SRX Services Gateway
SRX Services Gateway


[ Edited ]
‎02-07-2020 09:45 AM

I've heard that the SRX's implementation of ZTP leaves a bit to be desired. In any case, my requirements are very simple. All I want is for my SRX to get a DHCP address and pull down a configuration file which will set a root password and allow a netconf session. I cannot, for the life of me, get the SRX to pay attention to any custom options (43, for example), that the DHCP server is sending. I have dhcpd configured like so:


option option-150 code 150= ip-address;
option space ZTP;
option ZTP.image-file-name code 0 = text;
option ZTP.config-file-name code 1 = text;
option ZTP.image-file-type code 2 = text;
option ZTP.transfer-mode code 3 = text;
option ZTP.alt-image-file-name code 4= text;
option ZTP.http-port code 5= text;
option ZTP-encapsulation code 43 = encapsulate ZTP;

host srx01 {
        hardware ethernet 40:71:83:2b:14:01;
        option host-name "srx01";
        option ZTP.config-file-name "network.conf";
        option ZTP.transfer-mode "tftp";
        option option-150;
        option tftp-server-name "";

The SRX is getting the right IP address, and I can see the DHCP transaction is working properly with the server sending the right information in option 43, but the SRX doesn't seem to be paying any attention to it:


root> show dhcp client binding detail

Client Interface/Id: ge-0/0/0.0
     Hardware Address:             40:71:83:2b:14:01
     State:                        BOUND(LOCAL_CLIENT_STATE_BOUND)
     Lease Expires:                2020-02-08 17:28:27 UTC
     Lease Expires in:             85544 seconds
     Lease Start:                  2020-02-07 17:28:27 UTC
     Vendor Identifier             Juniper-srx345
     Server Identifier:  
     Client IP Address:  
     Update Server                 No

DHCP options:
    Name: dhcp-lease-time, Value: 1 day
    Name: server-identifier, Value:
    Name: router, Value: [ ]
    Name: name-server, Value: [, ]
    Name: boot-server, Value:
    Name: subnet-mask, Value:
    Name: domain-name, Value: domain.local

I've tried setting the file name to various different things with various different extenions (.xml, .config, .txt, .cnf, etc), but nothing seems to work. It doesn't appear that the SRX is even attempting to pull down a configuration file, as running a packet capture on the TFTP server shows nothing.


Has anybody gotten anything close to ZTP working on an SRX before?

SRX Services Gateway


‎02-07-2020 10:09 AM

Hi ian.barrere@datavai…

Is your configuration of network.conf in set commands or brackets?  this must in be brackets so it can push the configuration when using ztp.
Also, to confirm if the config file has been pushed is when you finish the ztp installation - after reboot - you should get messages in the console what might fail , this might give you a clue.

Thank you, 



If this solves your problem, please mark this post as "Accepted Solution".

If you think that my answer was helpful, please spend some Kudos.

SRX Services Gateway


‎02-07-2020 10:45 AM

Well, it's in XML at the moment, but it doesn't even get that far. The SRX never attempts to pull the config file down from the TFTP server at all. So it seems pretty clear at the moment that the problem is regarding the SRX's treatment of the DHCP offer. The DHCP offer contains a hostname, option 43 with a config file specified, etc, etc, but the SRX doesn't pay attention to those at all, and instead just takes the IP given and that's it. I don't see log messages on the console at all regarding ZTP, so it's like it's not even trying.

SRX Services Gateway


‎02-07-2020 10:49 AM

I'm not an expert on xml, but most of the times, i tried to use .conf in brackets and work fine, i'm not even sure if xml is supported for ztp, let me look.

SRX Services Gateway


[ Edited ]
‎02-07-2020 12:39 PM

Right, but like I said the content of the file is irrelevant at the moment. The SRX isn't even trying to request the file, so the SRX doesn't know what the contents of the file is. It could be an MP3 for the all the SRX knows, and it won't have any information about the file until it's been requested, downloaded, and analyzed, which it's not doing for some reason. At this point I'm trying to figure out why the SRX isn't attempting to download the file, once I figure that out then I can worry about the contents of the file.

SRX Services Gateway


2 hours ago

Sorry about the late reply.

I have been using dhcp/tftp for loading a minimum config suitable for our purposes, on straight out of box or zeroized  SRXes.


The vendor-option-space juniper thingy has not applied to our SRXes at all. Only for EX.

For SRX, this has been the relevant part of the ISC dhcpd config:


option option-150 code 150 = {ip-address};

subnet netmask {
    option routers;
    option subnet-mask;
    option option-150; 

    pool {

        range dynamic-bootp;




A tftpserver on holds the relevant config files.


This has worked well for a year or so.

Now, I am testing this in the lab today, in order to come up with better deployment procedure. And I absolutely cannot get this to work with 15.1X49-D190.2. The right options are being sent, and the SRX heads straight for the 'phone home' thingy. Completely ignoring the tftp option.


And by studying the defaultconfig of D190.2, I start to wonder if Juniper have implemented the proper ZTP protocol now. There are some highly relevant changes pointing in that direction. Will test some more.



SRX Services Gateway


2 hours ago

To follow up on my own post just above this:

I just tested with offering the SRX the whole option 43 enchilada, and it is ignored.

What I do see from the D190 default config is that the system | autoinstallation stanza is missing the interfaces subclause which was present earlier.

I will try to add that to the default install and remove the dhcp config from the main interfaces section and see if autoinstall works then.