Navigation
Supported Platforms
Example: Loading a Base Configuration
This commit script example sets up a sample base configuration on a device running Junos OS.
Requirements
This example uses a device running Junos OS.
Overview and Commit Script
This script is a macro that sets up a device running Junos OS with a sample base configuration. With minimal manual user input, the script automatically configures:
- A device hostname
- Authentication services
- A superuser login
- System log settings
- Some SNMP settings
- System services, such as FTP and Telnet
- Static routes and a policy to redistribute the static routes
- Configuration groups re0 and re1
- An address for the management Ethernet interface (fxp0)
- The loopback interface (lo0) with the device ID as the loopback address
The example script is shown in both XSLT and SLAX syntax:
XSLT Syntax
<?xml version="1.0" standalone="yes"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:junos="http://xml.juniper.net/junos/*/junos"
xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm"
xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0">
<xsl:import href="../import/junos.xsl"/>
<xsl:variable name="macro-name" select="'config-system.xsl'"/>
<xsl:template match="configuration">
<xsl:variable name="rid" select="routing-options/router-id"/>
<xsl:for-each select="apply-macro[name = 'config-system']">
<xsl:variable name="hostname" select="data[name =
'host-name']/value"/>
<xsl:variable name="fxp0-addr" select="data[name =
'mgmt-address']/value"/>
<xsl:variable name="backup-router" select="data[name =
'backup-router']/value"/>
<xsl:variable name="bkup-rtr">
<xsl:choose>
<xsl:when test="$backup-router">
<xsl:value-of select="$backup-router"/>
</xsl:when>
<xsl:otherwise>
<xsl:variable name="fxp01" select="substring-before($fxp0-addr,
'.')"/>
<xsl:variable name="fxp02"
select="substring-before(substring-after($fxp0-addr, '.'), '.')"/>
<xsl:variable name="fxp03"
select="substring-before(substring-after(substring-after(
$fxp0-addr, '.'), '.'), '.')"/>
<xsl:variable name="plen" select="substring-after($fxp0-addr, '/')"/>
<xsl:choose>
<xsl:when test="$plen = 22">
<xsl:value-of select="concat($fxp01, '.', $fxp02, '.', $fxp03 div
4 * 4 + 3, '.254')"/>
</xsl:when>
<xsl:when test="$plen = 24">
<xsl:value-of select="concat($fxp01, '.', $fxp02, '.', $fxp03,
'.254')"/>
</xsl:when>
</xsl:choose>
</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:choose>
<xsl:when test="not($rid) or not($hostname) or not($fxp0-addr)">
<xnm:error>
<message>
Must set router ID, host-name and mgmt-address to use this script.
</message>
</xnm:error>
</xsl:when>
<xsl:otherwise>
<transient-change>
<system>
<!-- Set the following -->
<domain-name>your-domain.net</domain-name>
<domain-search>domain.net</domain-search>
<backup-router>
<address><xsl:value-of select="$bkup-rtr"/></address>
</backup-router>
<time-zone>America/Los_Angeles</time-zone>
<authentication-order>radius</authentication-order>
<authentication-order>password</authentication-order>
<root-authentication>
<encrypted-password>
$1$Q3CG88jZ$.qhPUZaHdaIMWF2CvxKTe0
</encrypted-password>
</root-authentication>
<name-server>
<name>192.168.5.68</name>
</name-server>
<name-server>
<name>172.17.28.100</name>
</name-server>
<radius-server>
<name>192.168.170.241</name>
<secret>
$9$4xoDk5T3n/AHkmTQFCA0BIclKWL7sgaRh-bs4GU
</secret>
</radius-server>
<radius-server>
<name>192.168.4.240</name>
<secret>
$9$TQ/t1IcSrKAt0IRheK8X7VYgaZDm5zNdiqmTn6
</secret>
</radius-server>
<login>
<class>
<permissions>all</permissions>
</class>
<user>
<name>johnny</name>
<uid>928</uid>
<class>superuser</class>
<authentication>
<encrypted-password>
$1$kPU..$w.4FGRAGanJ8U4Yq6sbj7.
</encrypted-password>
</authentication>
</user>
</login>
<services>
<finger/>
<ftp/>
<ssh/>
<telnet/>
<xnm-clear-text/>
</services>
<syslog>
<user>
<name>*</name>
<contents>
<name>any</name>
<emergency/>
</contents>
</user>
<host>
<name>host1</name>
<contents>
<name>any</name>
<notice/>
</contents>
<contents>
<name>interactive-commands</name>
<any/>
</contents>
</host>
<file>
<name>messages</name>
<contents>
<name>any</name>
<notice/>
</contents>
<contents>
<name>any</name>
<warning/>
</contents>
<contents>
<name>authorization</name>
<info/>
</contents>
<archive>
<world-readable/>
</archive>
</file>
<file>
<name>security</name>
<contents>
<name>interactive-commands</name>
<any/>
</contents>
<archive>
<world-readable/>
</archive>
</file>
</syslog>
<processes>
<routing>
<undocumented><enable/></undocumented>
</routing>
<snmp>
<undocumented><enable/></undocumented>
</snmp>
<ntp>
<undocumented><enable/></undocumented>
</ntp>
<inet-process>
<undocumented><enable/></undocumented>
</inet-process>
<mib-process>
<undocumented><enable/></undocumented>
</mib-process>
<undocumented><management><enable/>
</undocumented></management>
<watchdog>
<enable/>
</watchdog>
</processes>
<ntp>
<boot-server>domain.net</boot-server>
<server>
<name>domainr.net</name>
</server>
</ntp>
</system>
<snmp>
<location>Software lab</location>
<contact>Michael Landon</contact>
<interface>fxp0.0</interface>
<community>
<name>public</name>
<authorization>read-only</authorization>
<clients>
<name>0.0.0.0/0</name>
<restrict/>
</clients>
<clients>
<name>192.168.1.252/32</name>
</clients>
<clients>
<name>10.197.169.222/32</name>
</clients>
<clients>
<name>10.197.169.188/32</name>
</clients>
<clients>
<name>10.197.169.193/32</name>
</clients>
<clients>
<name>192.168.65.46/32</name>
</clients>
<clients>
<name>10.209.152.0/23</name>
</clients>
</community>
<community>
<name>private</name>
<authorization>read-write</authorization>
<clients>
<name>0.0.0.0/0</name>
<restrict/>
</clients>
<clients>
<name>10.197.169.188/32</name>
</clients>
</community>
</snmp>
<routing-options>
<static>
<junos:comment>/* safety precaution */</junos:comment>
<route>
<name>0.0.0.0/0</name>
<discard/>
<retain/>
<no-readvertise/>
</route>
<junos:comment>/* corporate net */</junos:comment>
<route>
<name>172.16.0.0/12</name>
<next-hop><xsl:value-of select="$bkup-rtr"/></next-hop>
<retain/>
<no-readvertise/>
</route>
<junos:comment>/* lab nets */</junos:comment>
<route>
<name>192.168.0.0/16</name>
<next-hop><xsl:value-of select="$bkup-rtr"/></next-hop>
<retain/>
<no-readvertise/>
</route>
<junos:comment>/* reflector */</junos:comment>
<route>
<name>10.17.136.192/32</name>
<next-hop><xsl:value-of select="$bkup-rtr"/></next-hop>
<retain/>
<no-readvertise/>
</route>
<junos:comment>/* another lab1*/</junos:comment>
<route>
<name>10.10.0.0/16</name>
<next-hop><xsl:value-of select="$bkup-rtr"/></next-hop>
<retain/>
<no-readvertise/>
</route>
<junos:comment>/* ssh servers */</junos:comment>
<route>
<name>10.17.136.0/24</name>
<next-hop><xsl:value-of select="$bkup-rtr"/></next-hop>
<retain/>
<no-readvertise/>
</route>
<junos:comment>/* Workstations */</junos:comment>
<route>
<name>10.150.0.0/16</name>
<next-hop><xsl:value-of select="$bkup-rtr"/></next-hop>
<retain/>
<no-readvertise/>
</route>
<junos:comment>/* Hosts */</junos:comment>
<route>
<name>10.157.64.0/19</name>
<next-hop><xsl:value-of select="$bkup-rtr"/></next-hop>
<retain/>
<no-readvertise/>
</route>
<junos:comment>/* Build Servers */</junos:comment>
<route>
<name>10.10.0.0/16</name>
<next-hop><xsl:value-of select="$bkup-rtr"/></next-hop>
<retain/>
<no-readvertise/>
</route>
</static>
</routing-options>
<policy-options>
<policy-statement>
<name>redist</name>
<from>
<protocol>static</protocol>
</from>
<then>
<accept/>
</then>
</policy-statement>
</policy-options>
<apply-groups>re0</apply-groups>
<apply-groups>re1</apply-groups>
<groups>
<name>re0</name>
<system>
<host-name>
<xsl:value-of select="$hostname"/></host-name>
</system>
<interfaces>
<interface>
<name>fxp0</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>
<xsl:value-of select="$fxp0-addr"/>
</name>
</address>
</inet>
</family>
</unit>
</interface>
</interfaces>
</groups>
<groups>
<name>re1</name>
</groups>
<interfaces>
<interface>
<name>lo0</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name><xsl:value-of select="$rid"/></name>
</address>
</inet>
</family>
</unit>
</interface>
</interfaces>
</transient-change>
</xsl:otherwise>
</xsl:choose>
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>
SLAX Syntax
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
var $macro-name = 'config-system.xsl';
match configuration {
var $rid = routing-options/router-id;
for-each (apply-macro[name = 'config-system']) {
var $hostname = data[name = 'host-name']/value;
var $fxp0-addr = data[name = 'mgmt-address']/value;
var $backup-router = data[name = 'backup-router']/value;
var $bkup-rtr = {
if ($backup-router) {
expr $backup-router;
}
else {
var $fxp01 = substring-before($fxp0-addr, '.');
var $fxp02 = substring-before(substring-after($fxp0-addr, '.'), '.');
var $fxp03 = substring-before(substring-after(substring-after(
$fxp0- addr, '.'), '.'), '.');
var $plen = substring-after($fxp0-addr, '/');
if ($plen = 22) {
expr $fxp01 _ '.' _ $fxp02 _ '.' _ $fxp03 div 4 * 4 + 3 _ '.254';
}
else if ($plen = 24) {
expr $fxp01 _ '.' _ $fxp02 _ '.' _ $fxp03 _ '.254';
}
}
}
if (not($rid) or not($hostname) or not($fxp0-addr)) {
<xnm:error> {
<message> "Must set router ID, host-name, and mgmt-address to use
this script.";
}
}
else {
<transient-change> {
<system> {
/* Set the following */
<domain-name> "your-domain.net";
<domain-search> "domain.net";
<backup-router> {
<address> $bkup-rtr;
}
<time-zone> "America/Los_Angeles";
<authentication-order> "radius";
<authentication-order> "password";
<root-authentication> {
<encrypted-password>
"$1$Q3CG88jZ$.qhPUZaHdaIMWF2CvxKTe0";
}
<name-server> {
<name> "192.168.5.68";
}
<name-server> {
<name> "172.17.28.100";
}
<radius-server> {
<name> "192.168.170.241";
<secret> "$9$4xoDk5T3n/AHkmTQFCA0BIclKWL7sgaRh-bs4GU";
}
<radius-server> {
<name> "192.168.4.240";
<secret> "$9$TQ/t1IcSrKAt0IRheK8X7VYgaZDm5zNdiqmTn6";
}
<login> {
<class> {
<permissions> "all";
}
<user> {
<name> "johnny";
<uid> "928";
<class> "superuser";
<authentication> {
<encrypted-password>"$1$kPU..$w.4FGRAGanJ8U4Yq6sbj7.";
}
}
}
<services> {
<finger>;
<ftp>;
<ssh>;
<telnet>;
<xnm-clear-text>;
}
<syslog> {
<user> {
<name> "*";
<contents> {
<name> "any";
<emergency>;
}
}
<host> {
<name> "host1";
<contents> {
<name> "any";
<notice>;
}
<contents> {
<name> "interactive-commands";
<any>;
}
}
<file> {
<name> "messages";
<contents> {
<name> "any";
<notice>;
}
<contents> {
<name> "any";
<warning>;
}
<contents> {
<name> "authorization";
<info>;
}
<archive> {
<world-readable>;
}
}
<file> {
<name> "security";
<contents> {
<name> "interactive-commands";
<any>;
}
<archive> {
<world-readable>;
}
}
}
<processes> {
<routing> {
<undocumented><enable>;
}
<snmp> {
<undocumented><enable>;
}
<ntp> {
<undocumented><enable>;
}
<inet-process> {
<undocumented> <enable>;
}
<mib-process> {
<undocumented> <enable>;
}
<undocumented><management> {
<enable>;
}
<watchdog> {
<enable>;
}
<ntp> {
<boot-server> "domain.net";
<server> {
<name> "domainr.net";
}
}
}
<snmp> {
<location> "Software lab";
<contact> "Michael Landon";
<interface> "fxp0.0";
<community> {
<name> "public";
<authorization> "read-only";
<clients> {
<name> "0.0.0.0/0";
<restrict>;
}
<clients> {
<name> "192.168.1.252/32";
}
<clients> {
<name> "10.197.169.222/32";
}
<clients> {
<name> "10.197.169.188/32";
}
<clients> {
<name> "10.197.169.193/32";
}
<clients> {
<name> "192.168.65.46/32";
}
<clients> {
<name> "10.209.152.0/23";
}
}
<community> {
<name> "private";
<authorization> "read-write";
<clients> {
<name> "0.0.0.0/0";
<restrict>;
}
<clients> {
<name> "10.197.169.188/32";
}
}
}
<routing-options> {
<static> {
<junos:comment> "/* safety precaution */";
<route> {
<name> "0.0.0.0/0";
<discard>;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* corporate net */";
<route> {
<name> "172.16.0.0/12";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* lab nets */";
<route> {
<name> "192.168.0.0/16";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* reflector */";
<route> {
<name> "10.17.136.192/32";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* another lab1*/";
<route> {
<name> "10.10.0.0/16";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* ssh servers */";
<route> {
<name> "10.17.136.0/24";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* Workstations */";
<route> {
<name> "10.150.0.0/16";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* Hosts */";
<route> {
<name> "10.157.64.0/19";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* Build Servers */";
<route> {
<name> "10.10.0.0/16";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
}
}
<policy-options> {
<policy-statement> {
<name> "redist";
<from> {
<protocol> "static";
}
<then> {
<accept>;
}
}
}
<apply-groups> "re0";
<apply-groups> "re1";
<groups> {
<name> "re0";
<system> {
<host-name> $hostname;
}
<interfaces> {
<interface> {
<name> "fxp0";
<unit> {
<name> "0";
<family> {
<inet> {
<address> {
<name> $fxp0-addr;
}
}
}
}
}
}
}
<groups> {
<name> "re1";
}
<interfaces> {
<interface> {
<name> "lo0";
<unit> {
<name> "0";
<family> {
<inet> {
<address> {
<name> $rid;
}
}
}
}
}
}
}
}
}
}
Configuration
Step-by-Step Procedure
To download, enable, and test the script:
- Copy the XSLT or SLAX script into a text file, name the
file
config-system.xslorconfig-system.slaxas appropriate, and copy it to the/var/db/scripts/commit/directory on the device. - The host-name and mgmt-address statements are mandatory. The backup-router statement is optional. You can substitute a hostname, a management Ethernet (fxp0) IP address, and a backup router IP address that are appropriate for your device.
Select the following test configuration stanzas, and press Ctrl+c to copy them to the clipboard.
If you are using the SLAX version of the script, change the filename at the [edit system scripts commit file] hierarchy level to
config-system.slax.system {scripts {commit {allow-transients;file config-system.xsl;}}}apply-macro config-system {host-name test;mgmt-address 10.0.0.1/32;backup-router 10.0.0.2;} In configuration mode, issue the load merge terminal command to merge the stanzas into your device configuration.
[edit]user@host# load merge terminal[Type ^D at a new line to end input]... Paste the contents of the clipboard here ...- At the prompt, paste the contents of the clipboard by using the mouse and the paste icon.
- Press Enter.
- Press Ctrl+d.
Issue the commit command to commit the configuration.
user@host# commit
Verification
Verifying the Configuration
Purpose
Verify that the script behaves as expected.
Action
After committing the configuration, issue the show | display commit-scripts configuration mode command to view the device base configuration.
user@host# show | display commit-scripts...
