- play_arrow Overview
- play_arrow Junos XML Management Protocol and Junos XML API Overview
- play_arrow Junos XML Protocol and Junos XML Tags Overview
- XML and Junos OS Overview
- XML Overview
- XML and Junos XML Management Protocol Conventions Overview
- Map Junos OS Commands and Command Output to Junos XML Tag Elements
- Map Configuration Statements to Junos XML Tag Elements
- Using Configuration Response Tag Elements in Junos XML Protocol Requests and Configuration Changes
- play_arrow Junos XML Protocol and JSON Overview
-
- play_arrow Manage Junos XML Protocol Sessions
- play_arrow Junos XML Protocol Session Overview
- play_arrow Manage Junos XML Protocol Sessions
- Satisfy the Prerequisites for Establishing a Connection to the Junos XML Protocol Server
- Configure clear-text or SSL Service for Junos XML Protocol Client Applications
- Connect to the Junos XML Protocol Server
- Start a Junos XML Protocol Session
- Authenticate with the Junos XML Protocol Server for Cleartext or SSL Connections
- Send Requests to the Junos XML Protocol Server
- Parse the Junos XML Protocol Server Response
- Parse Response Tag Elements Using a Standard API in NETCONF and Junos XML Protocol Sessions
- How Character Encoding Works on Juniper Networks Devices
- Handle an Error or Warning in Junos XML Protocol Sessions
- Halt a Request in Junos XML Protocol Sessions
- Lock, Unlock, or Create a Private Copy of the Candidate Configuration Using the Junos XML Protocol
- Terminate a Junos XML Protocol Session
- End a Junos XML Protocol Session and Close the Connection
- Sample Junos XML Protocol Session
- play_arrow Junos XML Protocol Tracing Operations
- play_arrow Junos XML Protocol Operations
- play_arrow Junos XML Protocol Processing Instructions
- play_arrow Junos XML Protocol Response Tags
- play_arrow Junos XML Element Attributes
- active
- count
- delete
- inactive
- insert
- junos:changed
- junos:changed-localtime
- junos:changed-seconds
- junos:commit-localtime
- junos:commit-seconds
- junos:commit-user
- junos:group
- junos:interface-range
- junos:key
- junos:position
- junos:total
- matching
- protect
- recurse
- rename
- replace
- replace-pattern
- start
- unprotect
- xmlns
-
- play_arrow Request Operational and Configuration Information Using the Junos XML Protocol
- play_arrow Request Operational Information Using the Junos XML Protocol
- play_arrow Request Configuration Information Using the Junos XML Protocol
- Request Configuration Data Using the Junos XML Protocol
- Specify the Source for Configuration Information Requests in a Junos XML Protocol Session
- Specify the Output Format for Configuration Data in a Junos XML Protocol Session
- Request Commit-Script-Style XML Configuration Data Using the Junos XML Protocol
- Specify the Output Format for Configuration Groups and Interface Ranges Using the Junos XML Protocol
- Request Identifier Indicators for Configuration Elements Using the Junos XML Protocol
- Request Change Indicators for Configuration Elements Using the Junos XML Protocol
- Specify the Scope of Configuration Data to Return in a Junos XML Protocol Session
- Request the Complete Configuration Using the Junos XML Protocol
- Request a Configuration Hierarchy Level or Container Object Without an Identifier Using the Junos XML Protocol
- Request All Configuration Objects of a Specific Type Using the Junos XML Protocol
- Request a Specific Number of Configuration Objects Using the Junos XML Protocol
- Request Identifiers for Configuration Objects of a Specific Type Using the Junos XML Protocol
- Request a Single Configuration Object Using the Junos XML Protocol
- Request Subsets of Configuration Objects Using Regular Expressions
- Request Multiple Configuration Elements Using the Junos XML Protocol
- Retrieve a Previous (Rollback) Configuration Using the Junos XML Protocol
- Retrieve the Rescue Configuration Using the Junos XML Protocol
- Compare the Active or Candidate Configuration to a Prior Version Using the Junos XML Protocol
- Compare Two Previous (Rollback) Configurations Using the Junos XML Protocol
- Request an XML Schema for the Configuration Hierarchy Using the Junos XML Protocol
-
- play_arrow Junos XML Protocol Utilities
- play_arrow Develop Junos XML Protocol C Client Applications
-
- play_arrow Configuration Statements and Operational Commands
Protect or Unprotect a Configuration Object Using the Junos XML Protocol
The protect
attribute prevents changes to selected configuration
hierarchies and statements. You cannot alter a protected element either manually
through the CLI or automatically using commit scripts or remote procedure calls. If
you attempt to make configuration changes to a protected statement or within a
protected hierarchy, the device issues a warning, and the configuration change
fails.
If a configuration hierarchy or statement is protected, users cannot perform the following activities:
Delete or modify the hierarchy or a statement or identifier within the protected hierarchy (Deletion of an unprotected hierarchy that contains protected elements deletes all unprotected child elements and preserves all protected child elements.)
Insert a new configuration statement or an identifier within the protected hierarchy
Rename the protected statement or a statement or identifier within the protected hierarchy
Copy a configuration into the protected hierarchy
Activate or deactivate the protected statements or statements within the protected hierarchy
Annotate the protected statement or hierarchy, or statements within the protected hierarchy
If you protect a configuration statement or hierarchy that does not exist, the device first creates the configuration element and then protects it. If you unprotect a statement or element that is not protected, no action is taken.
You can identify protected elements when you display the configuration. Table 1 describes how you identify protected elements for configuration data in different formats.
Format | Identifier |
---|---|
Configuration mode commands | The |
JSON | Protected hierarchies and statements include the
|
Text | Protected elements are preceded by |
XML | The opening tag of the protected element contains the
|
A user or client application must have permission to modify the configuration in order to protect or unprotect configuration objects.
In a NETCONF or Junos XML protocol session with a Junos device, to protect a configuration element from changes or to unprotect a previously protected element, a client application first includes the tag elements described in Creating, Modifying, or Deleting Configuration Elements Using the Junos XML Protocol.
XML
When using Junos XML tag elements to represent the configuration, the client
application includes the protect="protect"
or
unprotect="unprotect"
attribute in the object’s opening tag.
The application includes any necessary identifier tag element. In the following
sample RPC, the identifier tag element is called <name>
:
<configuration> <!-- opening tag for each parent of the object --> <object (protect="protect" | unprotect="unprotect")> <name>identifier</name> </object> <!-- closing tag for each parent of the object --> </configuration>
In a YANG-compliant NETCONF session, you can protect or unprotect a configuration
element in XML data by including the
xmlns:jcmd="http://yang.juniper.net/junos/jcmd"
and
jcmd:protect="(true | false)"
attributes in the tag
element. For more information, see YANG Metadata Annotations for Junos Devices.
Text
When using formatted ASCII text to protect or unprotect an object, the application
precedes the element with the protect:
or
unprotect:
operator as appropriate. If you are protecting a
hierarchy level and no additional child elements under that hierarchy, add a
semicolon after the element statement.
<configuration-text> /* statements for parent levels */ /* For an object with an identifier */ (protect: | unprotect:) object identifier { /* Child configuration statements */ } /* For a hierarchy level or object without an identifier */ (protect: | unprotect:) element { /* Child configuration statements */ } /* closing braces for parent levels */ </configuration-text>
Configuration Mode (Set) Commands
When using configuration mode commands to protect an object, the application
specifies the protect
or unprotect
command
equivalent to the CLI configuration mode command. You can protect both hierarchies
and individual statements.
<configuration-set> (protect | unprotect) statement-path-to-hierarchy (protect | unprotect) statement-path-to-object object identifier </configuration-set>
JSON
When using JSON configuration data to represent the configuration, the client
application protects or unprotects an object by including the appropriate attribute
in the attribute list of the object. The client includes the
"protect" : true
attribute to protect the object and includes
either the "protect" : false
or "unprotect" : true
attribute to unprotect the object. To protect or unprotect an object that has an
identifier, the client also includes the identifier for the object.
The following generic JSON configuration indicates the placement of the attribute when protecting a hierarchy, an object that has an identifier, and a leaf statement.
<configuration-json> { "configuration" : { /* JSON objects for parent hierarchies */ "hierarchy" : { "@" : { "comment" : "/* protect a hierarchy */" , "protect" : true }, "object" : [ { "@" : { "comment" : "/* protect an object with an identifier */" , "protect" : true }, "name" : "identifier", "@statement-name" : { "comment" : "/* protect a statement */" , "protect" : true } } ] } /* closing braces for parent hierarchies */ } } </configuration-json>
In Junos OS configuration data that is represented using JSON, the value for the
"protect"
and "unprotect"
attribute is
type Boolean, which is expressed in lowercase and is not enclosed in quotes.
In a YANG-compliant NETCONF session, you can protect or unprotect a configuration
object in JSON data by including the
"junos-configuration-metadata:protect" : (true | false)
annotation in the statement's metadata object. For more information, see YANG Metadata Annotations for Junos Devices.
The following example protects the [edit access]
hierarchy level of
the configuration using Junos XML tag elements:
<rpc> <load-configuration> <configuration> <access protect="protect"/> </configuration> </load-configuration> </rpc>
Once protected, any attempt to modify the [edit access]
hierarchy
level produces a warning. The following RPC attempts to delete the [edit
access]
hierarchy level. Because that hierarchy level is protected, the
server returns a warning that the hierarchy is protected, and the configuration
change fails.
<rpc> <load-configuration> <configuration> <access delete="delete"/> </configuration> </load-configuration> </rpc> <xnm:warning xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm"> <message> [access] is protected, 'access' cannot be deleted </message> </xnm:warning>