Junos save and load commands are to save and load the entire or part of the configuration or output of any show commands, locally on the device or on a remote server. this is what we will discuss in this section.

We will also learn how to configure custom automatic backup policy.

Junos "save" and "load" commands fundamental

Junos “save” command can be used to save any output in a file. It is can be used also to save or backup the entire or part of a configuration file.

Junos “load” command can be used to load the entire of part of the configuration from a saved file and merge or replace it with current active configuration.

However Junos “save” and “load” commands are not limited to export or import the configuration files but mostly they are used to backup configuration files locally and save them locally or on a remote server.

Junos save and load commands
Junos save and load commands

Before discussing and demonstrating “save” and “load” commands, we will discuss Junos automatic configuration backup.

As you know, with each commit command, a new version of the configuration file is backed up and stored locally on the device. We will discuss where these files are stored and how you can access them. We have already and in previous sections learned that these files are loaded with the “rollback N” command.

Also, we will learn to configure our custom automatic backup policy, which can take a backup from configuration, periodically or whenever we enter the commit command.

Junos save and load commands demonstration

default Junos automatic configuration backup

Before creating your own configuration file backup, let’s see how configuration files are backed up by default and how we can access them.

As you know, whenever you commit a configuration changes, a new version of the configuration is backed up and stored locally on the device.

By default the latest 4 version of the configurations are stored in “/config/” folder and the others, up to 46 version of configurations are stored in “/var/db/config/”.

With the command “file list” in operational mode, we can check the files inside of these folders like “ls” command in Linux and “dir” command in windows environment.

rayka@vSRX> file list /config/ 

/config/:
db_ext
default.conf*
juniper.conf.1.gz
juniper.conf.2.gz
juniper.conf.3.gz
juniper.conf.gz
license/
license-status.db
usage.db

rayka@vSRX> file list /var/db/config/ 

/var/db/config/:
juniper.conf.10.gz
juniper.conf.11.gz
juniper.conf.12.gz
juniper.conf.13.gz
juniper.conf.14.gz
juniper.conf.15.gz
juniper.conf.16.gz
juniper.conf.17.gz
juniper.conf.18.gz
juniper.conf.19.gz
juniper.conf.20.gz
juniper.conf.21.gz
juniper.conf.22.gz
juniper.conf.23.gz
juniper.conf.24.gz
juniper.conf.25.gz
juniper.conf.26.gz
juniper.conf.27.gz
juniper.conf.28.gz
juniper.conf.29.gz
juniper.conf.4.gz
juniper.conf.5.gz
juniper.conf.6.gz
juniper.conf.7.gz
juniper.conf.8.gz
juniper.conf.9.gz

rayka@vSRX> 

The content of any of these file can be also shown with “file show” command.

rayka@vSRX> file show /var/db/config/juniper.conf.10.gz 
## Last changed: 2022-05-01 19:35:24 UTC
version 22.1R1.10;
system {
    host-name vSRX_temp;
    root-authentication {
        encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1";
    }
    login {
        user rayka {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../";
            }
        }
    }
....

Just to know, it is also possible to copy, delete or compare the files with “file copy”, “file delete” and “file compare” commands, which are clear and I am not going to talk about them.

rayka@vSRX> file ?
Possible completions:
  <[Enter]>            Execute this command
  archive              Archives files from the system
  change-owner         Change owner of file
  change-permission    Change permission of file
  checksum             Calculate file checksum
  compare              Compare files
  compress             Compress file
  copy                 Copy files (local or remote)
  delete               Delete files from the system
  delete-directory     Delete a directory
  link                 Create link between files
  list                 List file information
  make-directory       Create a new directory
  rename               Rename files
  routing-instance     Name of routing instance for host attempt
  show                 Show file contents
  source-address       Local address to use in originating the connection
  staging-directory    Staging directory on Routing Engine
  |                    Pipe through a command
rayka@vSRX>          

It is also possible to use any of Linux CLI commands for file management. It is enough to enter to the shell environment with “start shell” command in operational mode.

rayka@vSRX> start shell 
% pwd
/var/home/rayka
% ls /config/
db_ext                  juniper.conf.1.gz       juniper.conf.3.gz       license                 usage.db
default.conf            juniper.conf.2.gz       juniper.conf.gz         license-status.db
% ls /var/db/config/
juniper.conf.10.gz      juniper.conf.15.gz      juniper.conf.20.gz      juniper.conf.25.gz      juniper.conf.4.gz       juniper.conf.9.gz
juniper.conf.11.gz      juniper.conf.16.gz      juniper.conf.21.gz      juniper.conf.26.gz      juniper.conf.5.gz
juniper.conf.12.gz      juniper.conf.17.gz      juniper.conf.22.gz      juniper.conf.27.gz      juniper.conf.6.gz
juniper.conf.13.gz      juniper.conf.18.gz      juniper.conf.23.gz      juniper.conf.28.gz      juniper.conf.7.gz
juniper.conf.14.gz      juniper.conf.19.gz      juniper.conf.24.gz      juniper.conf.29.gz      juniper.conf.8.gz
% zcat /var/db/config/juniper.conf.10.gz
## Last changed: 2022-05-01 19:35:24 UTC
version 22.1R1.10;
system {
    host-name vSRX_temp;
    root-authentication {
        encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1";
    }
    login {
        user rayka {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../";
            }
        }
    }
....

configuring Junos custom automatic backup

Automatic configuration backup is another feature which is usually exist in any network device and also in juniper devices.

You can ask the device to create an automatic backup of the active configuration at a certain interval or whenever we enter the commit command. it is configured under “system archival configuration” section.

I configure the device to take a backup and copy it to the remote scp server whenever I enter a commit command.

[edit system archival]
rayka@vSRX# show 
configuration {
    transfer-on-commit;
    archive-sites {
        "scp://majid@192.168.200.111:/home/majid" password "$9$H.T36/tu1hTz39A01IcylMX-UDik.5JG"; ## SECRET-DATA
    }
}

[edit system archival]
rayka@vSRX# show | display set 
set system archival configuration transfer-on-commit
set system archival configuration archive-sites "scp://majid@192.168.200.111:/home/majid" password "$9$H.T36/tu1hTz39A01IcylMX-UDik.5JG"

[edit system archival]
rayka@vSRX# 

edit system archival configuration]
rayka@vSRX# set ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
> archive-sites        List of archive destinations
  routing-instance     Routing instance through which server is reachable
  transfer-interval    Frequency at which file transfer happens (15..2880 minutes)
  transfer-on-commit   Transfer after each commit
[edit system archival configuration]

To test it, I change the hostname and then commit the new changes. A new backup file is expected to be created on the remote server.

rayka@vSRX# set system host-name vSRX9 

[edit]
rayka@vSRX# commit 
commit complete

[edit]
rayka@vSRX9# 
!!!
majid@192-168-1-111:~$ ls
config1  config20220429  entireconfig05102022  vSRX9_20220508_184750_juniper.conf.gz
majid@192-168-1-111:~$ 

Junos "save" command

Although we have backups of the last 50 configuration changes, sometimes you need to create your own backup of configuration files, which can be stored locally or on a remote server.

With “save NAME” command in configuration mode, you can save the entire or part of candidate.

If you don’t specify a path, by default they are stored in your home directory, which is “/var/home/USERNAME/” and you can check it with the “file list” command.

rayka@vSRX# save config05102022 
Wrote 119 lines of configuration to 'config05102022'

[edit]
rayka@vSRX# run file list 

/var/home/rayka/:
.ssh/
config05102022
config20220429
config20220430

[edit]
rayka@vSRX# 

Depending on the context of the configuration mode you are in, only that part of the configuration will be saved. If you want to save the entire configuration, don’t forget to switch to the top-level configuration modes.

For example, if you save the configuration while you are in the “system services” context, only the configuration related to the services will be saved.

rayka@vSRX# edit system services 

[edit system services]
rayka@vSRX# save servicesconfig 
Wrote 15 lines of configuration to 'servicesconfig'

[edit system services]
rayka@vSRX# run file show servicesconfig 
## Last changed: 2022-05-08 17:48:34 UTC
system {
replace:
    services {
        ssh {
            root-login allow;
        }
        telnet;
        web-management {
            http {
                interface fxp0.0;
            }
        }
    }
}

[edit system services]
rayka@vSRX# 

It is also possible to save your configuration file in any folder in the device locally or on a remote server.

For example I want to copy the entire configuration file to the remote “scp” server . It’s easier for me to copy the files over the bash environment. But here I will run it with “save” command since we are talking about “save” command in this section.

rayka@vSRX# save scp://majid@192.168.200.111:/home/majid/entireconfig05102022 
majid@192.168.200.111's password: 
tempfile                                                                                                          100% 2811   105.0KB/s   00:00    
Wrote 119 lines of configuration to 'scp://majid@192.168.200.111:/home/majid/entireconfig05102022'

[edit]
rayka@vSRX# 

!
majid@192-168-1-111:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:fa:59:bf brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.111/24 brd 192.168.1.255 scope global ens32
       valid_lft forever preferred_lft forever
    inet 192.168.200.111/24 brd 192.168.200.255 scope global ens32:0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fefa:59bf/64 scope link 
       valid_lft forever preferred_lft forever
majid@192-168-1-111:~$ 

majid@192-168-1-111:~$ pwd
/home/majid
majid@192-168-1-111:~$ ls
config1  config20220429  entireconfig05102022
majid@192-168-1-111:~$ 

“save” command can also be used in the output of any command. for example you can save the output of “show interface terse” command in remote scp server with the command:

show interfaces terse | save scp://majid@192.168.200.111:/home/majid/showinterfaceterse”.

rayka@vSRX9# run show interfaces terse | save scp://majid@192.168.200.111:/home/majid/showinterfaceterse 
majid@192.168.200.111's password: 
tempfile                                                                                                          100% 1818   179.9KB/s   00:00    
Wrote 43 lines of output to 'scp://majid@192.168.200.111:/home/majid/showinterfaceterse'

[edit]
rayka@vSRX9# 

Junos load command

It is also possible to load the configuration files already backed up and stored locally or on a remote server. You can use the “load replace“, “load merge“, or “load override” commands in configuration mode to load the configuration into the candidate configuration.

Before we apply the loaded configuration, we can check the pending changes with “show | compare” command to ensure it is loaded correctly.

It worth noting the difference between load commands.

load override”, discard the entire configuration and replace it with loaded configuration.

load replace” can be used to overwrite a specific section of the configuration.

load merge” merge the contents of loaded file with the existing candidate configuration file.

Most of the time there is practically no difference between these commands, but to ensure the pending changes after loading the file, use easily “show | compare” command to check the changes before applying them to the device.

As an example I change the hostname and then save the new candidate configuration as a file. now it makes no difference which of the load commands is used to load this new file.

[edit]
rayka@vSRX# set system host-name vSRX5 

[edit]
rayka@vSRX# save vSRX5 
Wrote 132 lines of configuration to 'vSRX5'

[edit]
rayka@vSRX# rollback 0 
load complete

[edit]
rayka@vSRX# load override vSRX5          
load complete

[edit]
rayka@vSRX# show | compare 
[edit system]
-  host-name vSRX;
+  host-name vSRX5;

[edit]
rayka@vSRX# rollback 0 
load complete

[edit]
rayka@vSRX# load replace vSRX5     
load complete

[edit]
rayka@vSRX# show | compare        
[edit system]
-  host-name vSRX;
+  host-name vSRX5;

[edit]
rayka@vSRX# rollback 0            
load complete

[edit]
rayka@vSRX# load merge vSRX5      
load complete

[edit]
rayka@vSRX# show | compare      
[edit system]
-  host-name vSRX;
+  host-name vSRX5;

[edit]
rayka@vSRX# rollback 0 
load complete

[edit]
rayka@vSRX# 
Back to: Juniper Junos Associate version 22.1R1.10 (JNCIA-Junos) > Junos User Interfaces

Leave a Reply

Your email address will not be published. Required fields are marked *


Post comment