RtoDto.net
Network/Security/Programming

Simple Junos Commit Script

rtoodtoo junos, junos-automation August 29, 2011

Here is a simple junos commit script that checks if a given interface is assigned to trust zone or not. It is very basic of course but can be extended using junos automation reference documents.

/* basic-sanity-check.slax */
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";

match configuration {
if(jcs:empty(security/zones/security-zone[name == "trust"]/interfaces[name=="ge-0/0/0.0"])) {
    {
    "Management interface must be in trust zone";
   }
 }

}

Once you create this script place it under /var/db/scripts/commit/test.slax

Then enable it via cli in the configuration

junos#set system scripts commit file test.slax

You will see that if the interface ge-0/0/0.0 isn’t assigned to the trust zone you will receive the error message in <message> tag.

If you want to take a look at some more examples you can take a look at junos script library

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

You have a feedback?

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading