I've heard that the SRX's implementation of ZTP leaves a bit to be desired. In any case, my requirements are very simple. All I want is for my SRX to get a DHCP address and pull down a configuration file which will set a root password and allow a netconf session. I cannot, for the life of me, get the SRX to pay attention to any custom options (43, for example), that the DHCP server is sending. I have dhcpd configured like so:
The SRX is getting the right IP address, and I can see the DHCP transaction is working properly with the server sending the right information in option 43, but the SRX doesn't seem to be paying any attention to it:
root> show dhcp client binding detail
Client Interface/Id: ge-0/0/0.0
Hardware Address: 40:71:83:2b:14:01
Lease Expires: 2020-02-08 17:28:27 UTC
Lease Expires in: 85544 seconds
Lease Start: 2020-02-07 17:28:27 UTC
Vendor Identifier Juniper-srx345
Server Identifier: 192.168.11.10
Client IP Address: 192.168.1.18
Update Server No
Name: dhcp-lease-time, Value: 1 day
Name: server-identifier, Value: 192.168.11.10
Name: router, Value: [ 192.168.1.1 ]
Name: name-server, Value: [ 192.168.192.10, 192.168.192.12 ]
Name: boot-server, Value: 192.168.192.30
Name: subnet-mask, Value: 255.255.255.0
Name: domain-name, Value: domain.local
I've tried setting the file name to various different things with various different extenions (.xml, .config, .txt, .cnf, etc), but nothing seems to work. It doesn't appear that the SRX is even attempting to pull down a configuration file, as running a packet capture on the TFTP server shows nothing.
Has anybody gotten anything close to ZTP working on an SRX before?
Well, it's in XML at the moment, but it doesn't even get that far. The SRX never attempts to pull the config file down from the TFTP server at all. So it seems pretty clear at the moment that the problem is regarding the SRX's treatment of the DHCP offer. The DHCP offer contains a hostname, option 43 with a config file specified, etc, etc, but the SRX doesn't pay attention to those at all, and instead just takes the IP given and that's it. I don't see log messages on the console at all regarding ZTP, so it's like it's not even trying.
Right, but like I said the content of the file is irrelevant at the moment. The SRX isn't even trying to request the file, so the SRX doesn't know what the contents of the file is. It could be an MP3 for the all the SRX knows, and it won't have any information about the file until it's been requested, downloaded, and analyzed, which it's not doing for some reason. At this point I'm trying to figure out why the SRX isn't attempting to download the file, once I figure that out then I can worry about the contents of the file.
A tftpserver on 10.240.15.238 holds the relevant config files.
This has worked well for a year or so.
Now, I am testing this in the lab today, in order to come up with better deployment procedure. And I absolutely cannot get this to work with 15.1X49-D190.2. The right options are being sent, and the SRX heads straight for the 'phone home' thingy. Completely ignoring the tftp option.
And by studying the defaultconfig of D190.2, I start to wonder if Juniper have implemented the proper ZTP protocol now. There are some highly relevant changes pointing in that direction. Will test some more.