ON THIS PAGE
What's Changed
Learn about what changed in this release for MX Series routers.
Network Management and Monitoring
-
operator
login class is restricted from viewing NETCONF trace files that areno-world-readable
(ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—When you configure NETCONF tracing options at the[edit system services netconf traceoptions]
hierarchy level and you restrict file access to the file owner by setting or omitting theno-world-readable
statement (the default), users assigned to theoperator
login class do not have permissions to view the trace file. -
Support for the
junos:cli-feature
YANG extension (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—Thecli-feature
YANG extension identifies certain CLI properties associated with some command options and configuration statements. The Junos YANG modules that define the configuration or RPCs include thecli-feature
extension statement, where appropriate, in schemas emitted with extensions. This extension is beneficial when a client consumes YANG data models, but for certain workflows, the client needs to generate CLI-based tools. -
XML tag in the
get-system-yang-packages
RPC reply changed (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—Theget-system-yang-packages
RPC reply replaces thexmlproxy-yang-modules
tag with theproxy-xml-yang-modules
tag in the XML output. -
Changes to the NETCONF server's
<rpc-error>
element when theoperation="delete"
operation deletes a nonexistent configuration object (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—We've changed the<rpc-error>
response that the NETCONF server returns when the<edit-config>
or<load-configuration>
operation usesoperation="delete"
to delete a configuration element that is absent in the target configuration. The error severity is error instead of warning, and the<rpc-error>
element includes the<error-tag>data-missing</error-tag>
and<error-type>application</error-type>
elements.
PKI
-
Deprecating options related to certificate enrollment (Junos)—Starting in Junos OS Release 23.2R1, we’re deprecating earlier CLI options related to Public Key Infrastructure (PKI) to enroll and reenroll local certificate through Simple Certificate Enrolment Protocol (SCEP). The table below shows the Junos CLI commands and configuration statements with the options being deprecated. You can find the same CLI options now available under
scep
option in these commands and statements.Table 1: Deprecated Junos CLI Options Junos CLI Commands and Statements
Deprecated Options
set security pki auto-re-enrollment
certificate-id
request security pki local-certificate enroll
ca-profile
certificate-id
challenge-password
digest
domain-name
email
ip-address
ipv6-address
logical-system
scep-digest-algorithm
scep-encryption-algorithm
subject
request security pki node-local local-certificate enroll
ca-profile
certificate-id
challenge-password
digest
domain-name
email
ip-address
ipv6-address
logical-system
scep-digest-algorithm
scep-encryption-algorithm
subject
[See auto-re-enrollment (Security), request security pki local-certificate enroll scep, and request security pki node-local local-certificate enroll.]