Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Juniper Apstra Juniper Apstra 4.1.2 / 4.1.1 / 4.1.0 User Guide Devices Apstra ZTP

Juniper Apstra 4.1.2 / 4.1.1 / 4.1.0 User Guide

keyboard_arrow_up
close
keyboard_arrow_left
Juniper Apstra 4.1.2 / 4.1.1 / 4.1.0 User Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Apstra ZTP (Devices)

date_range 30-May-23
arrow_backward
arrow_forward

Apstra ZTP Overview

Note:

This document applies to Apstra ZTP 4.1 versions. Use the Apstra ZTP version corresponding to the Juniper Apstra version you are using. (Apstra versions earlier than 4.0 use Apstra ZTP versions 1.0.0 or 2.0.0. For more information, see the Juniper Apstra 3.3.0 User Guide.)

Apstra ZTP is a Zero-Touch-Provisioning server for data center infrastructure systems. (Apstra ZTP replaces the community-supported Aeon-ZTPS software that was previously used for ZTP implementation in the Apstra environment.) Apstra ZTP enables you to bootstrap Apstra data center devices without considering the differences in underlying NOS mechanisms. ZTP, from an Apstra perspective, is a process that takes a device from initial boot to a point where it is managed by Apstra via device system agents.

Depending on how ZTP is configured, the process may include (but not always) the following capabilities:

  • A DHCP service
  • Setting the device admin/root password
  • Creating a device user for device system agent
  • Upgrading / downgrading NOS
  • Onbox or Offbox Device System Agent installation

See also vendor-specific information:

Note:

To prevent being locked out of a device when there is a problem during the ZTP process, ZTP uses default, hard-coded credentials. These credentials are:

  • root / admin
  • aosadmin / aosadmin

You can use an Apstra-provided VM image (.ova, .qcow2.gz, .vhdx.gz) or build your own ZTP server and use the Apstra-provided device provisioning scripts as part of the existing ZTP/DHCP process to automatically install agents on devices as part of the boot process. The Apstra ZTP reference implementation consists of the following three phases:

  1. Generic DHCP Phase
    • The device requests an IP address via DHCP.
    • The device receives the assigned IP address and a pointer to a script to execute (or an OS image to install if using the Apstra-provided VM image).
  2. Initialization Phase
    • The device downloads the ZTP script using TFTP.
    • The device executes the downloaded script to prepare it to be managed. This includes verifying that the device is running a supported OS.
  3. Agent Installation Phase
    • The ZTP script makes an API call to install a device system agent on the device.

Apstra ZTP VM Server Resource Requirements

Apstra ZTP runs as an Ubuntu 18.04 LTS server running a DHCP, HTTP, and TFTP server and includes Apstra provided ZTP scripts that you must customize for your environment. The table below shows the minimum server specifications for a production environment:

Resource Setting
Guest OS Type Ubuntu 18.04 LTS 64-bit
Memory 2 GB
CPU 1 vCPU
Disk Storage 64 GB
Network At least 1 network adapter. Configured for DHCP initially

Apstra ZTP Network requirements

Source Destination Ports Role
Device agents DHCP Server (renewals) & Broadcast (requests) udp/67 -> udp/68 DHCP Client
Device agents Apstra ZTP any -> tcp/80 Bootstrap and API scripts
Arista and Cisco Device agents Apstra ZTP any -> udp/69 TFTP for POAP and ZTP
Apstra ZTP Controller any -> tcp/443 Device System Agent Installer API

In addition to the ZTP-specific network requirements, the Apstra ZTP server and device agents require connectivity to the controller. Refer to Required Communication Ports in the Juniper Apstra Installation and Upgrade Guide for more information.

You can monitor device ZTP status from the Apstra GUI. From the left navigation menu, navigate to Devices > ZTP Status > Devices.

Each device interacting with DHCP and ZTP is listed along with its System ID (serial number) if known, ZTP Status, ZTP Latest Event and when the device status was last updated.

To see the full DHCP and ZTP log for the device, click the "Show Log" icon.

Any device that interacts with DHCP or ZTP is listed. If you don't need the logs for a device anymore, click the Delete button.

Log files for all processes are in the /containers_data/logs directory.

content_copy zoom_out_map
root@apstra-ztp:/containers_data/logs# ls -l
total 7132
-rw-r--r-- 1 root root 6351759 Oct 28 17:47 debug.log
drwxr-xr-x 2 root root    4096 Oct 27 19:20 devices
-rw------- 1 root root       0 Oct 23 20:02 dhcpd.leases
-rw-r--r-- 1 root root  926980 Oct 28 17:39 info.log
-rw------- 1 root root      58 Oct 23 20:02 README
-rw------- 1 root root     469 Oct 27 02:13 rsyslog.log
root@apstra-ztp:/containers_data/logs# tail info.log
2020-10-28 17:16:38,786     root.status    INFO Incoming: dhcpd dhcpd[18]: DHCPACK on 192.168.59.9 to 04:f8:f8:6b:36:91 via eth0
2020-10-28 17:18:04,299     root.status    INFO Incoming: dhcpd dhcpd[18]: DHCPREQUEST for 192.168.59.9 from 04:f8:f8:6b:36:91 via eth0
2020-10-28 17:18:04,300     root.status    INFO Incoming: dhcpd dhcpd[18]: DHCPACK on 192.168.59.9 to 04:f8:f8:6b:36:91 via eth0
2020-10-28 17:19:29,250     root.status    INFO Incoming: dhcpd : -- MARK --
2020-10-28 17:19:29,442     root.status   ERROR Failed to update status of all containers: /api/ztp/service 404 b'{"errors":"Resource not found"}'
2020-10-28 17:33:29,353     root.status    INFO Incoming: tftp : -- MARK --
2020-10-28 17:33:29,538     root.status   ERROR Failed to update status of all containers: /api/ztp/service 404 b'{"errors":"Resource not found"}'
2020-10-28 17:33:34,768     root.status    INFO Incoming: status : -- MARK --
2020-10-28 17:39:29,349     root.status    INFO Incoming: dhcpd : -- MARK --
2020-10-28 17:39:29,539     root.status   ERROR Failed to update status of all containers: /api/ztp/service 404 b'{"errors":"Resource not found"}'
root@apstra-ztp:/containers_data/logs#

You can monitor the ZTP services on the Apstra ZTP server from the Apstra GUI. From the left navigation menu, navigate to Devices > ZTP Status > Services.

Each service name includes its Docker IP address, service status and when the service status was last updated.

Download and Deploy Apstra ZTP VM

Apstra ZTP software is delivered on a standalone Apstra ZTP VM
  1. As a registered support user, download the appropriate Apstra VM image from Juniper Support Downloads.
    VMware OVA image apstra-ztp-4.1.*-<build-version>.ova (example: apstra-ztp-4.1.0-4.ova)
    Microsoft Hyper-V apstra-ztp-4.1.*-<build-version>.vhdx.gz (example: apstra-ztp-4.1.0-115.vhdx.gz)
    Linux KVM QCOW2 image apstra-ztp-4.1.*-<build-version>.qcow2.gz (example: apstra-ztp-4.1.0-115.qcow2.gz)
  2. Validate the downloaded file against the SHA512/MD5 checksums provided.
  3. Deploy the VM with the appropriate resources.
  4. TFTP, NGINX (HTTP), DHCPd, Status. and MySQL Docker containers are enabled and run by default.
    content_copy zoom_out_map
    admin@apstra-ztp:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                                                        NAMES
b0f398b45755        apstra/tftp         "sh /init.sh"            2 weeks ago         Up 28 minutes       0.0.0.0:69->69/udp                                                                           tftp
d93eed5d8dbe        apstra/nginx        "sh /init.sh"            2 weeks ago         Up 28 minutes       0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:31415->31415/tcp   nginx
8ed71af7cb2b        apstra/status       "sh /init.sh"            2 weeks ago         Up 28 minutes       8080/tcp                                                                                     status
e7cf8ecb187f        apstra_ztp_dhcpd    "sh /init.sh"            2 weeks ago         Up 28 minutes                                                                                                    dhcpd
87ae2a77a1f9        mysql:8             "docker-entrypoint.s…"   2 weeks ago         Up 28 minutes       3306/tcp, 33060/tcp                                                                          db
admin@apstra-ztp:~$
  5. If you do not want to use the Apstra ZTP DHCP server, stop and disable the dhcpd container.
    content_copy zoom_out_map
    admin@apstra-ztp:~$ docker stop dhcpd
dhcpd
admin@apstra-ztp:~$ docker update --restart=no dhcpd
dhcpd
admin@apstra-ztp:~$

Configure Static Management IP Address (Apstra ZTP)

By default, the Apstra ZTP server attempts to assign an IP address for its eth0 interface via DHCP. If you're using the Apstra ZTP Server as a DHCP server, you must set a static management IP address.

  1. SSH into the Apstra server as user admin. (ssh admin@<apstra-server-ip> where <apstra-server-ip> is the IP address of the Astra server.)
  2. Edit the /etc/netplan/01-netcfg.yaml file to configure the static management IP address. See example below. (For more information about using netplan, see https://netplan.io/examples)
    content_copy zoom_out_map
    admin@apstra-ztp:~$ sudo vi /etc/netplan/01-netcfg.yaml
[sudo] password for admin:

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      addresses: [192.168.59.4/24]
      gateway4: 192.168.59.1
      nameservers:
          search: [example.com, example.net]
          addresses: [69.16.169.11, 69.16.170.11]
  3. Apply the change with one of the following methods:
    • Reboot the Apstra server with the command sudo reboot.
    • Run the command sudo netplan apply.

Configure ZTP User

You can use any configured Apstra GUI user that has API write access (such as admin), but we recommend that you create a designated user (for example "ztp") that is assigned the predefined role device_ztp. The device_ztp role allows users with that role to make API calls to the controller to request device system agent installation. For more information, see User / Role Management.

Configure DHCP Server

Apstra software comes with an ISC DHCP server for the device management network. If you use a different DHCP server, it's your responsibility to configure the same options as described in this guide for the Apstra-supplied DHCP server.

For example, if you’re using Juniper Junos OS or Junos OS Evolved devices, you must ensure the server contains the following, so the device loads the proper configuration file.

content_copy zoom_out_map
option space JUNIPER
option JUNIPER.config-file-name code 1 = text
option JUNIPER-encapsulation code 43 = encapsulate JUNIPER
option user-class-information code 77 = text;
class "juniper" {   match if (substring(option vendor-class-identifier, 0, 7) = "Juniper") and
             not (suffix(option user-class-information, 4) = "-EVO");
    option JUNIPER.config-file-name "junos_apstra_ztp_bootstrap.sh";
}
class "juniper-evo" {
    match if (substring(option vendor-class-identifier, 0, 7) = "Juniper") and
             (suffix(option user-class-information, 4) = "-EVO");
    option JUNIPER.config-file-name "ztp.py";
}

DHCP configuration files are on the Apstra ZTP VM in the /containers_data/dhcp directory.

content_copy zoom_out_map
admin@apstra-ztp:~$ sudo ls -l /containers_data/dhcp
total 16
-rw------- 1 root root 2533 Oct 21 00:35 dhcpd.conf
-rw------- 1 root root  146 Oct 21 00:35 Dockerfile
-rw------- 1 root root  932 Oct 21 00:35 init.sh
-rw------- 1 root root 1896 Oct 21 00:35 rsyslog.conf
admin@apstra-ztp:~$
Note:

All configuration files are owned by root. You must use sudo to run commands as root using the sudo command or after becoming root with the sudo -s command.

  1. Edit the dhcpd.conf file with vi or nano text editor.
    content_copy zoom_out_map
    admin@apstra-ztp:~$ sudo nano /containers_data/dhcp/dhcpd.conf
  2. Add a "group" corresponding to the management network:
    content_copy zoom_out_map
    group {
    option tftp-server-name "192.168.59.4";
    subnet 192.168.59.0 netmask 255.255.255.0 {
      range 192.168.59.21 192.168.59.99;
      option routers 192.168.59.1;
    }
    host my-switch {
        hardware ethernet 34:17:eb:1e:41:80;
        fixed-address 192.168.59.100;
    }
}
    tftp-server-name IP address of ZTP server (not a URL)
    subnet IP management network and netmask
    range Range of dynamic DHCP IP addresses. Ensure the full range is available and no statically configured IP addresses from that range are used.
    option routers Default gateway router for management network
    host Static DHCP IP address
    hardware ethernet of the management interface used for DHCP negotiations
    fixed-address for device with hardware ethernet MAC. Use the Switch MAC address
  3. The following DHCP parameters are optional:
    content_copy zoom_out_map
    ddns-update-style none;
option domain-search "example.internal";
option domain-name "example.internal";
option domain-name-servers 8.8.8.8, 8.8.4.4;
  4. If you're using ZTP with SONiC, you must edit the following:
    content_copy zoom_out_map
    class "sonic" {
    match if (substring(option host-name, 0, 5) = "sonic");
    option sonic-provision-url "tftp://192.168.59.4/ztp.py";
}
    sonic-provision-url: TFTP URL with IP address of ZTP server
  5. After modifying any DHCP configuration, restart the Apstra ZTP DHCP process with the sudo docker restart dhcpd command.
    content_copy zoom_out_map
    admin@apstra-ztp:~$ docker restart dhcpd
dhcpd
admin@apstra-ztp:~$

Configure Controller IP Address for ZTP

Configure the controller IP and Apstra ZTP username in the /containers_data/status/app/aos.conf file on the Apstra ZTP server.

content_copy zoom_out_map
admin@apstra-ztp:~$ sudo nano /containers_data/status/app/aos.conf
admin@apstra-ztp:~$ sudo nano /containers_data/status/app/aos.conf
content_copy zoom_out_map
{
   "ip": "192.168.59.3",
   "user": "ztp",
   "password": "ztp-user-password"
}
ip IP Address of the controller
user Username of the ZTP or admin user
password User's password

Edit Apstra ZTP Configuration File

Apstra ZTP VM includes a TFTP and nginx HTTP server. These servers do not require configuration. Both servers serve files out of the /containers_data/tftp directory. (Cumulus is no longer supported as of Apstra version 4.1.0.)

content_copy zoom_out_map
admin@apstra-ztp:~$ sudo ls -l /containers_data/tftp/
total 232
-rwxr-xr-x 1 root root  2448 Apr 24 00:47 config_verifier.py
-rwxr-xr-x 1 root root   393 Apr 24 00:47 container_init.sh
-rwxr-xr-x 1 root root   170 Apr 24 00:47 cumulus_custom.sh
-rwxr-xr-x 1 root root    55 Apr 24 00:47 cumulus_license_file
-rwxr-xr-x 1 root root   192 Apr 24 00:47 Dockerfile
-rwxr-xr-x 1 root root   107 Apr 24 00:47 eos_custom.sh
-rwxr-xr-x 1 root root  5393 Apr 24 00:47 junos_apstra_ztp_bootstrap.sh
-rwxr-xr-x 1 root root  1799 Apr 24 00:47 junos_custom.sh
-rwxr-xr-x 1 root root    86 Apr 24 00:47 nxos_custom.sh
-rwxr-xr-x 1 root root   205 Apr 24 00:47 poap-md5sum
-rwxr-xr-x 1 root root  1843 Apr 24 00:47 rsyslog.conf
-rwxr-xr-x 1 root root   170 Apr 24 00:47 sonic_custom.sh
-rwxr-xr-x 1 root root  1910 Apr 24 00:47 ztp.json
-rwxr-xr-x 1 root root 86599 Apr 24 00:48 ztp.py
-rw------- 1 root root 86556 Apr 24 00:48 ztp.py.md5
admin@apstra-ztp:~$

The ztp.json file contains all configuration for the Apstra ZTP script ztp.py.

  1. Edit the ztp.json file with vi or nano text editor.
    content_copy zoom_out_map
    admin@apstra-ztp:~$ sudo nano /containers_data/tftp/ztp.json
  2. The ztp.json file is organized by the following:
    defaults - Values are used for all devices unless more specific keys are defined. 
    "defaults": {
  "device-root-password": "root-password-123",
  "device-user": "admin",
  "device-user-password": "admin-password-123",
  "system-agent-params": {
    "agent_type": "onbox",
    "install_requirements": false
  }
}
    platform - Values are used for all devices for a network platform (“nxos”, “eos”, "junos", "sonic") unless more specific keys are defined. 
    "sonic": {
  "sonic-versions": ["SONiC-OS-3.4.0-Enterprise_Advanced"],
  "sonic-image": "http://10.85.24.52/sonic/3.4.0/sonic-3.4.0-GA-adv-bcm.bin",
  "device-root-password": "admin",
  "device-user": "admin",
  "device-user-password": "admin",
  "custom-config": "sonic_custom.sh",
  "system-agent-params": {
    "agent_type": "onbox",
    "job_on_create": "install"
  }
}
    model - Values are used for all devices for a specific device model (for example “QFX10002-36Q”). 
    "QFX10002-36Q": {
  "junos-versions": ["21.2R1-S2.2"],
  "junos-image": "http://10.85.24.52/juniper/21.2R1-S2.2/jinstall-host-qfx-10-f-x86-64-21.2R1-S2.2-secure-signed.tgz"
 }
    serial number - Values are used for a device matching a specific device serial number (for example "TH0TFD6TCET0015G0015"). 
    "TH0TFD6TCET0015G0015": {
  "sonic-versions": ["SONiC-OS-4.0.5-Enterprise_Advanced"],
  "sonic-image": "http://10.85.24.52/sonic/4.0.5/sonic-broadcom-enterprise-advanced-4.0.5-GA.bin"
}

    More specific data takes precedence over other data. For example, data for a specific serial number takes precedence over any other data, then model, then platform, then finally default data.

  3. The ztp.json file uses the following keys:
    junos-versions - Valid versions for Juniper Junos devices. If a device is not running a version in this list, ZTP upgrades the device with the junos-image image. "junos-versions": [ "20.2R2-S3.5" ]
    junos-image - Filename of the Juniper Junos TGZ image to load if the running version does not match a version in the junos-versions list.
    • By default, the image name is loaded from the ZTP server via TFTP from the ZTP server’s /container_data/tftp/ directory. For example: "junos-image": "jinstall-host-qfx-5-20.2R2-S3.5-signed.tgz"

    • To use any HTTP server for image transfer, enter a valid HTTP URL with IP address. For example: "junos-image": "http://192.168.59.4/jinstall-host-qfx-5-20.2R2-S3.5-signed.tgz"

    This example uses HTTP from the controller to transfer the Juniper Junos image.

    sonic-versions- Valid versions for SONiC devices. If a device is not running a version in this list, ZTP upgrades the device with the sonic-image image. "sonic-versions": [ "SONiC-OS-3.1.0a-Enterprise_Base" ]
    sonic-image - Filename of the SONiC ONIE BIN image to load if the running version does not match a version in the sonic-versions list.
    • By default, the image name is loaded from the ZTP server via TFTP from the ZTP server’s /container_data/tftp/ directory. For example: "sonic-image": "sonic-3.1.0a-bcm.bin"
    • To use any HTTP server for image transfer, enter a valid HTTP URL with IP address. For example: "sonic-image": "http://192.168.59.3/sonic-3.1.0a-bcm.bin"

    This example uses HTTP from the controller to transfer the SONiC image.

    nxos-versions - Valid versions for NX-OS devices. If a device is not running a version in this list, ZTP upgrades the device with the nxos-image image. "nxos-versions": [ "9.2(2)", "9.3(6)" ]
    nxos-image - Filename of the NX-OS image to load if the running version does not match a version in the nxos-versions list.
    • By default, the image name is loaded from the ZTP server via TFTP from the ZTP server’s /container_data/tftp/ directory. For example: "nxos-image": "nxos.9.3.6.bin"
    • To use any HTTP server for image transfer, enter a valid HTTP URL with IP address. For example: "nxos-image": "http://192.168.59.4/nxos.9.3.6.bin"

    This example uses HTTP from the ZTP server to transfer the Cisco NX-OS image.

    eos-versions - Valid versions for Arista EOS devices. If a device is not running a version in this list, ZTP upgrades the device with the eos-image image. "eos-versions": [ "4.22.3M", "4.24.5M" ]
    eos-image - Filename of the Arista EOS SWI image to load if the running version does not match a version in the eos-versions list.

    • By default, the image name is loaded from the ZTP server via TFTP from the ZTP server’s /container_data/tftp/ directory. For example: "eos-image": "EOS-4.24.5M.swi"

    • To use any HTTP server for image transfer, enter a valid HTTP URL with IP address. For example: "eos-image": "http://192.168.59.3/dos_images/EOS-4.24.5M.swi"

    This example uses HTTP from the controller to transfer the Arista EOS image.

    device-root-password - The ZTP process sets the device root password to this value. For Arista EOS and Cisco NX-OS devices, the device-root-password is used to set the password for the system admin password. "device-root-password": "root-admin-password"
    device-user / device-user-password - Username and password that is used for the device system agent. Also, if necessary, the ZTP process creates a user on the device with this username and password. 
    "device-user": "aosadmin",
"device-user-password": "aosadmin-password"
    custom-config - The filename of the custom configuration shell script in the TFTP directory or a URL pointing to the file on a HTTP server. This shell script runs during ZTP allowing you to add custom configuration to the device. See Platform Specific Information section below for more information. "custom-config": "sonic_custom.sh"
    system-agent-params Information that is used to create new users and device system agents on devices, as described below..
    agent_type - Agent type, onbox or offbox "agent_type": "onbox"
    install_requirements - Always set to false. Not currently needed for any supported Network Operating System. "install_requirements": false
    job_on_create - Set to install to install the onbox agent on the device

    "job_on_create": "install"

    Junos Example

    {
        "junos": {
                "junos-versions": ["21.2R1-S2.2"],
                "junos-image": "http://10.85.24.52/juniper/21.2R1-S2.2/jinstall-host-qfx-5e-x86-64-21.2R1-S2.2-secure-signed.tgz",
                "device-root-password": "root123",
                "device-user": "admin",
                "device-user-password": "admin",
                "system-agent-params": {
                        "platform": "junos",
                        "agent_type": "offbox",
                        "job_on_create": "install"
                }
        },
        "QFX10002-36Q": {
               "junos-versions": ["21.2R1-S2.2"],
                "junos-image": "http://10.85.24.52/juniper/21.2R1-S2.2/jinstall-host-qfx-10-f-x86-64-21.2R1-S2.2-secure-signed.tgz"
        },
        "JNP10002-60C [QFX10002-60C]": {
                "junos-versions": ["21.2R1-S1.3"],
                "junos-image": "http://10.85.24.52/juniper/21.2R1-S1.3/junos-vmhost-install-qfx-x86-64-21.2R1-S1.3.tgz"
        }
}
    platform - (Required for offbox agents only) Set to the device platform ("eos", "nxos", "junos"). Lowercase only. "platform": "junos"
    open_options - (offbox agents only) Set to enable HTTPS between offbox agent to device API interface. If open_options is not defined, the connection defaults to HTTP. 
    "open_options": {
  "proto": "https",
  "port": "443"
}
    packages - Set to configure which additional SDK or extended telemetry packages to upload to the system agent. 
    "packages": [
  "aos-deployment-helper-nxos",
  "aosstdcollectors-builtin-nxos",
  "aosstdcollectors-custom-nxos"
]

For REST API documentation for all available system-agent-params options in /api/system-agents, refer to Swagger.

arrow_backward PREVIOUS Debugging Telemetry
NEXT arrow_forward Apstra ZTP - Juniper
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top