fix: correct casing for OPNsense throughout the document. updated blog post
This commit is contained in:
@@ -1,18 +1,18 @@
|
|||||||
---
|
---
|
||||||
title: "Junos ZTP with Dnsmasq DHCP in OPNSense"
|
title: "Junos ZTP with Dnsmasq DHCP in OPNsense"
|
||||||
date: "2025-08-14"
|
date: "2025-08-14"
|
||||||
layout: "post.njk"
|
layout: "post.njk"
|
||||||
tags: "posts"
|
tags: "posts"
|
||||||
excerpt: "Stop configuring your new lab devices manually!"
|
excerpt: "Stop configuring your new lab devices manually!"
|
||||||
---
|
---
|
||||||
|
|
||||||
Most people know that DHCP (Dynamic Host Configuration Protocol) is a protocol used to dynamically allocate IP addresses. But did you know that it can be used to configure other host device settings? Network device vendors like Junip... *ermm*, HPE Networking... take advantage of DHCP to implement "Zero Touch Provisioning" and even perform software upgrades for out-of-the-box devices. Here I will show you how to use OPNSense with Dnsmasq DHCP to "auto-provision" your Junos devices.
|
Most people know that DHCP (Dynamic Host Configuration Protocol) is a protocol used to dynamically allocate IP addresses. But did you know that it can be used to configure other host device settings? Network device vendors like Junip... *ermm*, HPE Networking... take advantage of DHCP to implement "Zero Touch Provisioning" and even perform software upgrades for out-of-the-box devices. Here I will show you how to use OPNsense with Dnsmasq DHCP to "auto-provision" your Junos devices.
|
||||||
|
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
* An OPNSense device with Dnsmasq DHCP enabled<sup>[[1]](#bottom)</sup>
|
* An OPNsense device with Dnsmasq DHCP enabled<sup>[[1]](#bottom)</sup>
|
||||||
* An understanding of OPNSense firewall rules<sup>[[2]](#bottom)</sup>
|
* An understanding of OPNsense firewall rules<sup>[[2]](#bottom)</sup>
|
||||||
* An (S)FTP server in your network reachable by the Junos devices
|
* An (S)FTP server in your network reachable by the Junos devices
|
||||||
* A Junos base configuration file saved on the (S)FTP server.
|
* A Junos base configuration file saved on the (S)FTP server.
|
||||||
* At least one zeroized Junos device
|
* At least one zeroized Junos device
|
||||||
@@ -85,15 +85,15 @@ If you have physical Junos devices you can also perform a software upgrade using
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## OPNSense Settings
|
## OPNsense Settings
|
||||||
|
|
||||||
### Dnsmasq DHCP
|
### Dnsmasq DHCP
|
||||||
|
|
||||||
This guide assumes you have OPNSense in your network already handing out old boring DHCP leases using Dnsmasq on a predetermined VLAN. If you're already there thankfully OPNSense makes it easy to just add some DHCP options.
|
This guide assumes you have OPNsense in your network already handing out old boring DHCP leases using Dnsmasq on a predetermined VLAN. If you're already there thankfully OPNsense makes it easy to just add some DHCP options.
|
||||||
|
|
||||||
### DHCP Options Tab
|
### DHCP Options Tab
|
||||||
|
|
||||||
1. Navigate to the DHCP Options tab in OPNSense. In the 'Options' section click the plus to add a your first DHCP option.
|
1. Navigate to the DHCP Options tab in OPNsense. In the 'Options' section click the plus to add a your first DHCP option.
|
||||||
2. Configure Option 150 like shown. Be sure to select the interface that your network devices are using and the IP of your FTP server.
|
2. Configure Option 150 like shown. Be sure to select the interface that your network devices are using and the IP of your FTP server.
|
||||||
|
|
||||||
3. Click add again and now we add Option 43 like so. Use the hex value you calculated earlier here.
|
3. Click add again and now we add Option 43 like so. Use the hex value you calculated earlier here.
|
||||||
@@ -101,7 +101,7 @@ This guide assumes you have OPNSense in your network already handing out old bor
|
|||||||
|
|
||||||
### Firewall rules
|
### Firewall rules
|
||||||
|
|
||||||
OPNSense will open up the port needed for DHCP but you will need to create your own firewall rule for the file transfer protocol you're using.
|
OPNsense will open up the port needed for DHCP but you will need to create your own firewall rule for the file transfer protocol you're using.
|
||||||
<br>
|
<br>
|
||||||
<br>
|
<br>
|
||||||
In this case I am using my NAS to host the FTP server so my config looks like so:
|
In this case I am using my NAS to host the FTP server so my config looks like so:
|
||||||
@@ -148,15 +148,18 @@ root@VM689D3B3F6F>
|
|||||||
<br>
|
<br>
|
||||||
|
|
||||||
For those with a keen eye you may notice that the base config does not have host-name configured. But with the magic of DHCP the device was able to configure its own unique hostname! Now you can use that hostname or the DHCP IP to SSH to the devices using root and `Tut0ria1!` as the password thanks to our config file!
|
For those with a keen eye you may notice that the base config does not have host-name configured. But with the magic of DHCP the device was able to configure its own unique hostname! Now you can use that hostname or the DHCP IP to SSH to the devices using root and `Tut0ria1!` as the password thanks to our config file!
|
||||||
|
<br>
|
||||||
|
<br>
|
||||||
|
If at this point you are not seeing successful ZTP logs check your Dnsmasq configuration and be sure the OPNsense firewall rule is working properly. If you have any questions or need help, feel free to [reach out](/#contact)!
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Conclusion
|
## Conclusion
|
||||||
|
|
||||||
Getting Junos ZTP set up really helped me create several virtual labs together while pursuing certifications and I hope this tutorial helped you.
|
This setup really helped me create many virtual labs while pursuing my certifications. I hope this tutorial can be helpful to someone starting their own lab. I know I could have used this a long time ago for sure!
|
||||||
<br>
|
<br>
|
||||||
<br>
|
<br>
|
||||||
This is only the beginning of our automation journey though! In the future I may do a tutorial on how to further automate device-specific settings using other automation tools and inventory files. Stay tuned!!
|
This is only the beginning of our automation journey though! In the future I may do a tutorial on how to further automate device-specific settings using other automation tools and inventory files. Stay tuned!
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user