Junos save and load commands are to save and load the entire or part of the configuration or output of any show commands, locally on the device or on a remote server. this is what we will discuss in this section.
We will also learn how to configure custom automatic backup policy.
Junos "save" and "load" commands fundamental
Junos “save” command can be used to save any output in a file. It is can be used also to save or backup the entire or part of a configuration file.
Junos “load” command can be used to load the entire of part of the configuration from a saved file and merge or replace it with current active configuration.
However Junos “save” and “load” commands are not limited to export or import the configuration files but mostly they are used to backup configuration files locally and save them locally or on a remote server.
Before discussing and demonstrating “save” and “load” commands, we will discuss Junos automatic configuration backup.
As you know, with each commit command, a new version of the configuration file is backed up and stored locally on the device. We will discuss where these files are stored and how you can access them. We have already and in previous sections learned that these files are loaded with the “rollback N” command.
Also, we will learn to configure our custom automatic backup policy, which can take a backup from configuration, periodically or whenever we enter the commit command.
Junos save and load commands demonstration
default Junos automatic configuration backup
Before creating your own configuration file backup, let’s see how configuration files are backed up by default and how we can access them.
As you know, whenever you commit a configuration changes, a new version of the configuration is backed up and stored locally on the device.
By default the latest 4 version of the configurations are stored in “/config/” folder and the others, up to 46 version of configurations are stored in “/var/db/config/”.
With the command “file list” in operational mode, we can check the files inside of these folders like “ls” command in Linux and “dir” command in windows environment.
rayka@vSRX> file list /config/
/config/:
db_ext
default.conf*
juniper.conf.1.gz
juniper.conf.2.gz
juniper.conf.3.gz
juniper.conf.gz
license/
license-status.db
usage.db
rayka@vSRX> file list /var/db/config/
/var/db/config/:
juniper.conf.10.gz
juniper.conf.11.gz
juniper.conf.12.gz
juniper.conf.13.gz
juniper.conf.14.gz
juniper.conf.15.gz
juniper.conf.16.gz
juniper.conf.17.gz
juniper.conf.18.gz
juniper.conf.19.gz
juniper.conf.20.gz
juniper.conf.21.gz
juniper.conf.22.gz
juniper.conf.23.gz
juniper.conf.24.gz
juniper.conf.25.gz
juniper.conf.26.gz
juniper.conf.27.gz
juniper.conf.28.gz
juniper.conf.29.gz
juniper.conf.4.gz
juniper.conf.5.gz
juniper.conf.6.gz
juniper.conf.7.gz
juniper.conf.8.gz
juniper.conf.9.gz
rayka@vSRX>
The content of any of these file can be also shown with “file show” command.
rayka@vSRX> file show /var/db/config/juniper.conf.10.gz
## Last changed: 2022-05-01 19:35:24 UTC
version 22.1R1.10;
system {
host-name vSRX_temp;
root-authentication {
encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1";
}
login {
user rayka {
uid 2000;
class super-user;
authentication {
encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../";
}
}
}
....
Just to know, it is also possible to copy, delete or compare the files with “file copy”, “file delete” and “file compare” commands, which are clear and I am not going to talk about them.
rayka@vSRX> file ?
Possible completions:
<[Enter]> Execute this command
archive Archives files from the system
change-owner Change owner of file
change-permission Change permission of file
checksum Calculate file checksum
compare Compare files
compress Compress file
copy Copy files (local or remote)
delete Delete files from the system
delete-directory Delete a directory
link Create link between files
list List file information
make-directory Create a new directory
rename Rename files
routing-instance Name of routing instance for host attempt
show Show file contents
source-address Local address to use in originating the connection
staging-directory Staging directory on Routing Engine
| Pipe through a command
rayka@vSRX>
It is also possible to use any of Linux CLI commands for file management. It is enough to enter to the shell environment with “start shell” command in operational mode.
rayka@vSRX> start shell
% pwd
/var/home/rayka
% ls /config/
db_ext juniper.conf.1.gz juniper.conf.3.gz license usage.db
default.conf juniper.conf.2.gz juniper.conf.gz license-status.db
% ls /var/db/config/
juniper.conf.10.gz juniper.conf.15.gz juniper.conf.20.gz juniper.conf.25.gz juniper.conf.4.gz juniper.conf.9.gz
juniper.conf.11.gz juniper.conf.16.gz juniper.conf.21.gz juniper.conf.26.gz juniper.conf.5.gz
juniper.conf.12.gz juniper.conf.17.gz juniper.conf.22.gz juniper.conf.27.gz juniper.conf.6.gz
juniper.conf.13.gz juniper.conf.18.gz juniper.conf.23.gz juniper.conf.28.gz juniper.conf.7.gz
juniper.conf.14.gz juniper.conf.19.gz juniper.conf.24.gz juniper.conf.29.gz juniper.conf.8.gz
% zcat /var/db/config/juniper.conf.10.gz
## Last changed: 2022-05-01 19:35:24 UTC
version 22.1R1.10;
system {
host-name vSRX_temp;
root-authentication {
encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1";
}
login {
user rayka {
uid 2000;
class super-user;
authentication {
encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../";
}
}
}
....
configuring Junos custom automatic backup
Automatic configuration backup is another feature which is usually exist in any network device and also in juniper devices.
You can ask the device to create an automatic backup of the active configuration at a certain interval or whenever we enter the commit command. it is configured under “system archival configuration” section.
I configure the device to take a backup and copy it to the remote scp server whenever I enter a commit command.
[edit system archival]
rayka@vSRX# show
configuration {
transfer-on-commit;
archive-sites {
"scp://majid@192.168.200.111:/home/majid" password "$9$H.T36/tu1hTz39A01IcylMX-UDik.5JG"; ## SECRET-DATA
}
}
[edit system archival]
rayka@vSRX# show | display set
set system archival configuration transfer-on-commit
set system archival configuration archive-sites "scp://majid@192.168.200.111:/home/majid" password "$9$H.T36/tu1hTz39A01IcylMX-UDik.5JG"
[edit system archival]
rayka@vSRX#
edit system archival configuration]
rayka@vSRX# set ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> archive-sites List of archive destinations
routing-instance Routing instance through which server is reachable
transfer-interval Frequency at which file transfer happens (15..2880 minutes)
transfer-on-commit Transfer after each commit
[edit system archival configuration]
To test it, I change the hostname and then commit the new changes. A new backup file is expected to be created on the remote server.
rayka@vSRX# set system host-name vSRX9
[edit]
rayka@vSRX# commit
commit complete
[edit]
rayka@vSRX9#
!!!
majid@192-168-1-111:~$ ls
config1 config20220429 entireconfig05102022 vSRX9_20220508_184750_juniper.conf.gz
majid@192-168-1-111:~$
Junos "save" command
Although we have backups of the last 50 configuration changes, sometimes you need to create your own backup of configuration files, which can be stored locally or on a remote server.
With “save NAME” command in configuration mode, you can save the entire or part of candidate.
If you don’t specify a path, by default they are stored in your home directory, which is “/var/home/USERNAME/” and you can check it with the “file list” command.
rayka@vSRX# save config05102022
Wrote 119 lines of configuration to 'config05102022'
[edit]
rayka@vSRX# run file list
/var/home/rayka/:
.ssh/
config05102022
config20220429
config20220430
[edit]
rayka@vSRX#
Depending on the context of the configuration mode you are in, only that part of the configuration will be saved. If you want to save the entire configuration, don’t forget to switch to the top-level configuration modes.
For example, if you save the configuration while you are in the “system services” context, only the configuration related to the services will be saved.
rayka@vSRX# edit system services
[edit system services]
rayka@vSRX# save servicesconfig
Wrote 15 lines of configuration to 'servicesconfig'
[edit system services]
rayka@vSRX# run file show servicesconfig
## Last changed: 2022-05-08 17:48:34 UTC
system {
replace:
services {
ssh {
root-login allow;
}
telnet;
web-management {
http {
interface fxp0.0;
}
}
}
}
[edit system services]
rayka@vSRX#
It is also possible to save your configuration file in any folder in the device locally or on a remote server.
For example I want to copy the entire configuration file to the remote “scp” server . It’s easier for me to copy the files over the bash environment. But here I will run it with “save” command since we are talking about “save” command in this section.
rayka@vSRX# save scp://majid@192.168.200.111:/home/majid/entireconfig05102022
majid@192.168.200.111's password:
tempfile 100% 2811 105.0KB/s 00:00
Wrote 119 lines of configuration to 'scp://majid@192.168.200.111:/home/majid/entireconfig05102022'
[edit]
rayka@vSRX#
!
majid@192-168-1-111:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:fa:59:bf brd ff:ff:ff:ff:ff:ff
inet 192.168.1.111/24 brd 192.168.1.255 scope global ens32
valid_lft forever preferred_lft forever
inet 192.168.200.111/24 brd 192.168.200.255 scope global ens32:0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fefa:59bf/64 scope link
valid_lft forever preferred_lft forever
majid@192-168-1-111:~$
majid@192-168-1-111:~$ pwd
/home/majid
majid@192-168-1-111:~$ ls
config1 config20220429 entireconfig05102022
majid@192-168-1-111:~$
“save” command can also be used in the output of any command. for example you can save the output of “show interface terse” command in remote scp server with the command:
“show interfaces terse | save scp://majid@192.168.200.111:/home/majid/showinterfaceterse”.
rayka@vSRX9# run show interfaces terse | save scp://majid@192.168.200.111:/home/majid/showinterfaceterse
majid@192.168.200.111's password:
tempfile 100% 1818 179.9KB/s 00:00
Wrote 43 lines of output to 'scp://majid@192.168.200.111:/home/majid/showinterfaceterse'
[edit]
rayka@vSRX9#
Junos load command
It is also possible to load the configuration files already backed up and stored locally or on a remote server. You can use the “load replace“, “load merge“, or “load override” commands in configuration mode to load the configuration into the candidate configuration.
Before we apply the loaded configuration, we can check the pending changes with “show | compare” command to ensure it is loaded correctly.
It worth noting the difference between load commands.
“load override”, discard the entire configuration and replace it with loaded configuration.
“load replace” can be used to overwrite a specific section of the configuration.
“load merge” merge the contents of loaded file with the existing candidate configuration file.
Most of the time there is practically no difference between these commands, but to ensure the pending changes after loading the file, use easily “show | compare” command to check the changes before applying them to the device.
As an example I change the hostname and then save the new candidate configuration as a file. now it makes no difference which of the load commands is used to load this new file.
[edit]
rayka@vSRX# set system host-name vSRX5
[edit]
rayka@vSRX# save vSRX5
Wrote 132 lines of configuration to 'vSRX5'
[edit]
rayka@vSRX# rollback 0
load complete
[edit]
rayka@vSRX# load override vSRX5
load complete
[edit]
rayka@vSRX# show | compare
[edit system]
- host-name vSRX;
+ host-name vSRX5;
[edit]
rayka@vSRX# rollback 0
load complete
[edit]
rayka@vSRX# load replace vSRX5
load complete
[edit]
rayka@vSRX# show | compare
[edit system]
- host-name vSRX;
+ host-name vSRX5;
[edit]
rayka@vSRX# rollback 0
load complete
[edit]
rayka@vSRX# load merge vSRX5
load complete
[edit]
rayka@vSRX# show | compare
[edit system]
- host-name vSRX;
+ host-name vSRX5;
[edit]
rayka@vSRX# rollback 0
load complete
[edit]
rayka@vSRX#