 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
The XML structure follows the same hierarchy as the CLI. For example, in configuration mode the following statements are available at the [edit system] hierarchy level:
[edit system] user@host# set ? Possible completions: + authentication-order Order in which authentication methods are invoked + domain-search List of domain names to search host-name Hostname for C-series Controller > ldap LDAP properties > login Login properties + name-server DNS name servers > ntp Configure NTP > radius-server RADIUS server configuration > services System services configuration > syslog System log configuration > tacplus-server TACACS+ server configuration time-zone Time zone definition name
In an XML file, the tags within the <system> tags are the same as the statements in the [edit system] hierarchy. The tags under <system> can appear in any order.
- <configuration>
- <system>
- <authentication-order> </authentication-order>
- <domain-search> </domain-search>
- <host-name> </host-name>
- <ldap> </ldap>
- <login> </login>
- <name-server> </name-server>
- <ntp> </ntp>
- <radius-server> </radius-server>
- <services> </services>
- <syslog> </syslog>
- <tacplus-server> </tacplus-server>
- <time-zone> </time-zone>
- </system>
- </configuration>
The following example shows parts of a configuration file for statements in the [edit system] hierarchy:
- <?xml version="1.0"?>
- <configuration>
- <system>
- <time-zone>Canada/Eastern</time-zone>
- <services>
- <telnet/>
- <ssh>
- <root-login>allow</root-login>
- </ssh>
- </services>
- <host-name>myhost</host-name>
- <name-server>192.2.2.10</name-server>
- <name-server>192.2.2.20</name-server>
- <domain-search>mydomain.juniper.net</domain-search>
- <domain-search>juniper.net</domain-search>
- <ntp>
- <server> <address>192.2.2.100</address>
- </server>
- <boot-server>192.2.2.100</boot-server>
- </ntp>
- <ldap>
- <server>
- <address>10.227.2.100</address>
- </server>
- <boot-server>10.227.2.100</boot-server>
- </ldap>
- <ldap>
- <server>
- <community>
- <primary-neighbors>neighbor1</primary-neighbors>
- <role>primary</role>
- </community>
- </server>
- </ldap>
- <ldap>
- <client>
- <connection-manager-id>CLI_DATA_MANAGER
- </connection-manager-id>
- . . .
- </client>
- </ldap>
- <login>
- <class>
- <name>class-cfg</name>
- <allow-configuration>s.*m$|s.*m l.*n</allow-configuration>
- <permissions>configure</permissions>
- <permissions>interface</permissions>
- </class>
- <user>
- <user-name>admin</user-name>
- <class>super-user</class>
- <full-name>admin</full-name>
- <uid>500</uid>
- <gid>100</gid>
- <authentication>
- . . .
- </authentication>
- <level>normal</level>
- <complete-on-space>on</complete-on-space>
- </user>
- </login>
- <syslog>
- . . .
- </syslog>
- </system>
- </configuration>
You can modify a single value by inserting an attribute into one tag. For example, to delete the name server that has the IP address 192.2.2.20:
- <configuration>
- <system>
- <name-server operation=” delete” >192.2.2.20</name-server>
- </system>
- </configuration>
You can also modify a number of values within a hierarchy by adding an attribute at a higher level in the hierarchy. For example, to replace permissions for the class named class-cfg in the following configuration:
- <configuration>
- <system>
- <class>
- <name>class-cfg</name>
- <allow-configuration>s.*m$|s.*m l.*n</allow-configuration>
- <permissions>configure</permissions>
- <permissions>interface</permissions>
- </class>
- </system>
- </configuration>
Enter the replace attribute for the class:
- <configuration>
- <system>
- <login>
- <class operation=” replace” >
- <name>class-cfg</name>
- <allow-configuration>s.*m$|s.*m l.*n</allow-configuration>
- <permissions>control</permissions>
- <permissions>maintenance</permissions>
- </class>
- </login>
- </system>
- </configuration>
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |