Simple Junos Commit Script

Here is a simple junos commit script that checks if a given interface is assigned to trust zone or not. It is very basic of course but can be extended using junos automation reference documents.

/* basic-sanity-check.slax */
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";

match configuration {
if(jcs:empty(security/zones/security-zone[name == "trust"]/interfaces[name=="ge-0/0/0.0"])) {
   <xnm:error> {
   <message> "Management interface must be in trust zone";
   }
 }

}

Once you create this script place it under /var/db/scripts/commit/test.slax

Then enable it via cli in the configuration

junos#set system scripts commit file test.slax

You will see that if the interface ge-0/0/0.0 isn’t assigned to the trust zone you will receive the error message in <message> tag.

If you want to take a look at some more examples you can take a look at junos script library

About: rtoodtoo

Genco has worked for more than 10 years as a Network/Support Engineer. He is also interested in Python, Linux, Security and SD-WAN, currently lives in the Netherlands and works as a Network Support Engineer at Tesla Inc. // JNCIE-SEC #223 / RHCE / PCNSE


You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.