZTP.

Note:
If you use the ztp-option, when you zeroize your system, the system will retain the same option.

[See Secure Zero Touch Provisioning.]