Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Software Installation and Upgrade

  • Support for SZTP (PTX10002-36QDD)—Use RFC-8572-based secure zero-touch provisioning (SZTP) to bootstrap your remotely located network devices that are in a factory-default state. SZTP enables mutual authentication between the bootstrap server and the network device before initiating ZTP.

    To enable mutual authentication, the system generates a unique digital voucher based on the Digital Device ID or Cryptographic Digital Identity (DevID) of the network device. The DevID is embedded inside Trusted Platform Module (TPM) 2.0 chip on the network device. We issue a digital voucher to customers for each eligible network device.

    [See Secure Zero Touch Provisioning and Generate Secure ZTP Vouchers.]

  • Switching between SZTP and ZTP on secure platforms (PTX10002-36QDD)—You can switch between using secure zero-touch provisioning (SZTP) and zero-touch provisioning (ZTP) on secure platforms. To override the default behavior of your secure device, you can issue the request system zeroize ztp-option secure disable command. When you issue this command, the CLI checks to see if the default platform behavior is secure. If the default platform is secure, the device will run ZTP after you reboot. If the default platform is not secure, the process ends. When you issue the request system zeroize ztp-option secure enable command, the CLI checks to see if the platform behavior is secure. If the default platform is secure, the process ends. If the platform isn’t secure, you will receive an error that says the platform is not secure and cannot switch to SZTP. The process ends.

    [See Switching between Secure Zero Touch Provisioning and Zero Touch Provisioning.]

  • ZTP on WAN Interfaces (PTX10002-36QDD)—Zero-touch provisioning (ZTP) dynamically detects the port speed of WAN interfaces and uses this information to create ZTP client ports with the same speed. ZTP automatically cycles through the WAN ports until it receives DHCP options from the DHCP server. The device uses the DHCP options to perform the bootstrap process.

    [See Zero Touch Provisioning.]

  • Separate firmware installation packages (ACX7024, ACX7024X, ACX7100, ACX7332, ACX7348, PTX10004, PTX10008, and PTX10016)—You can manage firmware upgrades using standalone firmware installation packages. The names for these packages begin with the prefix jfirmware-junos-evo-install*. You can use these packages to upgrade firmware independently from full software upgrades, addressing requirements such as bug fixes, security updates, and new functionality from hardware vendors. The firmware packages align with the naming conventions of EVO packages and are version-independent, allowing for targeted updates without needing to upgrade all of the software on a system.

    You add a firmware package to the system with the request system software add command. Once you have added the firmware package to your system, you update the firmware for a hardware component using the request system firmware upgrade command.

    [See Upgrade Firmware on Junos OS Evolved Devices, Junos OS Evolved Installation Packages, request system software add (Junos OS Evolved), request system firmware upgrade (Junos OS Evolved) and show system firmware (Junos OS Evolved).]

  • Static configuration of MAC-IP bindings (ACX7100-32C, ACX7100-48L, PTX10001-36MR, and PTX10008)—You can configure MAC-IP bindings on interfaces to improve network management and host communication. This setup is similar to configuring static MAC addresses on an interface. Use this feature to streamline operations in static environments, such as Internet Exchange Points (IXPs), where Customer Edge (CE) routers remain fixed.

    [See Static Configuration of MAC-IP Bindings.]