Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
See matching posts in thread - I'm learning configuration groups and have a que...
You can use configuration groups (such as ' interface-details ' and ' cos-details ' in this example) with commit scripts to retain the details of any configuration expansions in the configuration database, where you can change them more easily. Source Code and GitHub Links The source code below is also available from the following GitHub locations: params in Junoscriptorium on GitHub Example Configuration Example Output SLAX Script Contents XML Script Contents Example Configuration 01 system ( 02 scripts ( 03 commit ( 04 allow-transients; 05 file params.xsl; 06 ) 07 ) 08 ) 09 interfaces ( 10 so-1/2/3 ( 11 apply-macro params ( 12 clocking internal; 13 description "Link to Hoverville"; 14 encapsulation ppp; 15 inet-address 10.1.2.3/28; 16 isis-level-1 enable; 17 isis-level-1-metric 50; 18 isis-level-2-metric 85; 19 ) 20 ) 21 ) Example Output 01 system ( 02 scripts ( 03 commit ( 04 allow-transients; 05 file params.xsl; 06 ) 07 ) 08 ## Warning: missing mandatory statement(s): 'root-authentication' 09 ) 10 interfaces ( 11 so-1/2/3 ( 12 apply-groups interface-details; ## 'interface-details' is not defined 13 apply-macro params ( 14 clocking internal; 15 description "Link to Hoverville"; 16 encapsulation ppp; 17 inet-address 10.1.2.3/28; 18 isis-level-1 enable; 19 isis-level-1-metric 50; 20 isis-level-2-metric 85; 21 ) 22 description "Link to Hoverville"; 23 encapsulation ppp; 24 unit 0 ( 25 family inet ( 26 address 10.1.2.3/28; 27 ) 28 ) 29 ) 30 ) 31 protocols ( 32 rsvp ( 33 interface so-1/2/3.0; 34 ) 35 isis ( 36 interface so-1/2/3.0 ( 37 level 1 ( 38 enable; 39 metric 50; 40 ) 41 level 2 metric 85; 42 ) 43 ) 44 ldp ( 45 interface so-1/2/3.0; 46 ) 47 ) 48 class-of-service ( 49 interfaces ( 50 so-1/2/3 ( 51 apply-groups cos-details; ## 'cos-details' is not defined 52 ) 53 ) 54 ) SLAX Script Contents 001 /* Machine Crafted with Care (tm) by slaxWriter */ 002 version 1.0; 003 004 005 /* 006 - $Id: params.slax,v 1.1 2007/10/17 18:37:03 phil Exp $ 007 - 008 - Copyright (c) 2004-2005, Juniper Networks, Inc. 009 - All rights reserved. 010 - 011 */ 012 ns junos = "http://xml.juniper.net/junos/*/junos"; 013 ns xnm = "http://xml.juniper.net/xnm/1.1/xnm"; 014 ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0"; 015 016 import "../import/junos.xsl"; 017 018 /* 019 - This example uses an apply-macro to turn simplified interface 020 - configuration into a diverse set of configuration statements. 021 - 022 - Using configuration groups (such as 'interface-details' and 023 - 'cos-details' in this example) with commit scripts can keep the 024 - details of any configuration expansions in the configuration 025 - database, where they can be more easily changed. 026 */ 027 match configuration ( 028 var $top = .; 029 030 for-each (interfaces/interface/apply-macro[name == "params"]) ( 031 var $description = data[name == "description"]/value; 032 var $inet-address = data[name == "inet-address"]/value; 033 var $encapsulation = data[name == "encapsulation"]/value; 034 var $clocking = data[name == "clocking"]/value; 035 var $isis-level-1 = data[name == "isis-level-1"]/value; 036 var $isis-level-1-metric = data[name == "isis-level-1-metric"]/value; 037 var $isis-level-2 = data[name == "isis-level-2"]/value; 038 var $isis-level-2-metric = data[name == "isis-level-2-metric"]/value; 039 var $ifname =
interfaces ( (% for ifs in interfaces %) (% set intf = interfaces[ifs] %) (( ifs )) ( (% if intf.description is defined %) description "(( intf.description ))"; (% endif %) (% if intf.units is defined and intf.units is iterable %) (% for unit in intf.units %) unit (( unit.id )) ( family inet ( address (( unit.ip ))/(( unit.mask bits )); (% if unit.filter is defined %) filter ( (% if unit.filter.in is defined %) input ((unit.filter.in)); (% endif %) (% if unit.filter.out is defined %) output (( unit.filter.out )); (% endif %) ) (% endif %) ) (% if intf.vlan tagging is defined %) description "(( unit.description ))"; vlan-id ((unit.vlan id)); (% endif %) (% if intf.syslog is defined %) description "(( unit.description ))"; (% endif %) ) (% endfor %) (% endif %) (% if intf.redundant parent is defined %) gigether-options ( redundant-parent (( intf.redundant parent )); ) (% endif %) (% if intf.mtu is defined %) mtu (( intf.mtu )); (% endif %) (% if intf.vlan tagging is defined %) vlan-tagging; (% endif %) (% if intf.redundant options is defined %) redundant-ether-options ( redundancy-group (( intf.redundant options.group )); (% if intf.lacp is defined %) lacp ( active; periodic fast; ) (% endif %) ) (% endif %) ) (% endfor %) ) Here is the YAML: interfaces: reth0: description: core facing interface lacp: true mtu: 9154 redundant options: ( group: 1 ) reth: true units: - ( id: 0, ip: 10.0.0.1, mask bits: 31 ) ge-0/0/0: description: access facing interface mtu: 1500 vlan tagging: true units: - description: customer 1 id: 1 vlan id: 1 ip: 10.0.1.1 mask bits: 30 filter: in: CUSTOMER IN FILTER out: CUSTOMER OUT FILTER - description: customer 2 id: 2 vlan id: 2 ip: 10.0.2.1 mask bits: 30 filter: in: CUSTOMER IN FILTER out: CUSTOMER OUT FILTER xe-1/0/0: ( description: core1.site1 xe-1/0/0, redundant parent: reth0 ) xe-2/0/0: ( description: core1.site1 xe-2/0/0, redundant parent: reth0 ) This example generates the configuration for a core interface and access interface on an SRX
Phase 1 config set security ike proposal my ncp proposals authentication-method pre-shared-keys set security ike proposal my ncp proposals dh-group group2 set security ike proposal my ncp proposals authentication-algorithm md5 set security ike proposal my ncp proposals encryption-algorithm aes-128-cbc set security ike proposal ncp-client authentication-method pre-shared-keys set security ike proposal ncp-client dh-group group2 set security ike proposal ncp-client authentication-algorithm md5 set security ike proposal ncp-client encryption-algorithm aes-128-cbc set security ike policy ike ncp client mode aggressive set security ike policy ike ncp client proposals my ncp proposals set security ike policy ike ncp client pre-shared-key ascii-text <key> set security ike gateway ncp test ike-policy ike ncp client set security ike gateway ncp test dynamic user-at-hostname "vpnuser@wsa.local" set security ike gateway ncp test dynamic ike-user-type shared-ike-id set security ike gateway ncp test external-interface ge-0/0/0.0 set security ike gateway ncp test aaa access-profile ldap-users * set security ike gateway ncp test version v1-only set security ike gateway ncp test tcp-encap-profile ssl-vpn * You can change this to profile local-users to authenticate the users locally instead of against LDAP
4 Comments - no search term matches found in comments.
When troubleshooting a 128T router or conductor it is best to understand the intent of the configuration so you can know where to look to resolve the issues. However, when you issue a show config running or show config candidate or view the configuration using the Configuration Explorer ,...
How to Read a 128T Configuration.pdf
1 Comment - no search term matches found in comments.
See matching posts in thread - Currently I use the following command to fetch a...