- General Workflow
- play_arrow Apstra GUI
- play_arrow Design
- Logical Devices (Datacenter Design)
- Interface Maps (Datacenter Design)
- Rack Types (Datacenter Design)
- Templates (Datacenter Design)
- Config Templates (Freeform Design)
- play_arrow Configlets (Datacenter Design)
- play_arrow Property Sets (Datacenter Design)
- TCP/UDP Port Aliases (Datacenter Design)
- Tags (Design)
- play_arrow Resources Introduction
- play_arrow Datacenter Reference Design
- Create / Delete Datacenter Blueprint
- Datacenter Blueprint Summary and Dashboard
- Assign Physical Resources (Datacenter)
- Assign Device Profiles
- play_arrow Configlets (Datacenter Blueprint)
- Topology (Datacenter)
- play_arrow Nodes (Datacenter)
- Assign Device (Datacenter)
- Unassign Device (Datacenter)
- Set Deploy Mode (Datacenter)
- Generic Systems vs. External Generic Systems
- Add Generic System
- Add External Generic System
- Add Access Switch
- Update Node Tags
- Update Port Channel ID Range
- Edit Hostname (Datacenter)
- Edit Generic System Name
- Edit Device Properties (Datacenter)
- View Node's Static Routes
- Delete Node
- play_arrow Links (Datacenter)
- Add Links to Leaf
- Add Links to Spine
- Add Links to Generic System
- Add Links to External Generic System
- Add Leaf Peer Links
- Form LAG
- Break LAG
- Update LAG Mode
- Update Link Tags
- Update Link Speed
- Update Link Properties
- Delete Link (Datacenter)
- Import / Export Cabling Map (Datacenter)
- Edit Cabling Map (Datacenter)
- Fetch Discovered LLDP Data (Datacenter)
- play_arrow Racks (Datacenter)
- play_arrow Pods (Datacenter)
- play_arrow Planes (Datacenter)
- play_arrow Virtual Networks
- play_arrow Routing Zones
- Static Routes (Virtual)
- Protocol Sessions (Virtual)
- Data Center Interconnect (DCI) / Remote EVPN Gateways (Virtual)
- play_arrow Virtual Infra (Virtual)
- play_arrow Endpoints Overview (Virtual)
- play_arrow Policies (Datacenter) Staged
- Logical Devices (Datacenter Blueprint)
- Interface Maps (Datacenter Blueprint)
- play_arrow Property Sets (Datacenter Blueprint)
- AAA Servers (Datacenter Blueprint)
- Tags (Datacenter Blueprint)
- Tasks (Datacenter) Staged
- play_arrow Connectivity Templates
- play_arrow Primitives
- Virtual Network (Single) Primitive
- Virtual Network (Multiple) Primitive
- IP Link Primitive
- Static Route Primitive
- Custom Static Route Primitive
- BGP Peering (IP Endpoint) Primitive
- BGP Peering (Generic System) Primitive
- Dynamic BGP Peering Primitive
- Routing Policy Primitive
- Routing Zone Constraint Primitive
- User-defined
- Pre-defined
- Create Connectivity Template for Multiple VNs on Same Interface (Example)
- Create Connectivity Template for Layer 2 Connected External Router (Example)
- Assign Connectivity Template
- Edit Connectivity Template
- Delete Connectivity Template
- play_arrow Active (Datacenter Blueprint)
- BGP Route Tagging
- play_arrow Freeform Reference Design
- Create / Delete Freeform Blueprint
- Freeform Blueprint Summary and Dashboard
- Topology (Freeform)
- play_arrow Systems (Freeform)
- Device Context (Freeform)
- play_arrow Links (Freeform)
- play_arrow Resource Management
- play_arrow Config Templates (Freeform Blueprint)
- Import Device Profile (Freeform)
- play_arrow Property Sets (Freeform Blueprints)
- play_arrow Tags (Freeform Blueprint)
- Tasks - Staged (Freeform)
- play_arrow Active
- Commit Blueprint
- Time Voyager
- play_arrow Analytics
- Configure Auto-Enabled Dashboards
- Instantiate Predefined Dashboard
- Create Analytics Dashboard
- Edit / Delete Dashboard
- Anomalies (Analytics)
- Widgets Overview
- Create Anomaly Heat Map Widget
- Create Stage Widget
- Edit / Delete Widget
- Probes
- Instantiate Predefined Probe
- Create Probe
- Import / Export Probe
- Edit / Delete Probe
- play_arrow Providers (External Systems)
- play_arrow Platform
- play_arrow User/Role Management (Platform)
- play_arrow Security (Platform)
- Syslog Configuration (Platform)
- Receivers (Platform)
- Global Statistics (Platform)
- Event Log (Platform)
- play_arrow Apstra VM Clusters
- play_arrow Developers (Platform)
- play_arrow Juniper Technical Support
- Favorites & User
- play_arrow Apstra Server Management
- Monitor Apstra Server via CLI
- Restart Apstra Server
- Reset Apstra Server VM Password
- Reinstall Apstra Server
- Apstra Database Overview
- Back up Apstra Database
- Restore Apstra Database
- Reset Apstra Database
- Migrate Apstra Database
- Replace SSL Certificate on Apstra Server with Signed One
- Replace SSL Certificate on Apstra Server with Self-Signed One
- Change Apstra Server Hostname
- Apstra CLI Utility
- play_arrow Guides
- play_arrow References
- play_arrow Apstra Feature Matrix
- Qualified Devices and NOS Versions
- NOS Upgrade Paths (Devices)
- play_arrow Predefined Dashboards (Analytics)
- Device Environmental Health Summary Dashboard (New in 4.1.2)
- Device Health Summary Dashboard
- Device Telemetry Health Summary Dashboard (New in 4.1.2)
- Drain Validation Dashboard
- Throughput Health MLAG Dashboard
- Traffic Trends Dashboard
- Virtual Infra Fabric Health Check Dashboard
- Virtual Infra Redundancy Check Dashboard
- play_arrow Predefined Probes (Analytics)
- BGP Session Flapping Probe
- Bandwidth Utilization Probe
- Critical Services: Utilization, Trending, Alerting Probe
- Device Environmental Checks Probe (New in 4.1.2)
- Device System Health Probe
- Device Telemetry Health Probe
- Device Traffic Probe
- Drain Traffic Anomaly Probe
- ECMP Imbalance (External Interfaces) Probe
- ECMP Imbalance (Fabric Interfaces) Probe
- ECMP Imbalance (Spine to Superspine Interfaces) Probe
- ESI Imbalance Probe
- EVPN Host Flapping Probe
- EVPN VXLAN Type-3 Route Validation Probe
- EVPN VXLAN Type-5 Route Validation Probe
- External Routes Probe
- Hot/Cold Interface Counters (Fabric Interfaces) Probe
- Hot/Cold Interface Counters (Specific Interfaces) Probe
- Hot/Cold Interface Counters (Spine to Superspine Interfaces) Probe
- Hypervisor and Fabric LAG Config Mismatch Probe (Virtual Infra)
- Hypervisor and Fabric VLAN Config Mismatch Probe (Virtual Infra)
- Hypervisor MTU Mismatch Probe (Virtual Infra NSX-T Only)
- Hypervisor MTU Threshold Check Probe (Virtual Infra)
- Hypervisor Missing LLDP Config Probe (Virtual Infra)
- Hypervisor Redundancy Checks Probe (Virtual Infra)
- Interface Flapping (Fabric Interfaces) Probe
- Interface Flapping (Specific Interfaces) Probe
- Interface Flapping (Specific Interfaces) Probe
- Interface Policy 802.1x Probe
- LAG Imbalance Probe
- Leafs Hosting Critical Services: Utilization, Trending, Alerting Probe
- Link Fault Tolerance in Leaf and Access LAGs Probe
- MLAG Imbalance Probe
- Multiagent Detector Probe
- Optical Transceivers Probe
- Packet Discard Percentage Probe
- Spine Fault Tolerance Probe
- Total East/West Traffic Probe
- VMs without Fabric Configured VLANs Probe (Virtual Infra)
- VXLAN Flood List Validation Probe
- play_arrow Probe Processors (Analytics)
- Processor: Accumulate
- Processor: Average
- Processor: Comparison
- Processor: EVPN Type 3
- Processor: EVPN Type 5
- Processor: Extensible Service Data Collector
- Processor: Generic Graph Collector
- Processor: Generic Service Data Collector
- Processor: Interface Counters
- Processor: Logical Operator
- Processor: Match Count
- Processor: Match Percentage
- Processor: Match String
- Processor: Max
- Processor: Min
- Processor: Periodic Average
- Processor: Range
- Processor: Ratio
- Processor: Service Data Collector
- Processor: Set Comparison
- Processor: Set Count
- Processor: Standard Deviation
- Processor: State
- Processor: Subtract
- Processor: Sum
- Processor: System Utilization
- Processor: Time in State
- Processor: Traffic Monitor
- Processor: Union
- Processor: VXLAN Floodlist
- Configlet Examples (Design)
- Apstra-CLI Commands
- Apstra EVPN Support Addendum
- Apstra Server Configuration File
- Agent Configuration File (Devices)
- Graph
- Juniper Apstra Technology Preview
Create Offbox Agent
Before installing offbox agents, make sure that you've:
Added login credentials for the devices.
Configured management IP connectivity between devices and the Apstra server. You must do this before installing agents so it’s out-of-band (OOB). Configuring management connectivity in-band (through the fabric) is not supported and could cause connectivity issues when changes are made to the blueprint.
Uploaded required packages.
If you're using Juniper offbox agents, increase the application memory usage.
On Juniper devices, add Junos license configuration. (This is not the preferred method for adding license configuration. For more information, see Juniper Device Agent.)
Before creating/installing offbox device agents on Juniper Junos, Cisco NX-OS and Arista EOS, configure the following minimum configuration on them as shown below.
Juniper Junos Offbox Agent Minimum Configuration
system {
login {
user aosadmin {
uid 2000;
class super-user;
authentication {
encrypted-password "xxxxx";
}
}
}
services {
ssh;
netconf {
ssh;
}
}
management-instance;
}
interfaces {
em0 {
unit 0 {
family inet {
address <address>/<cidr>;
}
}
}
}
routing-instances {
mgmt_junos {
routing-options {
static {
route 0.0.0.0/0 next-hop <management-default-gateway>;
}
}
}
}For more information, see Juniper Device Agent.
Cisco NX-OS Offbox Agent Minimum Configuration
! feature nxapi feature bash-shell feature scp-server feature evmed copp profile strict nxapi http port 80 ! username admin password <admin-password> role network-admin ! vrf context management ip route 0.0.0.0/0 <management-default-gateway> ! nxapi http port 80 ! interface mgmt0 ip address <address>/<cidr> !
Arista EOS Offbox Agent Minimum Configuration
!
service routing protocols model multi-agent
!
aaa authorization exec default local
!
username admin privilege 15 role network-admin secret <admin-password>
!
vrf definition management
rd 100:100
!
interface Management1
vrf forwarding management
ip address <address>/<cidr>
!
ip route vrf management 0.0.0.0/0 <management-default-gateway>
!
management api http-commands
protocol http
no shutdown
!
vrf management
no shutdown
!Make sure the following configuration is not on the device:
- VLANs other than VLAN 1
- VRFs other than "management"
- Interface IP addresses other than "management"
- Loopback interfaces
- VLAN interfaces
- VXLAN interfaces
- AS-Path access-lists
- IP prefix-lists
- Route maps or policies
- BGP configuration
During the agent install process, device configuration is validated, and if the device contains configuration that could prevent the deployment of service configuration, the agent install process raises an error (as of Apstra 4.0.1).
In this case, manually remove conflicting configuration and start the agent installation process again.
If you must complete the agent installation with configuration validation errors, you
can disable pristine configuration validation. To do this, from Devices
> Managed Devices, click Advanced Settings
(top-right), select Skip Pristine Configuration Validation,
then click Update. 
For information about retaining pre-existing configuration when bringing devices under Apstra management, see Device Configuration Lifecycle.
On some platforms (Junos for example) you can configure rate-limiting for management traffic (SSH for example). When the Apstra server interacts directly with devices it can be more bursty than when it interacts with a user. Rate-limiting configurations that are used for hardening security can impact device management, and lead to deployment failures and other agent-related issues.
| Parameter | Description |
|---|---|
| Device addresses | Management IP(s) of the device(s) |
| Operation Mode |
|
| Platform (offbox only) | For offbox agents only: drop-down list includes supported platforms. |
| Username / Password | If you're not using an agent profile with credentials, check these boxes and add credentials. |
| Agent Profile | If you don't want to manually enter credentials and packages, use agent profiles that you previously defined. |
| Job to run after creation |
|
| Install Requirements (servers only) | For servers only: If servers don't have Internet connectivity, uncheck the box. |
| Packages | Before creating the agent, install required packages so they are available. Packages associated with selected agent profiles are listed here as well. |
| Open Options (offbox only) | Passes configured parameters to offbox agents. For example, to
use HTTPS as the API connection from offbox agents to devices, use
the key-value pair: proto-https - port-443. The following default
values can be overridden with open options:
|
- Confirm that you've installed the minimum configuration as described above, and that the device doesn't contain configuration that would raise validation errors.
- From the left navigation menu, navigate to Devices > Managed Devices and click Create Offbox Agent(s).
- Specify agent details as described in the parameters table above.
- Click Create. While the task is active you can view its progress at the bottom of the screen in the Active Jobs section. The job status changes from Initialized to In Progress to Succeeded.
