- play_arrow Junos OS Overview
- play_arrow Junos OS Overview
-
- play_arrow Install, Upgrade, or Downgrade for Junos OS Software
- play_arrow Junos OS Install and Upgrade Overview
- play_arrow Prepare for Installation and Upgrade
- play_arrow Upgrade to Junos OS with Upgraded FreeBSD
- play_arrow Install Software on Routers
- play_arrow Install Software on Switches
- Installing Software on EX Series Switches
- Configuring Dual-Root Partitions
- Troubleshooting Software Installation on EX Series Switches
- Troubleshooting a Switch That Has Booted from the Backup Junos OS Image
- Installing Software on QFX Series Devices (Junos OS)
- Installing and Recovering Software Using the Open Network Install Environment (ONIE)
- Personality Upgrade Process
- Upgrading the Personality of QFX10002-60C and PTX10002-60C Devices
- play_arrow Install Software on Firewalls
- play_arrow Manage YANG Packages During an Upgrade or Downgrade
-
- play_arrow System Backup and Recovery
- play_arrow Back Up an Installation
- play_arrow Recover Junos OS
-
- play_arrow Installation, Upgrade, and Downgrade VM Host Software, and Back Up and Recovery of VM Host Devices
- play_arrow VM Host Overview and CLI Commands
- play_arrow Boot Process for Routers with VM Host Support
- play_arrow Installing, Upgrading, Backing Up, and Recovery of VM Host
- play_arrow Copying VM Host Installation Package to the PXE Boot Server
- play_arrow Upgrading NFX Devices
- play_arrow Creating an Emergency Boot Device for Routing Engines with VM Host Support
- play_arrow Upgrading Firmware on Routing Engines with VM Host Support
- play_arrow Disabling Autorecovery on Routing Engines with VM Host Support
-
- play_arrow Installing and Upgrading the BIOS and Firmware
- play_arrow For Routers
- play_arrow For Switches
- play_arrow For Firewalls
-
- play_arrow Phone-Home Client
- play_arrow Automatic Installation of Configuration Files
- play_arrow Automatic Installation of Configuration Files
-
- play_arrow Configuration Statements and Operational Commands
- play_arrow Configuration Statements and Operational Commands
-
Switching between Secure Zero Touch Provisioning and Zero Touch Provisioning
To see which platforms support Secure Zero Touch Provisioning (SZTP), go to Feature Explorer. In the Explore Features section of the Feature Explorer page, select All Features. In the Features Grouped by Feature Family box, select Secure ZTP. You can also type the name of the feature in the Search for Features edit box. See the Release History Table at the end of this topic for more details of how ZTP support has expanded.
Overview
Secure zero-touch provisioning (SZTP) requires additional network infrastructure, such as a secure ZTP server, for provisioning. If you have a secure device with SZTP as its default provisioning method, and dont have the network infrastructure to support SZTP, you can easily switch to ZTP. On the other hand, if your device's default provisioning method is ZTP, and you want to use SZTP for provisioning, you can easily switch to SZTP.
Benefits
On secure devices, you have the flexibility to switch between using SZTP and ZTP depending on your network infrastructure.
Switching between SZTP and ZTP
See the following table for the Junos OS and Junos OS Evolved commands and the VM Host OS Junos OS commands to use to switch between SZTP and ZTP and vice versa.
On MX304 devices without a backup Routing Engine, when you issue the
request vmhost zeroize ztp-option secure-(enable | disable)
command, you will see the following warning on the console: Backup RE is
not present. Zeroize backup RE when it is inserted.
| Junos OS and Junos OS Evolved | VM Host Junos OS |
|---|---|
request system zeroize ztp-option
secure-disableWhen you issue this command, the CLI checks to see if the device is a secure device. If the device is secure, the next time the device boots, the device uses ZTP as the provisioning solution. If the device is not secure, the process ends. | request vmhost zeroize ztp-option
secure-disableWhen you issue this command, the CLI checks to see if the device is a secure device. If the device is secure, the next time the device boots, the device uses ZTP as the provisioning solution. If the device is not secure, the process ends. |
request system zeroize ztp-option secure-enable
The CLI checks to see if the device is a secure device. If the device is secure, the process ends. The next time the device boots, the device uses SZTP as the provisioning solution. If the device is not a secure device, you will receive an error message that says the device is not secure, and the process ends. | request vmhost zeroize ztp-option secure-enable
The CLI checks to see if the device is a secure device. If the device is secure, the process ends. The next time the device boots, the device uses SZTP as the provisioning solution. If the device is not a secure device, you will receive an error message that says the device is not secure, and the process ends. |
If you don't specify the ztp-option option in either the
request system zeroize or request vmhost
zeroize command, the secure platform will bootstrap with SZTP as its
provisioning solution.
Caveats
When the device uses ZTP, the SZTP configuration remains on the device, and the SZTP client (phone-home client) runs passively. Once ZTP commits its configuration, the phone-home server configuration is removed.
If the default ZTP behavior is different from the type of zero-touch provisioning (ZTP or SZTP, for example) you're using, you will need to issue either the
request system zeroize ztp-option secure-(enable | disable)orrequest vmhost zeroize ztp-option secure-(enable | disable)command.If the current Junos OS or Junos OS Evolved software version on your device supports SZTP, but the software image you're upgrading to doesn't support SZTP, then bootstrapping with SZTP will fail. On devices running Junos OS or VM Host Junos OS, this is not applicable if the device is installed with SZTP as part of its factory default configuration.
