Example: Load a Base Configuration
This commit script example sets up a sample base configuration on a device running Junos OS.
Requirements
This example uses a device running Junos OS.
Overview and Commit Script
This script is a macro that sets up a device running Junos OS with a sample base configuration. With minimal manual user input, the script automatically configures:
A device hostname
Authentication services
A superuser login
System log settings
Some SNMP settings
System services, such as FTP and Telnet
Static routes and a policy to redistribute the static routes
Configuration groups
re0andre1An address for the management Ethernet interface (fxp0)
The loopback interface (lo0) with the device ID as the loopback address
The example script is shown in both XSLT and SLAX syntax:
XSLT Syntax
<?xml version="1.0" standalone="yes"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:junos="http://xml.juniper.net/junos/*/junos" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm" xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0"> <xsl:import href="../import/junos.xsl"/> <xsl:variable name="macro-name" select="'config-system.xsl'"/> <xsl:template match="configuration"> <xsl:variable name="rid" select="routing-options/router-id"/> <xsl:for-each select="apply-macro[name = 'config-system']"> <xsl:variable name="hostname" select="data[name = 'host-name']/value"/> <xsl:variable name="fxp0-addr" select="data[name = 'mgmt-address']/value"/> <xsl:variable name="backup-router" select="data[name = 'backup-router']/value"/> <xsl:variable name="bkup-rtr"> <xsl:choose> <xsl:when test="$backup-router"> <xsl:value-of select="$backup-router"/> </xsl:when> <xsl:otherwise> <xsl:variable name="fxp01" select="substring-before($fxp0-addr, '.')"/> <xsl:variable name="fxp02" select="substring-before(substring-after($fxp0-addr, '.'), '.')"/> <xsl:variable name="fxp03" select="substring-before(substring-after(substring-after( $fxp0-addr, '.'), '.'), '.')"/> <xsl:variable name="plen" select="substring-after($fxp0-addr, '/')"/> <xsl:choose> <xsl:when test="$plen = 22"> <xsl:value-of select="concat($fxp01, '.', $fxp02, '.', $fxp03 div 4 * 4 + 3, '.254')"/> </xsl:when> <xsl:when test="$plen = 24"> <xsl:value-of select="concat($fxp01, '.', $fxp02, '.', $fxp03, '.254')"/> </xsl:when> </xsl:choose> </xsl:otherwise> </xsl:choose> </xsl:variable> <xsl:choose> <xsl:when test="not($rid) or not($hostname) or not($fxp0-addr)"> <xnm:error> <message> Must set router ID, host-name and mgmt-address to use this script. </message> </xnm:error> </xsl:when> <xsl:otherwise> <transient-change> <system> <!-- Set the following --> <domain-name>your-domain.net</domain-name> <domain-search>domain.net</domain-search> <backup-router> <address><xsl:value-of select="$bkup-rtr"/></address> </backup-router> <time-zone>America/Los_Angeles</time-zone> <authentication-order>radius</authentication-order> <authentication-order>password</authentication-order> <root-authentication> <encrypted-password> $ABC123 </encrypted-password> </root-authentication> <name-server> <name>192.168.5.68</name> </name-server> <name-server> <name>172.17.28.100</name> </name-server> <radius-server> <name>192.168.170.241</name> <secret> $ABC123 </secret> </radius-server> <radius-server> <name>192.168.4.240</name> <secret> $ABC123 </secret> </radius-server> <login> <class> <permissions>all</permissions> </class> <user> <name>johnny</name> <uid>928</uid> <class>superuser</class> <authentication> <encrypted-password> $ABC123 </encrypted-password> </authentication> </user> </login> <services> <finger/> <ftp/> <ssh/> <telnet/> <xnm-clear-text/> </services> <syslog> <user> <name>*</name> <contents> <name>any</name> <emergency/> </contents> </user> <host> <name>host1</name> <contents> <name>any</name> <notice/> </contents> <contents> <name>interactive-commands</name> <any/> </contents> </host> <file> <name>messages</name> <contents> <name>any</name> <notice/> </contents> <contents> <name>any</name> <warning/> </contents> <contents> <name>authorization</name> <info/> </contents> <archive> <world-readable/> </archive> </file> <file> <name>security</name> <contents> <name>interactive-commands</name> <any/> </contents> <archive> <world-readable/> </archive> </file> </syslog> <processes> <routing> <undocumented><enable/></undocumented> </routing> <snmp> <undocumented><enable/></undocumented> </snmp> <ntp> <undocumented><enable/></undocumented> </ntp> <inet-process> <undocumented><enable/></undocumented> </inet-process> <mib-process> <undocumented><enable/></undocumented> </mib-process> <undocumented><management><enable/> </undocumented></management> <watchdog> <enable/> </watchdog> </processes> <ntp> <boot-server>domain.net</boot-server> <server> <name>domainr.net</name> </server> </ntp> </system> <snmp> <location>Software lab</location> <contact>Michael Landon</contact> <interface>fxp0.0</interface> <community> <name>public</name> <authorization>read-only</authorization> <clients> <name>0.0.0.0/0</name> <restrict/> </clients> <clients> <name>192.168.1.252/32</name> </clients> <clients> <name>10.197.169.222/32</name> </clients> <clients> <name>10.197.169.188/32</name> </clients> <clients> <name>10.197.169.193/32</name> </clients> <clients> <name>192.168.65.46/32</name> </clients> <clients> <name>10.209.152.0/23</name> </clients> </community> <community> <name>private</name> <authorization>read-write</authorization> <clients> <name>0.0.0.0/0</name> <restrict/> </clients> <clients> <name>10.197.169.188/32</name> </clients> </community> </snmp> <routing-options> <static> <junos:comment>/* safety precaution */</junos:comment> <route> <name>0.0.0.0/0</name> <discard/> <retain/> <no-readvertise/> </route> <junos:comment>/* corporate net */</junos:comment> <route> <name>172.16.0.0/12</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* lab nets */</junos:comment> <route> <name>192.168.0.0/16</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* reflector */</junos:comment> <route> <name>10.17.136.192/32</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* another lab1*/</junos:comment> <route> <name>10.10.0.0/16</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* ssh servers */</junos:comment> <route> <name>10.17.136.0/24</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* Workstations */</junos:comment> <route> <name>10.150.0.0/16</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* Hosts */</junos:comment> <route> <name>10.157.64.0/19</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* Build Servers */</junos:comment> <route> <name>10.10.0.0/16</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> </static> </routing-options> <policy-options> <policy-statement> <name>redist</name> <from> <protocol>static</protocol> </from> <then> <accept/> </then> </policy-statement> </policy-options> <apply-groups>re0</apply-groups> <apply-groups>re1</apply-groups> <groups> <name>re0</name> <system> <host-name> <xsl:value-of select="$hostname"/></host-name> </system> <interfaces> <interface> <name>fxp0</name> <unit> <name>0</name> <family> <inet> <address> <name> <xsl:value-of select="$fxp0-addr"/> </name> </address> </inet> </family> </unit> </interface> </interfaces> </groups> <groups> <name>re1</name> </groups> <interfaces> <interface> <name>lo0</name> <unit> <name>0</name> <family> <inet> <address> <name><xsl:value-of select="$rid"/></name> </address> </inet> </family> </unit> </interface> </interfaces> </transient-change> </xsl:otherwise> </xsl:choose> </xsl:for-each> </xsl:template> </xsl:stylesheet>
SLAX Syntax
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
var $macro-name = 'config-system.xsl';
match configuration {
var $rid = routing-options/router-id;
for-each (apply-macro[name = 'config-system']) {
var $hostname = data[name = 'host-name']/value;
var $fxp0-addr = data[name = 'mgmt-address']/value;
var $backup-router = data[name = 'backup-router']/value;
var $bkup-rtr = {
if ($backup-router) {
expr $backup-router;
}
else {
var $fxp01 = substring-before($fxp0-addr,'.');
var $fxp02 = substring-before(substring-after($fxp0-addr, '.'), '.');
var $fxp03 = substring-before(substring-after(substring-after(
$fxp0- addr, '.'), '.'), '.');
var $plen = substring-after($fxp0-addr, '/');
if ($plen = 22) {
expr $fxp01 _ '.' _ $fxp02 _ '.' _ $fxp03 div 4 * 4 + 3 _ '.254';
}
else if ($plen = 24) {
expr $fxp01 _ '.' _ $fxp02 _ '.' _ $fxp03 _ '.254';
}
}
}
if (not($rid) or not($hostname) or not($fxp0-addr)) {
<xnm:error> {
<message> "Must set router ID, host-name, and mgmt-address to use
this script.";
}
}
else {
<transient-change> {
<system> {
/* Set the following */
<domain-name> "your-domain.net";
<domain-search> "domain.net";
<backup-router> {
<address> $bkup-rtr;
}
<time-zone> "America/Los_Angeles";
<authentication-order> "radius";
<authentication-order> "password";
<root-authentication> {
<encrypted-password>
"$ABC123";
}
<name-server> {
<name> "192.168.5.68";
}
<name-server> {
<name> "172.17.28.100";
}
<radius-server> {
<name> "192.168.170.241";
<secret> "$ABC123";
}
<radius-server> {
<name> "192.168.4.240";
<secret> "$ABC123";
}
<login> {
<class> {
<permissions> "all";
}
<user> {
<name> "johnny";
<uid> "928";
<class> "superuser";
<authentication> {
<encrypted-password>"$ABC123";
}
}
}
<services> {
<finger>;
<ftp>;
<ssh>;
<telnet>;
<xnm-clear-text>;
}
<syslog> {
<user> {
<name> "*";
<contents> {
<name> "any";
<emergency>;
}
}
<host> {
<name> "host1";
<contents> {
<name> "any";
<notice>;
}
<contents> {
<name> "interactive-commands";
<any>;
}
}
<file> {
<name> "messages";
<contents> {
<name> "any";
<notice>;
}
<contents> {
<name> "any";
<warning>;
}
<contents> {
<name> "authorization";
<info>;
}
<archive> {
<world-readable>;
}
}
<file> {
<name> "security";
<contents> {
<name> "interactive-commands";
<any>;
}
<archive> {
<world-readable>;
}
}
}
<processes> {
<routing> {
<undocumented><enable>;
}
<snmp> {
<undocumented><enable>;
}
<ntp> {
<undocumented><enable>;
}
<inet-process> {
<undocumented> <enable>;
}
<mib-process> {
<undocumented> <enable>;
}
<undocumented><management> {
<enable>;
}
<watchdog> {
<enable>;
}
<ntp> {
<boot-server> "domain.net";
<server> {
<name> "domainr.net";
}
}
}
<snmp> {
<location> "Software lab";
<contact> "Michael Landon";
<interface> "fxp0.0";
<community> {
<name> "public";
<authorization> "read-only";
<clients> {
<name> "0.0.0.0/0";
<restrict>;
}
<clients> {
<name> "192.168.1.252/32";
}
<clients> {
<name> "10.197.169.222/32";
}
<clients> {
<name> "10.197.169.188/32";
}
<clients> {
<name> "10.197.169.193/32";
}
<clients> {
<name> "192.168.65.46/32";
}
<clients> {
<name> "10.209.152.0/23";
}
}
<community> {
<name> "private";
<authorization> "read-write";
<clients> {
<name> "0.0.0.0/0";
<restrict>;
}
<clients> {
<name> "10.197.169.188/32";
}
}
}
<routing-options> {
<static> {
<junos:comment> "/* safety precaution */";
<route> {
<name> "0.0.0.0/0";
<discard>;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* corporate net */";
<route> {
<name> "172.16.0.0/12";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* lab nets */";
<route> {
<name> "192.168.0.0/16";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* reflector */";
<route> {
<name> "10.17.136.192/32";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* another lab1*/";
<route> {
<name> "10.10.0.0/16";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* ssh servers */";
<route> {
<name> "10.17.136.0/24";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* Workstations */";
<route> {
<name> "10.150.0.0/16";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* Hosts */";
<route> {
<name> "10.157.64.0/19";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
<junos:comment> "/* Build Servers */";
<route> {
<name> "10.10.0.0/16";
<next-hop> $bkup-rtr;
<retain>;
<no-readvertise>;
}
}
}
<policy-options> {
<policy-statement> {
<name> "redist";
<from> {
<protocol> "static";
}
<then> {
<accept>;
}
}
}
<apply-groups> "re0";
<apply-groups> "re1";
<groups> {
<name> "re0";
<system> {
<host-name> $hostname;
}
<interfaces> {
<interface> {
<name> "fxp0";
<unit> {
<name> "0";
<family> {
<inet> {
<address> {
<name> $fxp0-addr;
}
}
}
}
}
}
}
<groups> {
<name> "re1";
}
<interfaces> {
<interface> {
<name> "lo0";
<unit> {
<name> "0";
<family> {
<inet> {
<address> {
<name> $rid;
}
}
}
}
}
}
}
}
}
}Configuration
Procedure
Step-by-Step Procedure
To download, enable, and test the script:
Copy the script into a text file, name the file config-system.xsl or config-system.slax as appropriate, and copy it to the /var/db/scripts/commit/ directory on the device.
Select the following test configuration stanzas, and press Ctrl+c to copy them to the clipboard.
If you are using the SLAX version of the script, change the filename at the
[edit system scripts commit file]hierarchy level to config-system.slax.system { scripts { commit { allow-transients; file config-system.xsl; } } } apply-macro config-system { host-name test; mgmt-address 10.0.0.1/32; backup-router 10.0.0.2; }The
host-nameandmgmt-addressstatements are mandatory. Thebackup-routerstatement is optional. You can substitute a hostname, a management Ethernet (fxp0) IP address, and a backup router IP address that are appropriate for your device.In configuration mode, issue the
load merge terminalcommand to merge the stanzas into your device configuration.[edit] user@host# load merge terminal [Type ^D at a new line to end input] ... Paste the contents of the clipboard here ...
At the prompt, paste the contents of the clipboard by using the mouse and the paste icon.
Press Enter.
Press Ctrl+d.
Commit the configuration.
user@host# commit