示例:加载基本配置
此 commit 脚本示例在运行 Junos OS 的设备上设置一个示例基础配置。
要求
此示例使用运行 Junos OS 的设备。
概述和提交脚本
此脚本是一个宏,用于通过示例基本配置设置运行 Junos OS 的设备。脚本只需极少的手动用户输入, 即可自动配置:
设备主机名
认证服务
超级用户登录
系统日志设置
一些 SNMP 设置
系统服务,如 FTP 和 Telnet
用于重新分配静态路由的静态路由和策略
配置组
re0
和re1
管理以太网接口的地址 (fxp0)
将设备 ID 用作环路地址的环路接口 (lo0)
示例脚本同时以 XSLT 和 SLAX 语法显示:
XSLT 语法
<?xml version="1.0" standalone="yes"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:junos="http://xml.juniper.net/junos/*/junos" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm" xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0"> <xsl:import href="../import/junos.xsl"/> <xsl:variable name="macro-name" select="'config-system.xsl'"/> <xsl:template match="configuration"> <xsl:variable name="rid" select="routing-options/router-id"/> <xsl:for-each select="apply-macro[name = 'config-system']"> <xsl:variable name="hostname" select="data[name = 'host-name']/value"/> <xsl:variable name="fxp0-addr" select="data[name = 'mgmt-address']/value"/> <xsl:variable name="backup-router" select="data[name = 'backup-router']/value"/> <xsl:variable name="bkup-rtr"> <xsl:choose> <xsl:when test="$backup-router"> <xsl:value-of select="$backup-router"/> </xsl:when> <xsl:otherwise> <xsl:variable name="fxp01" select="substring-before($fxp0-addr, '.')"/> <xsl:variable name="fxp02" select="substring-before(substring-after($fxp0-addr, '.'), '.')"/> <xsl:variable name="fxp03" select="substring-before(substring-after(substring-after( $fxp0-addr, '.'), '.'), '.')"/> <xsl:variable name="plen" select="substring-after($fxp0-addr, '/')"/> <xsl:choose> <xsl:when test="$plen = 22"> <xsl:value-of select="concat($fxp01, '.', $fxp02, '.', $fxp03 div 4 * 4 + 3, '.254')"/> </xsl:when> <xsl:when test="$plen = 24"> <xsl:value-of select="concat($fxp01, '.', $fxp02, '.', $fxp03, '.254')"/> </xsl:when> </xsl:choose> </xsl:otherwise> </xsl:choose> </xsl:variable> <xsl:choose> <xsl:when test="not($rid) or not($hostname) or not($fxp0-addr)"> <xnm:error> <message> Must set router ID, host-name and mgmt-address to use this script. </message> </xnm:error> </xsl:when> <xsl:otherwise> <transient-change> <system> <!-- Set the following --> <domain-name>your-domain.net</domain-name> <domain-search>domain.net</domain-search> <backup-router> <address><xsl:value-of select="$bkup-rtr"/></address> </backup-router> <time-zone>America/Los_Angeles</time-zone> <authentication-order>radius</authentication-order> <authentication-order>password</authentication-order> <root-authentication> <encrypted-password> $ABC123 </encrypted-password> </root-authentication> <name-server> <name>192.168.5.68</name> </name-server> <name-server> <name>172.17.28.100</name> </name-server> <radius-server> <name>192.168.170.241</name> <secret> $ABC123 </secret> </radius-server> <radius-server> <name>192.168.4.240</name> <secret> $ABC123 </secret> </radius-server> <login> <class> <permissions>all</permissions> </class> <user> <name>johnny</name> <uid>928</uid> <class>superuser</class> <authentication> <encrypted-password> $ABC123 </encrypted-password> </authentication> </user> </login> <services> <finger/> <ftp/> <ssh/> <telnet/> <xnm-clear-text/> </services> <syslog> <user> <name>*</name> <contents> <name>any</name> <emergency/> </contents> </user> <host> <name>host1</name> <contents> <name>any</name> <notice/> </contents> <contents> <name>interactive-commands</name> <any/> </contents> </host> <file> <name>messages</name> <contents> <name>any</name> <notice/> </contents> <contents> <name>any</name> <warning/> </contents> <contents> <name>authorization</name> <info/> </contents> <archive> <world-readable/> </archive> </file> <file> <name>security</name> <contents> <name>interactive-commands</name> <any/> </contents> <archive> <world-readable/> </archive> </file> </syslog> <processes> <routing> <undocumented><enable/></undocumented> </routing> <snmp> <undocumented><enable/></undocumented> </snmp> <ntp> <undocumented><enable/></undocumented> </ntp> <inet-process> <undocumented><enable/></undocumented> </inet-process> <mib-process> <undocumented><enable/></undocumented> </mib-process> <undocumented><management><enable/> </undocumented></management> <watchdog> <enable/> </watchdog> </processes> <ntp> <boot-server>domain.net</boot-server> <server> <name>domainr.net</name> </server> </ntp> </system> <snmp> <location>Software lab</location> <contact>Michael Landon</contact> <interface>fxp0.0</interface> <community> <name>public</name> <authorization>read-only</authorization> <clients> <name>0.0.0.0/0</name> <restrict/> </clients> <clients> <name>192.168.1.252/32</name> </clients> <clients> <name>10.197.169.222/32</name> </clients> <clients> <name>10.197.169.188/32</name> </clients> <clients> <name>10.197.169.193/32</name> </clients> <clients> <name>192.168.65.46/32</name> </clients> <clients> <name>10.209.152.0/23</name> </clients> </community> <community> <name>private</name> <authorization>read-write</authorization> <clients> <name>0.0.0.0/0</name> <restrict/> </clients> <clients> <name>10.197.169.188/32</name> </clients> </community> </snmp> <routing-options> <static> <junos:comment>/* safety precaution */</junos:comment> <route> <name>0.0.0.0/0</name> <discard/> <retain/> <no-readvertise/> </route> <junos:comment>/* corporate net */</junos:comment> <route> <name>172.16.0.0/12</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* lab nets */</junos:comment> <route> <name>192.168.0.0/16</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* reflector */</junos:comment> <route> <name>10.17.136.192/32</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* another lab1*/</junos:comment> <route> <name>10.10.0.0/16</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* ssh servers */</junos:comment> <route> <name>10.17.136.0/24</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* Workstations */</junos:comment> <route> <name>10.150.0.0/16</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* Hosts */</junos:comment> <route> <name>10.157.64.0/19</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> <junos:comment>/* Build Servers */</junos:comment> <route> <name>10.10.0.0/16</name> <next-hop><xsl:value-of select="$bkup-rtr"/></next-hop> <retain/> <no-readvertise/> </route> </static> </routing-options> <policy-options> <policy-statement> <name>redist</name> <from> <protocol>static</protocol> </from> <then> <accept/> </then> </policy-statement> </policy-options> <apply-groups>re0</apply-groups> <apply-groups>re1</apply-groups> <groups> <name>re0</name> <system> <host-name> <xsl:value-of select="$hostname"/></host-name> </system> <interfaces> <interface> <name>fxp0</name> <unit> <name>0</name> <family> <inet> <address> <name> <xsl:value-of select="$fxp0-addr"/> </name> </address> </inet> </family> </unit> </interface> </interfaces> </groups> <groups> <name>re1</name> </groups> <interfaces> <interface> <name>lo0</name> <unit> <name>0</name> <family> <inet> <address> <name><xsl:value-of select="$rid"/></name> </address> </inet> </family> </unit> </interface> </interfaces> </transient-change> </xsl:otherwise> </xsl:choose> </xsl:for-each> </xsl:template> </xsl:stylesheet>
SLAX 语法
version 1.0; ns junos = "http://xml.juniper.net/junos/*/junos"; ns xnm = "http://xml.juniper.net/xnm/1.1/xnm"; ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0"; import "../import/junos.xsl"; var $macro-name = 'config-system.xsl'; match configuration { var $rid = routing-options/router-id; for-each (apply-macro[name = 'config-system']) { var $hostname = data[name = 'host-name']/value; var $fxp0-addr = data[name = 'mgmt-address']/value; var $backup-router = data[name = 'backup-router']/value; var $bkup-rtr = { if ($backup-router) { expr $backup-router; } else { var $fxp01 = substring-before($fxp0-addr,'.'); var $fxp02 = substring-before(substring-after($fxp0-addr, '.'), '.'); var $fxp03 = substring-before(substring-after(substring-after( $fxp0- addr, '.'), '.'), '.'); var $plen = substring-after($fxp0-addr, '/'); if ($plen = 22) { expr $fxp01 _ '.' _ $fxp02 _ '.' _ $fxp03 div 4 * 4 + 3 _ '.254'; } else if ($plen = 24) { expr $fxp01 _ '.' _ $fxp02 _ '.' _ $fxp03 _ '.254'; } } } if (not($rid) or not($hostname) or not($fxp0-addr)) { <xnm:error> { <message> "Must set router ID, host-name, and mgmt-address to use this script."; } } else { <transient-change> { <system> { /* Set the following */ <domain-name> "your-domain.net"; <domain-search> "domain.net"; <backup-router> { <address> $bkup-rtr; } <time-zone> "America/Los_Angeles"; <authentication-order> "radius"; <authentication-order> "password"; <root-authentication> { <encrypted-password> "$ABC123"; } <name-server> { <name> "192.168.5.68"; } <name-server> { <name> "172.17.28.100"; } <radius-server> { <name> "192.168.170.241"; <secret> "$ABC123"; } <radius-server> { <name> "192.168.4.240"; <secret> "$ABC123"; } <login> { <class> { <permissions> "all"; } <user> { <name> "johnny"; <uid> "928"; <class> "superuser"; <authentication> { <encrypted-password>"$ABC123"; } } } <services> { <finger>; <ftp>; <ssh>; <telnet>; <xnm-clear-text>; } <syslog> { <user> { <name> "*"; <contents> { <name> "any"; <emergency>; } } <host> { <name> "host1"; <contents> { <name> "any"; <notice>; } <contents> { <name> "interactive-commands"; <any>; } } <file> { <name> "messages"; <contents> { <name> "any"; <notice>; } <contents> { <name> "any"; <warning>; } <contents> { <name> "authorization"; <info>; } <archive> { <world-readable>; } } <file> { <name> "security"; <contents> { <name> "interactive-commands"; <any>; } <archive> { <world-readable>; } } } <processes> { <routing> { <undocumented><enable>; } <snmp> { <undocumented><enable>; } <ntp> { <undocumented><enable>; } <inet-process> { <undocumented> <enable>; } <mib-process> { <undocumented> <enable>; } <undocumented><management> { <enable>; } <watchdog> { <enable>; } <ntp> { <boot-server> "domain.net"; <server> { <name> "domainr.net"; } } } <snmp> { <location> "Software lab"; <contact> "Michael Landon"; <interface> "fxp0.0"; <community> { <name> "public"; <authorization> "read-only"; <clients> { <name> "0.0.0.0/0"; <restrict>; } <clients> { <name> "192.168.1.252/32"; } <clients> { <name> "10.197.169.222/32"; } <clients> { <name> "10.197.169.188/32"; } <clients> { <name> "10.197.169.193/32"; } <clients> { <name> "192.168.65.46/32"; } <clients> { <name> "10.209.152.0/23"; } } <community> { <name> "private"; <authorization> "read-write"; <clients> { <name> "0.0.0.0/0"; <restrict>; } <clients> { <name> "10.197.169.188/32"; } } } <routing-options> { <static> { <junos:comment> "/* safety precaution */"; <route> { <name> "0.0.0.0/0"; <discard>; <retain>; <no-readvertise>; } <junos:comment> "/* corporate net */"; <route> { <name> "172.16.0.0/12"; <next-hop> $bkup-rtr; <retain>; <no-readvertise>; } <junos:comment> "/* lab nets */"; <route> { <name> "192.168.0.0/16"; <next-hop> $bkup-rtr; <retain>; <no-readvertise>; } <junos:comment> "/* reflector */"; <route> { <name> "10.17.136.192/32"; <next-hop> $bkup-rtr; <retain>; <no-readvertise>; } <junos:comment> "/* another lab1*/"; <route> { <name> "10.10.0.0/16"; <next-hop> $bkup-rtr; <retain>; <no-readvertise>; } <junos:comment> "/* ssh servers */"; <route> { <name> "10.17.136.0/24"; <next-hop> $bkup-rtr; <retain>; <no-readvertise>; } <junos:comment> "/* Workstations */"; <route> { <name> "10.150.0.0/16"; <next-hop> $bkup-rtr; <retain>; <no-readvertise>; } <junos:comment> "/* Hosts */"; <route> { <name> "10.157.64.0/19"; <next-hop> $bkup-rtr; <retain>; <no-readvertise>; } <junos:comment> "/* Build Servers */"; <route> { <name> "10.10.0.0/16"; <next-hop> $bkup-rtr; <retain>; <no-readvertise>; } } } <policy-options> { <policy-statement> { <name> "redist"; <from> { <protocol> "static"; } <then> { <accept>; } } } <apply-groups> "re0"; <apply-groups> "re1"; <groups> { <name> "re0"; <system> { <host-name> $hostname; } <interfaces> { <interface> { <name> "fxp0"; <unit> { <name> "0"; <family> { <inet> { <address> { <name> $fxp0-addr; } } } } } } } <groups> { <name> "re1"; } <interfaces> { <interface> { <name> "lo0"; <unit> { <name> "0"; <family> { <inet> { <address> { <name> $rid; } } } } } } } } } }
配置
程序
逐步过程
要下载、启用和测试脚本:
将脚本复制到文本文件中,根据需要将文件命名为 config-system.xsl 或 config-system.slax ,并将其复制到设备上的 /var/db/script/commit/ 目录中。
选择以下测试配置部分,然后按 Ctrl+c 将它们复制到该测试板。
如果您使用的脚本的 SLAX 版本,请从层次结构级别将文件名
[edit system scripts commit file]
更改为 config-system.slax。system { scripts { commit { allow-transients; file config-system.xsl; } } } apply-macro config-system { host-name test; mgmt-address 10.0.0.1/32; backup-router 10.0.0.2; }
和
host-name
mgmt-address
语句为必填项。语句backup-router
是可选的。您可以替换主机名、管理以太网 (fxp0) IP 地址和适用于您的设备的备份路由器 IP 地址。在配置模式下,发出
load merge terminal
命令,将各节合并到设备配置中。[edit] user@host# load merge terminal [Type ^D at a new line to end input] ... Paste the contents of the clipboard here ...
出现提示时,使用鼠标和粘贴图标来粘贴分文功能板的内容。
按 Enter。
按 Ctrl+d。
提交配置。
user@host# commit