Create Offbox Agent
Before installing offbox agents, make sure that you've:
-
Added login credentials for the devices.
-
Configured management IP connectivity between devices and the Apstra server. You must do this before installing agents so it’s out-of-band (OOB). Configuring management connectivity in-band (through the fabric) is not supported and could cause connectivity issues when changes are made to the blueprint.
-
Uploaded required packages.
-
If you're using Juniper offbox agents, increase the application memory usage.
-
On Juniper devices, add Junos license configuration. (This is not the preferred method for adding license configuration. For more information, see Juniper Device Agent.)
Before creating/installing offbox device agents on Juniper Junos, Cisco NX-OS and Arista EOS, configure the following minimum configuration on them as shown below.
Juniper Junos Offbox Agent Minimum Configuration
system {
login {
user aosadmin {
uid 2000;
class super-user;
authentication {
encrypted-password "xxxxx";
}
}
}
services {
ssh;
netconf {
ssh;
}
}
management-instance;
}
interfaces {
em0 {
unit 0 {
family inet {
address <address>/<cidr>;
}
}
}
}
routing-instances {
mgmt_junos {
routing-options {
static {
route 0.0.0.0/0 next-hop <management-default-gateway>;
}
}
}
}For more information, see Juniper Device Agent.
Cisco NX-OS Offbox Agent Minimum Configuration
! feature nxapi feature bash-shell feature scp-server feature evmed copp profile strict nxapi http port 80 ! username admin password <admin-password> role network-admin ! vrf context management ip route 0.0.0.0/0 <management-default-gateway> ! nxapi http port 80 ! interface mgmt0 ip address <address>/<cidr> !
Arista EOS Offbox Agent Minimum Configuration
!
service routing protocols model multi-agent
!
aaa authorization exec default local
!
username admin privilege 15 role network-admin secret <admin-password>
!
vrf definition management
rd 100:100
!
interface Management1
vrf forwarding management
ip address <address>/<cidr>
!
ip route vrf management 0.0.0.0/0 <management-default-gateway>
!
management api http-commands
protocol http
no shutdown
!
vrf management
no shutdown
!Make sure the following configuration is not on the device:
- VLANs other than VLAN 1
- VRFs other than "management"
- Interface IP addresses other than "management"
- Loopback interfaces
- VLAN interfaces
- VXLAN interfaces
- AS-Path access-lists
- IP prefix-lists
- Route maps or policies
- BGP configuration
During the agent install process, device configuration is validated, and if the device contains configuration that could prevent the deployment of service configuration, the agent install process raises an error (as of Apstra 4.0.1).
In this case, manually remove conflicting configuration and start the agent installation process again.
If you must complete the agent installation with configuration validation errors, you
can disable pristine configuration validation. To do this, from Devices
> Managed Devices, click Advanced Settings
(top-right), select Skip Pristine Configuration Validation,
then click Update. 
For information about retaining pre-existing configuration when bringing devices under Apstra management, see Device Configuration Lifecycle.
On some platforms (Junos for example) you can configure rate-limiting for management traffic (SSH for example). When the Apstra server interacts directly with devices it can be more bursty than when it interacts with a user. Rate-limiting configurations that are used for hardening security can impact device management, and lead to deployment failures and other agent-related issues.
| Parameter | Description |
|---|---|
| Device addresses | Management IP(s) of the device(s) |
| Operation Mode |
|
| Platform (offbox only) | For offbox agents only: drop-down list includes supported platforms. |
| Username / Password | If you're not using an agent profile with credentials, check these boxes and add credentials. |
| Agent Profile | If you don't want to manually enter credentials and packages, use agent profiles that you previously defined. |
| Job to run after creation |
|
| Install Requirements (servers only) | For servers only: If servers don't have Internet connectivity, uncheck the box. |
| Packages | Before creating the agent, install required packages so they are available. Packages associated with selected agent profiles are listed here as well. |
| Open Options (offbox only) | Passes configured parameters to offbox agents. For example, to
use HTTPS as the API connection from offbox agents to devices, use
the key-value pair: proto-https - port-443. The following default
values can be overridden with open options:
|
- Confirm that you've installed the minimum configuration as described above, and that the device doesn't contain configuration that would raise validation errors.
- From the left navigation menu, navigate to Devices > Managed Devices and click Create Offbox Agent(s).
- Specify agent details as described in the parameters table above.
- Click Create. While the task is active you can view its progress at the bottom of the screen in the Active Jobs section. The job status changes from Initialized to In Progress to Succeeded.