Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Configuring Zero Touch Provisioning

Note: To see which platforms support Zero Touch Provisioning, in a browser, go to Feature Explorer. In the Explore Features section of the Feature Explorer page, select All Features. In the Features Grouped by Feature Family box, select Zero Touch Provisioning. You can also type the name of the feature in the Search for Features edit box. In previous Junos OS releases on EX Series switches, Zero Touch Provisioning was called EZ Touchless Provisioning. Search for that feature name if you want to know if this feature is supported on EX Series switches.

Zero Touch Provisioning allows you to provision new switches in your network automatically, without manual intervention. When you physically connect a switch to the network and boot it with a default configuration, it attempts to upgrade the Junos OS software automatically and autoinstall a configuration file from the network.

The switch uses information that you configure on a Dynamic Host Control Protocol (DHCP) server to determine whether to perform these actions and to locate the necessary software image and configuration files on the network. If you do not configure the DHCP server to provide this information, the switch boots with the preinstalled software and default configuration.

Note: If you have both DHCP and ZTP enabled, the switch broadcasts a DHCP DISCOVER packet every six minutes. If a DHCP server on the network responds with a DHCP ACK packet with DHCP vendor options set with the necessary values to initiate ZTP, then ZTP proceeds. To disable broadcasting the DHCP DISCOVER packet every six minutes, without performing the ZTP process, manually delete the auto-image-upgrade statement located in the [edit chassis] hierarchy. If ZTP completes without errors, the auto-image-upgrade statement is automatically deleted.

Note: For detailed information regarding the DHCP and DHCP options, refer to RFC2131 (http://www.ietf.org/rfc/rfc2131.txt ) and RFC2132 (www.ietf.org/rfc/rfc2132.txt). Also, this document refers to Internet Systems Consortium (ISC) DHCP version 4.2. For more information regarding this version, refer to http://www.isc.org/software/dhcp/documentation.

Before you begin:

• Ensure that the switch has access to the following network resources:
  • The DHCP server provides the location of the software image and configuration files on the network

    Refer to your DHCP server documentation for configuration instructions.

  • The File Transfer Protocol (anonymous FTP), Hypertext Transfer Protocol (HTTP), Trivial File Transfer Protocol (TFTP) server on which the software image and configuration files are stored

    Note: Although TFTP is supported, we recommend that you use FTP or HTTP instead, because these transport protocols are more reliable.

    Caution: HTTP URLs are limited to 256 characters in length.

  • A Domain Name System (DNS) server to perform reverse DNS lookup
  • (Optional) An NTP server to perform time synchronization on the network
  • (Optional) A system log (syslog) server to manage system log messages and alerts
• Locate and record the MAC address printed on the switch chassis.

Caution: You cannot commit a configuration while the switch is performing the software update process. If you commit a configuration while the switch is performing the configuration file autoinstallation process, the process stops, and the configuration file is not downloaded from the network.

1. Make sure the switch has the default factory configuration installed.

   Issue the request system zeroize command on the switch that you want to provision.

2. Download the software image file and the configuration file to the FTP, HTTP, TFTP, server that the switch will download these files from.

   You can download either one or both of these files.

3. Configure the DHCP server to provide the necessary information to the switch.

   Note: When you configure a value for any of the DHCP options, the value cannot exceed 256 bytes.

   Configure IP address assignment.

   You can configure dynamic or static IP address assignment for the switch's management address. To determine the switch’s management MAC address for static IP address mapping, add 1 to the last byte of the switch's MAC address, which you noted before you began this procedure.

4. Define the format of the vendor-specific information for DHCP option 43 in the dhcpd.conf file.

   Here is an example of an ISC DHCP 4.2 server dhcpd.conf file:

   option space NEW_OP; option;
   option NEW_OP.config-file-name code 1 = text;
   option NEW_OP.image-file-type code 2 = text;
   option NEW_OP.transfer-mode code 3 = text;
   option NEW_OP.alt-image-file-name code 4= text;
   option NEW_OP-encapsulation code 43 = encapsulate NEW_OP;
5. Configure the following DHCP option 43 suboptions:
   • Suboption 00: The name of the software image file to install

     Note: When the DHCP server cannot use suboption 00, configure the image file using suboption 04. If both suboption 00 and suboption 4 are defined, suboption 04 is ignored.

     option NEW_OP.image-file-name "/dist/images/jinstall-ex-4200-13.2R1.1-domestic-signed.tgz";
   • Suboption 01: The name of the configuration file to install
     option NEW_OP.config-file-name "/dist/config/jn-switch35.config";
   • Suboption 02: The symbolic link to the software image file to install
     option NEW_OP.image-file-type "symlink";

     Note: If you do not specify suboption 2, the Zero Touch Provisioning process handles the software image as a filename, not a symbolic link.

   • Suboption 03: The transfer mode that the switch uses to access the TFTP/FTP/HTTP server
     option NEW_OP.transfer-mode "ftp";

     Note: If suboption 03 is not configured, TFTP becomes the transfer mode by default.

   • Suboption 04: The name of the software image file to install

     Note: When the DHCP server cannot use suboption 00, configure the image file using suboption 04. If both suboption 00 and suboption 4 are defined, suboption 04 is ignored.

     option NEW_OP.alt-image-file-name "/dist/images/jinstall-ex-4200-13.2R1.1-domestic-signed.tgz";

6. Note: You must configure either option 150 or option 66. If you configure both option 150 and option 66, option 150 takes precedence, and option 66 is ignored. Also, make sure you specify an IP address, not a hostname, because name resolution is not supported.

   Configure DHCP option 150 to specify the IP address of the FTP, HTTP, or TFTP server.
   option option-150 code 150 "10.100.31.71";
7. Configure DHCP option 66 to specify the IP address of the FTP, HTTP, or TFTP server.
   option tftp-server-name "10.100.31.71";
8. (Optional) Configure DHCP option 7 to specify one or more system log (syslog) servers.
   option log-servers 10.100.31.72;
9. (Optional) Configure DHCP option 42 to specify one or more NTP servers.
   option ntp-servers 10.100.31.73;
10. (Optional) Configure DHCP option 12 to specify the hostname of the switch.
    option hostname "jn-switch35";

    The following sample configuration shows the DHCP options you just configured:

    host jn-switch35 { hardware ethernet ac:4b:c8:29:5d:02; fixed-address 10.100.31.36; option tftp-server-name "10.100.31.71"; option host-name "jn-switch35"; option log-servers 10.100.31.72; option ntp-servers 10.100.31.73; option NEW_OP.image-file-name "/dist/images/jinstall-ex-4200-13.2R1.1-domestic-signed.tgz"; option NEW_OP.transfer-mode "ftp"; option NEW_OP.config-file-name "/dist/config/jn-switch35.config"; }

    Based on the DHCP options you just configured, the following statements are appended to the Junos OS configuration file (for example, jn-switch35.config):

    system { host-name jn-switch35; syslog { host 10.100.31.72 { any any; } } ntp { server 10.100.31.73; } }
11. Connect the switch to the network that includes the DHCP server and the FTP, HTTP, or TFTP,server.
12. Boot the switch with the default configuration.
13. Monitor the ZTP process by looking at the following log files.

    Note: When SLAX scripts are issued, the op-script.log and event-script.log files are produced.

    • /var/log/dhcp_logfile
    • /var/log/image_load_log
    • /var/log/op-script.log
    • /var/log/event-script.log