Juniper Junos configuration types and configure commands are what we will discuss and demonstrate in this section. we have two types of Junos configuration, active configuration in which is live and candidate configuration which includes also some changes which will be active after commit command.
If there are multiple Juniper admins on the network, what happens if they configure at the same time and some configurations conflict? We will see the difference between “configure”, “configure private” and “configure exclusive” in this regard.
Juniper Junos configuration types and "configure" commands
Juniper Junos active configuration versus candidate configuration
As we have seen in the previous sections, we have two types of configuration. active configuration and candidate configuration.
“active configuration” is the configuration which is live in juniper device and you can check it with “show configuration” command in operational mode.
“candidate configuration” includes also additional changes that you have configured but you have not yet activated. With “commit” command, the new changes will be added to the active configuration.
Juniper Junos “configure” commands
As you know, you use “configure” command in juniper devices to change the operational mode to the configuration mode. You have several options with configure command that behave differently when more than one Juniper administrator is changing the configuration at the same time and some configurations are likely to conflict.
The “configure” command with no option allows all Juniper admins to configure at the same time and when one admin “commit” the configuration changes, then the other admin’s changes are also committed. In the event of a conflict, the most recent changes take precedence.
The “configure exclusive” command locks the configuration and it is not possible for more than one administrator to configure the device at the same time and therefore there is no conflict.
The “configure private” command, each user has a private candidate configuration independently of other users. If another user has also modified the configuration, there is also option to merge the changes into your private candidate configuration and then commit the changes. In the event of a conflict, the first commit operation takes precedence
Juniper Junos configuration types and "configure" commands demonstration
Juniper Junos active configuration versus candidate configuration demonstration
In the previous section we have seen the difference between active and candidate configuration, but just to review. Let’s see the differences once again practically.
With “show configuration | display set | match host-name” in operational mode, we see the set version of active configuration.
rayka@vSRX> show configuration | display set | match host-name
set system host-name vSRX
rayka@vSRX>
As you can see the current hostname is ‘vSRX’.
we change the hostname with “set system host-name vSRX_temp” in configuration mode.
Then we check the hostname again before commit command “run show configuration | display set | match host-name” in configuration mode.
rayka@vSRX> configure
Entering configuration mode
[edit]
rayka@vSRX# set system host-name vSRX_temp
[edit]
rayka@vSRX# run show configuration | display set | match host-name
set system host-name vSRX
[edit]
rayka@vSRX#
As you can see the hostname hast not changed in active configuration.
But with command “show | compare”, we can see that it has changed but it is still in candidate configuration.
rayka@vSRX# show | compare
[edit system]
- host-name vSRX;
+ host-name vSRX_temp;
[edit]
rayka@vSRX#
With “commit” command in configuration mode, the new hostname will be pushed into active configuration.
again with the command “run show configuration | display set | match host” in configuration mode, we see that the hostname is now changed in active configuration.
rayka@vSRX# commit
commit complete
[edit]
rayka@vSRX_temp# run show configuration | display set | match host-name
set system host-name vSRX_temp
[edit]
rayka@vSRX_temp#
I’ll change the hostname to “vSRX” again before moving on to the next section.
rayka@vSRX_temp# set system host-name vSRX
[edit]
rayka@vSRX_temp# commit
commit complete
[edit]
rayka@vSRX#
Juniper Junos configure” commands demonstration
Now let’s review the implementation of configure commands in Juniper devices.
We use the “configure” command in Juniper devices to configure new changes. But what if more than one Juniper administrator is changing the configuration at the same time, and probably some configurations conflict?
We have already discussed different configure command options. Let’s check them together practically to see the differences.
Juniper Junos “configure” command with no option
First of all, let’s check “configure” command with no option.
I modify some configurations by two users (root and rayka) where part of them conflict.
With user “root”, I configure hostname as “vSRX_root” and create a new user “rayka1” with read-only privilege.
root@vSRX> configure
Entering configuration mode
[edit]
root@vSRX# set system host-name vSRX_root
[edit]
root@vSRX# set system login user rayka1 class read-only authentication plain-text-password
New password:
Retype new password:
[edit]
root@vSRX#
Them I will enter to the configuration mode with user “rayka”. you notice that root user is also changing the configuration at the same time.
I change the hostname to a conflicting name “vSRX_rayka” and also create a new user “rayka2” with read-only privilege.
rayka@vSRX> configure
Entering configuration mode
Users currently editing the configuration:
root terminal pts/1 (pid 81236) on since 2022-04-30 20:03:46 UTC
[edit]
The configuration has been changed but not committed
[edit]
rayka@vSRX# set system host-name vSRX_rayka
[edit]
rayka@vSRX# set system login user rayka2 class read-only authentication plain-text-password
New password:
Retype new password:
[edit]
rayka@vSRX#
Then I will come back to the “root” user configuration mode and use “show | compare” command in in “root” configuration mode.
As you can see the conflicting host-name configuration will be changed to “vSRX_rayka” which is the most changes done through “rayka” user and not current “root” user.
Notice that both user “rayka1” and “rayka2” is added to the configuration modified with current “root” admin user and also configuration of “rayka” admin user.
root@VSRX# show | compare
[edit system]
- host-name VSRX;
+ host-name vSRX_rayka;
[edit system login user rayka1 authentication]
- encrypted-password "$6$/hAwuDTt$wG5qfDEvTn0H98D0dbGKKtVLcEv5I64xxZZl7amtUM9idhwGqsm9SB.Zy9ecBnz9syBjChqFmWAfiCeSTCFcx0"; ## SECRET-DATA
+ encrypted-password "$6$Pbw1ITLG$YAGdIRUsQ.UN4/oX7UB/FZQXpkys3Gw/zVVtQbcm1vnTxefaQxKXkgKedDdj8q2Z3e2EO2vJqOV9UvBLTMCmo1"; ## SECRET-DATA
[edit system login user rayka2 authentication]
- encrypted-password "$6$UGh8O7GO$hwlB2eePF3mMqeM8xEubYzoE8v5BPIDSCLOrT40nxxthadvUzD2f.l2fSGSBc0wbSRO.H4CE0.D66.9wEbjVj."; ## SECRET-DATA
+ encrypted-password "$6$zxjRz.HY$rhjx4LpTRckNN9GzkXXBvXmQy.ZpmEo7H9mmuKAeSRzCcfJWGOPjRYoZoW/wEitU0pyMxCfPv9lalvGnzJNX70"; ## SECRET-DATA
[edit]
root@VSRX#
root@VSRX# rollback 0
load complete
[edit]
root@VSRX# exit
Exiting configuration mode
root@VSRX>
We discard all changes with “rollback 0” command in both “root” and “rayka” configuration mode.
Juniper Junos “configure exclusive” command
Now let’s check “configure exclusive” command behavior.
With user “root”, I enter the configuration mode but this time with “configure exclusive” command. then I configure hostname as “vSRX_root” and create a new user “rayka1” with read-only privilege.
root@VSRX> configure exclusive
warning: uncommitted changes will be discarded on exit
Entering configuration mode
[edit]
root@VSRX# set system host-name vSRX_root
[edit]
root@VSRX# set system login user rayka1 class read-only authentication plain-text-password
New password:
Retype new password:
[edit]
root@VSRX#
Them I will enter to the configuration mode with user “rayka”. you notice that “root” user is also changing the configuration at the same time but has locked the configuration and I am not allowed to do any configuration changes.
rayka@VSRX> configure exclusive
error: configuration database locked by:
root terminal pts/1 (pid 81236) on since 2022-04-30 20:30:11 UTC, idle 00:01:18
exclusive [edit]
rayka@VSRX>
Then I discard all changes with “rollback 0” command in “root” configuration mode.
Juniper Junos “configure private” command
Now let’s check “configure private” command behavior.
With user “root”, I enter the configuration mode but this time with “configure private” command. then I configure hostname as “vSRX_root” and create a new user “rayka1” with read-only privilege.
root@VSRX> configure private
warning: uncommitted changes will be discarded on exit
Entering configuration mode
[edit]
root@VSRX# set system host-name vSRX_root
[edit]
root@VSRX# set system login user rayka1 class read-only authentication plain-text-password
New password:
Retype new password:
[edit]
root@VSRX#
Them I will enter to the configuration mode with user “rayka”. you notice that root user is also changing the configuration at the same time and he is in private mode.
Then I change the hostname to a conflicting name “vSRX_rayka” and also create a new user “rayka2” with read-only privilege.
rayka@VSRX> configure private
warning: uncommitted changes will be discarded on exit
Entering configuration mode
Users currently editing the configuration:
root terminal pts/1 (pid 81236) on since 2022-04-30 20:35:54 UTC, idle 00:01:10
private [edit]
[edit]
rayka@VSRX# set system host-name vSRX_rayka
[edit]
rayka@VSRX# set system login user rayka2 class read-only authentication plain-text-password
New password:
Retype new password:
[edit]
rayka@VSRX#
Then I will come back to the “root” user configuration mode and use “show | compare” command in in “root” configuration mode.
As you can see the conflicting host-name configuration will be changed to “vSRX_root” which is the first changes done through “root” user and not latest changes in “rayka” user.
Notice that only user “rayka1” is added to the configuration modified with current “root” admin user and private configuration of “rayka” admin user, “rayka2”, is not added to the configuration.
root@VSRX# show | compare
[edit system]
- host-name VSRX;
+ host-name vSRX_root;
[edit system login]
+ user rayka1 {
+ class read-only;
+ authentication {
+ encrypted-password "$6$rJGgptXh$RXzzpSrC9i1Y.xBH.5sk5p.5TN42fgPVcWDueLG0lyl3hEGi6o6UnLXSh3BBFeQOIG4FfinxnZaUtnk7oXPnL1"; ## SECRET-DATA
+ }
+ }
[edit]
root@VSRX#
We discard all changes with “rollback 0” command in both “root” and “rayka” configuration mode.