View Only
last person joined: 6 days ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.
  • 1.  ZTP with SRX Device v15.1X49-D75.5 and ISC v4.4.1

    Posted 01-20-2022 05:41

    Involved in an automation project around ZTP, i try to upgrade a SRX using DHCP options. The config below comes from several sources even this one :

    Zero Touch Provisioning
    Juniper remove preview
    Zero Touch Provisioning
    Zero Touch Provisioning installs or upgrades the software automatically on your new Juniper Networks devices with minimal manual intervention. Zero Touch Provisioning (ZTP) allows you to provision new Juniper Networks devices in your network automatically, with minimal manual intervention. You can use either management ports or network ports, depending on your device, to connect to the network.
    View this on Juniper >

    and this one :

    Mise à jour et configuration automatique pour Juniper

    Bernat remove preview
    Mise à jour et configuration automatique pour Juniper
    La documentation de Juniper sur ZTP explique comment configurer le serveur ISC DHCP pour mettre à niveau et configurer automatiquement au premier démarrage un équipement Juniper. Toutefois, la configuration proposée pourrait être un brin plus élégante. Cette note explique comment. En bref Ne redéfinissez pas l'option 43. Utilisez plutôt la directive vendor-option-space.
    View this on Bernat >

    Please find below the extract of my dhcpd.conf :

    set vendor-string = option vendor-class-identifier;
    option ztp-file-server code 150 = { ip-address };
    option space ztp-vl100;
    option ztp-vl100.image-file-name code 0 = text;
    option ztp-vl100.config-file-name code 1 = text;
    option ztp-vl100.image-file-type code 2 = text;
    option ztp-vl100.transfer-mode code 3 = text;
    option ztp-vl100.http-port code 5 = text;
    option ztp-vl100-encapsulation code 43 = encapsulate ztp-vl100;

    # Classes

    class "juniper-srx" {
    match if ( substring (option vendor-class-identifier,0,11) = "juniper-srx");
    vendor-option-space = "ztp-vl100";

    # Subnet declarations

    #VLAN 100 Subnet Declaration

    subnet netmask {
    option subnet-mask;
    option routers;
    option broadcast-address;

    # Address pool(s)
    pool {
    allow members of "juniper-srx";
    #option tftp-server-name "";
    option ztp-file-server;
    option ztp-vl100.transfer-mode "http";
    option ztp-vl100.http-port "80";
    option ztp-vl100.image-file-name "/opt/netos/juniper/srx/junos-srxsme-20.3R1.8.tgz";

    My SRX is configured to send its vendor ID :

    set interfaces ge-0/0/0 unit 0 family inet dhcp-client vendor-id juniper-srx

    And accepts dhcp packets :

    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp

    Still it doesn't receive any ip address lease. It looks like the SRX doesn't fall into the class definition in my dhcpd.conf file.

    Some help would be very appreciated !

    Thanks in advance !


    JEREMIE Rouzet

  • 2.  RE: ZTP with SRX Device v15.1X49-D75.5 and ISC v4.4.1

    Posted 01-21-2022 15:47

    Understanding ZTP on SRX Series Devices

    Zero Touch Provisioning (ZTP) enables you to provision and configure devices automatically, minimizing most of the manual intervention required for adding devices to a network. ZTP is supported on SRX300, SRX320, SRX340, SRX345, SRX550M, and SRX1500 devices.

    Starting in Junos OS Release 20.2R1 on SRX300, SRX320, SRX340, SRX345, SRX550 HM, and SRX1500 devices, you can use Zero Touch Provisioning with DHCP options to provision your device. See Zero Touch Provisioning Using DHCP Options for more information.

    I can confirm that with this junos version 20.2R1, DHCP option 60 is sent by device automatically with string "Juniper-srx300" which was not the case in previous versions !

    Jeremie Rouzet