Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create Onbox Agent

To create onbox agents, you need full admin / root privileges. We recommend that you create a dedicated user on the device using Apstra ZTP or other means. Before installing agents, make sure to do the following:

  • Add login credentials for the devices.
  • Configure management IP connectivity between devices and the Apstra server. You must do this before installing agents so it’s out-of-band (OOB). Configuring management connectivity in-band (through the fabric) is not supported and could cause connectivity issues when you make changes to the blueprint.
  • Upload required packages.
  1. Configure the minimum configuration on your devices as shown below, as applicable:

    Juniper Junos OS Evolved Onbox Agent Minimum Configuration

    Note:

    The minimum release version for Junos OS Evolved switches on onbox agents is 22.4R3.

    The minimum release version for Junos OS Evolved switches on onbox agents is 22.4R3.

    Cisco NX-OS Onbox Agent Minimum Configuration

    Arista EOS Onbox Agent Minimum Configuration

    SONiC

    SONiC has no specific configuration requirements other than Management Network and privileged user access.

  2. Some configuration could raise validation errors. Make sure the following configuration is not on the devices (and any other configuration that would raise validation errors):
    • VLANs other than VLAN 1
    • VRFs other than "management"
    • Interface IP addresses other than "management"
    • Loopback interfaces
    • VLAN interfaces
    • VXLAN interfaces
    • AS-Path access-lists
    • IP prefix-lists
    • Route maps or policies
    • BGP configuration
  3. From the left navigation menu, navigate to Devices > Managed Devices and click Create Onbox Agent(s).
    The Create Onbox System Agent(s) dialog opens.
  4. Enter up to 25 device IP addresses in the Device Addresses field.
    Note:

    If you're creating an agent for Junos EVO that has dual routing engines, create it with a master-only address. If you don't, then when routing engine master switchover occurs, the agent may not work correctly or it may introduce problems.

  5. If you're not using an agent profile with credentials, select the check boxes for username and password and add credentials.
  6. If you are using agent profiles (that you previously defined), select the agent profile from the Agent Profile drop-down list, so you don't have to manually enter credentials and packages.
  7. Select the job to run after creation:
    • Install (default) - installs the agent on the device
    • Check - creates the agent, but does not install it. It appears in the table view where you can install it later.
  8. Install Requirements is for servers. If servers don't have Internet connectivity, deselect the box.
  9. Packages that you've previously installed appear in the Packages section. Packages associated with selected agent profiles are listed here as well. Select packages, as required.
  10. Click Create.

    During the agent install process, device configuration is validated; if the device contains configuration that could prevent service configuration from deploying, the agent install process raises an error.

    In this case, check the device log for error details (Navigate to Devices / Managed Devices, click the three dots in the device's Actions panel (right column), then in the Agent menu click the Show Log button (eyeball).) Manually remove conflicting configuration and start the agent installation process again.

    If you must complete the agent installation with configuration validation errors, you can disable pristine configuration validation. To do this, from Devices > Managed Devices, click Advanced Settings (top-right), select Skip Pristine Configuration Validation, then click Update.

    For information about retaining pre-existing configuration when bringing devices under Apstra management, see Device Configuration Lifecycle.

    Note:

    On some platforms (Junos for example) you can configure rate-limiting for management traffic (SSH for example). When the Apstra server interacts directly with devices it can be more bursty than when it interacts with a user. Rate-limiting configurations that are used for hardening security can impact device management, and lead to deployment failures and other agent-related issues.

    While the task is active you can view its progress at the bottom of the screen in the Active Jobs section. The job status changes from Initialized to In Progress to Succeeded.