Juniper Device Agent
This document describes how to manually install Juniper device agents.
Juniper ZTP
For an option that's simpler and easier to support at scale, see Apstra ZTP, which shows you how to automatically boot and install Apstra device agents and prerequisite switch configuration.
Disable ZTP
If you want to install agents manually because a previous attempt to install them
with Apstra ZTP failed, you must first delete the ZTP mode (since it remains active)
with the command delete chassis auto-image-upgrade.
If you're going to provision the Juniper switch without ZTP (ZTP Disabled), make sure
that the ZTP process is disabled before proceeding. After logging into the switch
for the first time and setting system root-authentication,
configure delete chassis auto-image-upgrade.
{master:0}
root> edit
Entering configuration mode
{master:0}[edit]
root# delete chassis auto-image-upgrade
{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode
{master:0}
root>Appy Initial Juniper Junos Configuration
Before installing Apstra device system agents on Juniper Junos devices, apply the minimum configuration below to the devices.
system {
login {
user aosadmin {
uid 2000;
class super-user;
authentication {
encrypted-password "xxxxx";
}
}
}
services {
ssh;
netconf {
ssh;
}
}
management-instance;
}
interfaces {
em0 {
unit 0 {
family inet {
address <address>/<cidr>;
}
}
}
}
routing-instances {
mgmt_junos {
routing-options {
static {
route 0.0.0.0/0 next-hop <management-default-gateway>;
}
}
}
}Starting in Apstra 4.1.2, devices with dual routing engines (QFX10008, for
example), the minimum configuration needs to include the commit
synchronize command at the [edit system] CLI
hierarchy.
To enable the commit synchronize command, issue the set
system commit synchronize command at the [edit
system] CLI hierarchy.
For example:
{master:0}
root> edit
Entering configuration mode
{master:0}[edit]
root# set system commit synchronize
{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration modeConfigure super-user User
For the device system agent to connect to the Juniper Junos device, you must
configure a local device user with class super-user.
{master:0}
root> edit
Entering configuration mode
{master:0}[edit]
root# set system login user aosadmin class super-user
{master:0}[edit]
root# set system login user aosadmin authentication plain-text-password
New password:
Retype new password:
{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode
{master:0}
root>If you intend to use a different authentication method for device access (such as RADIUS), you must use local password authentication first.
system authentication-order [ password radius ]
Configure IP address and Management VRF
Device system agents use the Junos mgmt_junos management-instance
VRF and the management interface (such as em0).
{master:0}
root> edit
Entering configuration mode
{master:0}[edit]
root# set system management-instance
{master:0}[edit]
root# set interfaces em0.0 family inet address 192.168.59.11/24
{master:0}[edit]
root# set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 192.168.59.1
{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode
{master:0}
root>If the Juniper device uses a different management interface (such as vme.0), configure the management IP address on it instead.
Configure SSH and NETCONF
Device system agents require Junos SSH and NETCONF access to be configured under
system services.
{master:0}
root> edit
Entering configuration mode
{master:0}[edit]
root# set system services ssh
{master:0}[edit]
root# set system services netconf ssh
{master:0}[edit]
root# commit and-quit
configuration check succeeds
commit complete
Exiting configuration mode
{master:0}
root>Add Junos License Configuration
You can add license configuration before installing the system agent (to make it part of the pristine configuration), but the preferred method is to add license configuration with configlets.