Hi,
Involved in an automation project around ZTP, i try to upgrade a SRX using DHCP options. The config below comes from several sources even this one :
Zero Touch Provisioning
Juniper |
remove preview |
|
Zero Touch Provisioning |
Zero Touch Provisioning installs or upgrades the software automatically on your new Juniper Networks devices with minimal manual intervention. Zero Touch Provisioning (ZTP) allows you to provision new Juniper Networks devices in your network automatically, with minimal manual intervention. You can use either management ports or network ports, depending on your device, to connect to the network. |
View this on Juniper > |
|
|
and this one :
Mise à jour et configuration automatique pour Juniper
Bernat |
remove preview |
|
Mise à jour et configuration automatique pour Juniper |
La documentation de Juniper sur ZTP explique comment configurer le serveur ISC DHCP pour mettre à niveau et configurer automatiquement au premier démarrage un équipement Juniper. Toutefois, la configuration proposée pourrait être un brin plus élégante. Cette note explique comment. En bref Ne redéfinissez pas l'option 43. Utilisez plutôt la directive vendor-option-space. |
View this on Bernat > |
|
|
Please find below the extract of my dhcpd.conf :
set vendor-string = option vendor-class-identifier;
option ztp-file-server code 150 = { ip-address };
option space ztp-vl100;
option ztp-vl100.image-file-name code 0 = text;
option ztp-vl100.config-file-name code 1 = text;
option ztp-vl100.image-file-type code 2 = text;
option ztp-vl100.transfer-mode code 3 = text;
option ztp-vl100.http-port code 5 = text;
option ztp-vl100-encapsulation code 43 = encapsulate ztp-vl100;
#
# Classes
#
class "juniper-srx" {
match if ( substring (option vendor-class-identifier,0,11) = "juniper-srx");
vendor-option-space = "ztp-vl100";
}
#
# Subnet declarations
#
#VLAN 100 Subnet Declaration
subnet 192.168.100.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.100.254;
option broadcast-address 192.168.100.255;
#range 192.168.100.230 192.168.100.239;
# Address pool(s)
pool {
range 192.168.100.10 192.168.100.20;
allow members of "juniper-srx";
#option tftp-server-name "192.168.0.248";
option ztp-file-server 192.168.0.248;
option ztp-vl100.transfer-mode "http";
option ztp-vl100.http-port "80";
option ztp-vl100.image-file-name "/opt/netos/juniper/srx/junos-srxsme-20.3R1.8.tgz";
}
}
My SRX is configured to send its vendor ID :
set interfaces ge-0/0/0 unit 0 family inet dhcp-client vendor-id juniper-srx
And accepts dhcp packets :
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
Still it doesn't receive any ip address lease. It looks like the SRX doesn't fall into the class definition in my dhcpd.conf file.
Some help would be very appreciated !
Thanks in advance !
Jerems
------------------------------
JEREMIE Rouzet
------------------------------