Supported Platforms
Related Documentation
- EX, J, M, MX, T Series
- Specifying Access Privileges for Junos OS Configuration Mode Hierarchies
- QFabric System, QFX Series standalone switches
- Specifying Access Privileges for Junos OS Configuration Mode Hierarchies
Regular Expressions for Allowing and Denying Junos OS Configuration Mode Hierarchies
Use extended regular expressions to specify which configuration mode hierarchies are denied or allowed. You specify these regular expressions in the allow/deny-configuration-regexps and allow/deny-configuration statements at the [edit system login class] hierarchy level, or by specifying Juniper Networks vendor-specific TACACS+ or RADIUS attributes in your authentication server’s configuration. If regular expressions are received during TACACS+ or RADIUS authentication, they merge with any regular expressions configured on the local router or switch.
Table 1 lists common regular expression operators that you can use for allowing or denying configuration mode .
Command regular expressions implement the extended (modern) regular expressions, as defined in POSIX 1003.2.
Table 1: Configuration Mode Hierarchies—Common Regular Expression Operators
Operator | Match |
|---|---|
| | One of two or more terms separated by the pipe. Each term must be a complete standalone expression enclosed in parentheses ( ), with no spaces between the pipe and the adjacent parentheses. For example, (show system alarms)|(show system software). |
^ | At the beginning of an expression, used to denote where the command begins, where there might be some ambiguity. |
$ | Character at the end of a command. Used to denote a command that must be matched exactly up to that point. For example, allow-commands "show interfaces$" means that the user can issue the show interfaces command but cannot issue show interfaces detail or show interfaces extensive. |
[ ] | Range of letters or digits. To separate the start and end of a range, use a hyphen ( - ). |
( ) | A group of commands, indicating a complete, standalone expression to be evaluatedhe result is then evaluated as part of the overall expression. Parentheses must be used in conjunction with pipe operators as explained . |
* | Zero or more terms. |
+ | One or more terms. |
. | Any character except for a space " ". |
Related Documentation
- EX, J, M, MX, T Series
- Specifying Access Privileges for Junos OS Configuration Mode Hierarchies
- QFabric System, QFX Series standalone switches
- Specifying Access Privileges for Junos OS Configuration Mode Hierarchies
Published: 2014-07-23
Supported Platforms
Related Documentation
- EX, J, M, MX, T Series
- Specifying Access Privileges for Junos OS Configuration Mode Hierarchies
- QFabric System, QFX Series standalone switches
- Specifying Access Privileges for Junos OS Configuration Mode Hierarchies
