Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to prepare and add Junos device to NSM using NSM auto discovery

0

0

Article ID: KB16247 KB Last Updated: 24 Feb 2020Version: 2.0
Summary:
How to prepare and add Junos device to NSM using NSM auto discovery.
Symptoms:
NSM can autodiscover devices on the network and add them to the managed device database.
Some device preparation is necessary to accomplish this.  The steps are included below.

Note:  The Autodiscover feature requires SSH v2 and SNMP access, which is specified in step 5.       
 
Solution:

Perform the following steps to add a Junos device to NSM using NSM auto discovery:

  1. Log in to the JUNOS device.

    Amnesiac (ttyu0)
    
    login: root
    Password:
    
    --- JUNOS 9.6R1.13 built 2009-08-01 09:23:09 UTC
    root@%
  2. Enter the configuration CLI mode if needed:

    root@% cli
    root>

  3. Confirm device has the necessary configuration for connectivity: root-authentication, interface, routing, security zones. Security devices such as JSRX block all traffic by default, including management traffic.

    Run the following command, and check the settings for the following set commands.  For branch SRX devices, make sure the services required for NSM are opened for access (see bolded line below). In this example, the ge-0/0/0 interface is used to accept all inbound management traffic; you may be using a different interface for management.

    root> show configuration | display set
    set version 9.6R1.13
    set system root-authentication encrypted-password "$ABC123"
    set interfaces ge-0/0/0 unit 0 family inet address 10.85.49.149/24
    set routing-options static route 0.0.0.0/0 next-hop 10.85.49.1

    set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
  4. Enter configuration mode:

    root> edit
    Entering configuration mode

    [edit]
    root#

  5. Configure netconf ssh AND SNMP community on the device. If the device is a cluster, configure the appropriate groups.

    [edit]
    root# set system services netconf ssh

    [edit]
    root# set snmp community community1
    root# set snmp location lab

    [edit]
    root# commit and-quit
    commit complete
    Exiting configuration mode

    root>
  6. In NSM, select the Device Discovery Rules page:

  7. Configure the Device Discovery Rule:

  8. Accept the Update Topology Manager Preferences warning message:

  9. Click "Run" icon to begin device discovery:

  10. After devices are discovered, accept appropriate devices and click "Ok":

  11. Device will receive NSM config through SSH connection and then will connect back to NSM over secure netconf tunnel.  The configuration will look similar to the following:

    root> show configuration | display set
    set version 9.6R1.13
    set system root-authentication encrypted-password "$ABC123"
    set system services netconf ssh
    set system services outbound-ssh client nsm-10.85.34.46 device-id E65E54
    set system services outbound-ssh client nsm-10.85.34.46 secret "$ABC123"
    set system services outbound-ssh client nsm-10.85.34.46 services netconf
    set system services outbound-ssh client nsm-10.85.34.46 10.85.34.46 port 7804
    set system syslog file default-log-messages any any
    set system syslog file default-log-messages structured-data
    set interfaces ge-0/0/0 unit 0 family inet address 10.85.49.149/24
    set snmp community community1
    set routing-options static route 0.0.0.0/0 next-hop 10.85.49.1
    set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all

    root>
  12. Click "Ok" to close Discovery completed message box and then close Device discovery progress box:

    Device is now imported into NSM and is managed and in-sync.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search