- play_arrow Introduction
- play_arrow Overview
- play_arrow Access and Manage Paragon Automation Account
-
- play_arrow Administration
- play_arrow Introduction
- play_arrow Organization Management
- play_arrow Site Management
- play_arrow User Management
- play_arrow Inventory Management
- play_arrow Audit Logs
-
- play_arrow Observability
- play_arrow Introduction
- play_arrow Troubleshoot Devices
- play_arrow View Network Topology
-
- play_arrow Trust and Compliance
- play_arrow Introduction
- play_arrow Manage Trust Settings and Trust Scores
- Compliance Standards Overview
- About the Compliance Benchmarks Page
- About the Compliance Tailorings Page
- Example: Create a Tailoring Document for NTP Settings
- About the Compliance Checklist Page
- Add a Checklist Template
- Add Checklist for a Device
- Import Scans and Update Rule Results in a Checklist
- Trust Plans Overview
- About the Network Score Formula Page
- Trust Score Overview
- About the Network Score Page
- About the Snapshots Page
- Add a Snapshot for a Target
- play_arrow Manage Compliance Scans
- play_arrow Manage Vulnerabilities
- play_arrow Monitor Integrity
-
- play_arrow Service Orchestration
- play_arrow Introduction
- play_arrow View Service Design Catalog
- play_arrow Manage Customers
- play_arrow Add Resources for Network Services
- play_arrow Manage Service Instances
- play_arrow Provision L3VPN Service
- play_arrow Monitor Service Order Execution Workflows
-
- play_arrow Active Assurance
- play_arrow Introduction
- play_arrow Test Agents
- play_arrow Tests and Monitors
-
- play_arrow Paragon Shell CLI Reference
- play_arrow Introduction
- play_arrow Operational Mode Commands
- file copy
- monitor
- request paragon backup
- request paragon cluster pods reset
- request paragon cluster upgrade
- request paragon config
- request paragon deploy
- request paragon deploy cluster
- request paragon destroy cluster
- request paragon fix-permission
- request paragon load
- request paragon repair-node
- request paragon replace-node
- request paragon restore
- request paragon running-config
- request paragon ssh
- request paragon ssh-key
- request paragon storage cleanup
- request paragon super-user password reset
- request system decrypt password
- request system reboot
- show configuration paragon cluster
- show host disk usage
- show paragon backup
- show paragon certificate expiry-date certificate-type
- show paragon cluster
- show paragon cluster details
- show paragon cluster namespaces
- show paragon cluster nodes
- show paragon cluster pods
- show paragon cluster pods namespace healthbot sort
- show paragon images version
- show paragon images version namespace
- show paragon pvc details
- show paragon version
- play_arrow Configuration Mode Commands
- delete paragon cluster
- load set
- set paragon cluster applications
- set paragon cluster common-services ingress
- set paragon cluster install
- set paragon cluster mail-server
- set paragon cluster nodes
- set paragon cluster ntp
- set paragon cluster papi
- set paragon cluster victoria-metrics
- set paragon monitoring
- set system login
- play_arrow Troubleshooting Commands
- Troubleshoot Using the Paragon Shell CLI Commands
- request support information
- request paragon troubleshooting information
- request paragon debug
- request paragon debug get-tsdb-data
- request paragon debug insights-kafka-data
- request paragon debug kafka
- request paragon debug logs
- request paragon debug logs namespace
- request paragon debug postgres
- request paragon debug redis
- play_arrow Service Orchestration
- About the Service Orchestration cMGD CLI
- set foghorn:core org-id
- set service design default version
- show service order status
- show service order as-json
- show service order as-yaml
- show service designs
- show device dependant configuration
- show insights configuration
- show configuration foghorn:customers
- request service project add
- request service orders sync
- request network resources load
- request service order upload
- request service order place
- request service order modify
- request service order delete
- request service order submit
- request service order provision
- request service design install
- request service design uninstall
-
Adopt a Device
You must be a user with Super User or Network Admin privileges to adopt or onboard a device (router, switch, or firewall).
You can only adopt routers in this release.
A Super User or Network Admin can adopt a device both new devices (greenfield) and devices that are already a part of the network (brownfield device), and manage the device by using Paragon Automation. When you adopt a device that is not associated with a network implementation plan, you (Super User or Network Admin) must manually update configurations by using configuration templates, apply licenses, and upgrade software. However, if you use a network implementation plan to onboard devices, you can make the changes to the network implementation plan and publish the changes for the changes to take effect on the devices included in the plan. You also obtain the granular metrics about the device’s health and performance by using the network implementation plan to onboard a device.
The status of a device that is already installed and connected to the network, but is not managed by the Paragon Automation appears as Disconnected on the Inventory page (Inventory > Devices > Network Inventory). When you adopt a device, the device connects with Paragon Automation and the status of the device changes to Connected, indicating that the device is managed by Paragon Automation.
You can adopt a device to Paragon Automation by using any of the following methods:
Adopt a device by using ZTP; see Adopt a Device by using ZTP.
Adopt a device without ZTP; see Adopt a Device without ZTP.
Before you adopt a device, ensure that:
The device can reach the gateway.
Note:If a firewall exists between Paragon Automation and the device, configure the firewall to allow outbound access on TCP ports 443, 2200, 6800, and 32,767 from the management port of the device.
The device can connect to Paragon Automation.
Adopt a Device by using ZTP
Prerequisites:
A network implementation plan should be configured for the device.
The device should be zeroized or in its factory-default settings.
A TFTP server reachable from the device
A DHCP server reachable from the device, with the ability to respond to the device with the TFTP server and configuration file (script) name
Figure shows the workflow for adopting device by using ZTP.
The steps for the workflow are as follows:
Sample Onboarding Script for Committing SSH Configuration on a Device
The following is a sample of the onboarding script that is downloaded from the TFTP server to the device:
#!/usr/bin/python from jnpr.junos import Device from jnpr.junos.utils.config import Config from jnpr.junos.exception import * import sys def main(): config = "set system services ssh protocol-version v2\n\ set system authentication-order password\n\ set system login user jcloud class super-user\n\ set system login user jcloud authentication encrypted-password $6$Oi4IvHbbFYT.XgXP7$43TeEU7V0Uw3CBlN/HFKQT.Xl2wsm6GEBaS9pfE9d3VrINIKBqlYlJfE2cTcHsCSSVboNnVtqJEaLNUBAfbu.\n\ set system login user jcloud authentication ssh-rsa \"ssh-rsa AAAAB3NzaC1yc2EAAAAADAQABAAABgQCuVTpIyaDwBuB8aTVrzxDQO50BS5GtoGnMBkWbYi5EEc0n8eJGmmbINE8auRGGOtY/CEbIHKSp78ptdzME0uQhc7UZm4Uel8C3FRb3qEYjr1AMJMU+hf4L4MYWYXqk+Y9RvnWBzsTO2iEqGU0Jk0y7Mev5z/YI9r8u8MZlWKdQzegBRIkL4HYYOAeAbenNw6ddxRzAP1bPESpmsT+0kChu3jYg8dzKbI+xjDBhQsKCFfO5cXyALjBMI3beaxmXRV02UGCEBl+5Xw6a3OCiP7jplr92rFBjbqgh/bYoJRYz1Rc3AirDjROQuDdpHRn+DuUjPlyV17QR9Qvwn4OAmWM9YKWS/LZ375L8nacOHmlv4f0KETU4LScTFQXR6xiJ6RizEpO338+xmiVq6mOcv5VuXfNApdl8F3LWOxLGFlmieB4cEEyJ7MK9U+TgS7MlcAP+XAeXYM2Vx1b+UCyYoEyDizaRXZvmP5BPpxpb5L2iuXencZMbbpEbnNX/sk3teDc= jcloud@5c96fb73-4e3a-4d8b-8257-7361ef0b95e7\"\n\ set system services outbound-ssh client jcloud secret f72b785d71ea9o017f911a5d6c9o8c95f12a265e19e886f07a364ce12aa99c6c1ca072a1ccc7d39b3f8a7c94e7da761d1396714c0b32ef32b6e7d3c9ab62cf49d8d\n\ set system services outbound-ssh client jcloud services netconf keep-alive retry 12 timeout 5\n\ set system services outbound-ssh client jcloud oc-term.cloud.juniper.net port 2200 timeout 60 retry 1000\n\ set system services outbound-ssh client jcloud device-id 5c96fb73-4e3a-4d8b-8257-7391ef0b95e7.0ad21cc9-1fd6-4467-96fd-1f0750ad2678\n\ set system root-authentication encrypted-password \"$6$OeRp2LWC$/ZLm9CMiR.SeEunv.5sDksFHIkzafuHLf5f7sp1ZANYT0iiz6rk2A1d/4Bq1gmxBhEb1XFtskrocLD7VHvPU10\"" dev = Device() dev.open() try: with Config(dev, mode="exclusive") as cu: print ("Loading and committing configuration changes") cu.load(config, format="set", merge=True) cu.commit() except Exception as err: print (err) dev.close() if __name__ == "__main__": main()
What's Next
Connect to the Paragon Automation GUI and view the status of device onboarding. After the device status changes to Connected on the Inventory page (Inventory > Devices > Network Inventory), you can start managing the device. See Device Management Workflow.
Adopt a Device without ZTP
What's Next
Connect to the Paragon Automation GUI and view the status of device onboarding. After the device status changes to Connected on the Inventory page (Inventory > Devices > Network Inventory), you can start managing the device. See Device Management Workflow.