Skip to main content

Step 2: Install the SSR Software and Initialize the Conductor

This step boots the conductor VM from the SSR ISO, installs the software, and configures the VM as a standalone conductor with a static management IP.

Install SSR Software

  1. Select the VM in the ESXi Navigator and click the Play (Power On) button.

    Power On

  2. At the Install menu, use the arrow keys to select VGA Console.

    Install Type

  3. If you require FIPS mode, select Install Option 1 and press Enter. If FIPS is not required, press Enter without selecting an option. The download and installation begins.

    note

    IDP is not compatible with systems running in FIPS 140-3 mode, including Common Criteria or JITC deployments. If you plan to enable IDP, do not enable FIPS mode. See IDP Troubleshooting for information on disabling FIPS mode if needed.

    Additionally, please note that FIPS mode disables BGP MD5 authentication.

    Install Options

  4. The installation runs to completion automatically. This may take approximately 15–20 minutes.

    Install Progress

  5. When prompted to reboot, allow the VM to shutdown.

    Install Complete

Configure the Conductor Management VLAN

These steps configure the interface you will use to initialize the conductor via the Web GUI.

  1. In the VM in the ESXi Navigator, start the Conductor Virtual Machine.

    During the boot process, service failure warnings appear - these are due to services that are not yet running and can be ignored.

    Boot Warnings

    The message Device Registered with Mist Cloud: Attempting to Connect displays in the window.

    Mist messages

    These messages appear due to the instance attempting to connect to the Mist Cloud. The mist-agent is enabled by default and will continue to reach out to Mist to connect. In Conductor-managed air-gap networks where there is never any intent to connect to Mist, disabling the Mist Agent has no operational impact, and is actually desirable. Stopping the Mist Agent stops the messages, allowing you to continue the process.

  2. Select Console and login using the root credentials.

    • Username: root
    • Password: 128tRoutes

  3. Run the following two commands to disable the service and stop the messages.

    systemctl disable 128T-mist-agent
    systemctl stop 128T-mist-agent

  4. From the linux prompt run the command ip a | more . Make a note of the ge-0-0 interface and MAC address association.

    Conductor Console

    Example:

    ge-0-0 =00:0c:29:68:78:7c

    4a. If you do not see the ge-0-0 interface, use the following steps to retrieve the information from the SSR CLI:

    • From the linux shell, run the command su admin to enter the SSR CLI.
    • Run show network-interface | more. This will display the DHCP IP address.

    show network interface

    • Locate the ge-0-0 interface, and make a note of the IP address.

  5. From the Conductor VM in the ESXi Navigator, select Actions and then Edit.

    Edit VM settings

  6. Select Network Adapters and verify the ge-0-0 MAC address from step 3 is displayed.

  7. Set Network Adapter 1 to VM Network.

    All ge-0-0 interfaces on all routers in the network will be in the VM Network management network.

  8. Click Save.

Initialize the Conductor

  1. After the system boots, the SSR login screen appears. Login using the root credentials.

    • Username: root
    • Password: 128tRoutes

    Conductor Login

    The system takes a few minutes to start up.

  2. Run the command su admin to enter the CLI. This may fail until the system completes the start up process.

    Install complete login

  3. Once you are able access the CLI, run the command show system. When the status returns as running, continue with the next step.

  4. From the CLI, run the initialize conductor command shown below. Use the folowing table to set the values indicated:

    FieldExample ValueNotes
    Node IP Address192.168.100.10/24DHCP management IP
    Node Gateway192.168.100.1Management network gateway
    Interface Namege-0-0Management interface
    DNS Server8.8.8.8Required for software downloads
    Artifactory Username(your username)Juniper software access
    Artifactory Password(your token)Juniper software access token
    initialize conductor router-name Conductor node-name node0 node-ip 192.168.100.10/24 node-gateway 192.168.100.1 dns-servers 8.8.8.8 artifactory-user <your user name> artifactory-password <artifactory token>

    The Artifactory username and password are required for your device to access the Juniper software repository to download new software releases. If you are installing in an air-gap network where the Conductor does not have internet access, these values are not required but the Conductor must be set to offline-mode after the initialization has completed, and is shown in Set Offline Mode.

    For additional information about offline-mode, see Upgrades with Restricted Access

  5. At the password prompt, enter a new Admin Password. This must be changed. The new password has the following minimum requirements: A minimum of 9 characters; Contain 1 upper case letter, 1 lower case letter, and 1 number.

    note

    The admin, root, and t128 accounts are all set to the password you enter here. Record this password securely — it cannot be recovered if lost, only reset with root access.

    The message Device successfully initialized is displayed after the process completes. The conductor VM will reboot, and then reboot a second time.

    After the second reboot, the login screen appears. Open a browser window and enter the URL https://192.168.100.10.

  6. Log in with username admin and the password set during initialization.

    Login to the Conductor

    A successful login confirms the conductor is running and reachable on the management network.

Next Step

Proceed to Step 3 — Configure the Conductor.