Command Line Interface and Configuration Files on various routers, switches, etc. Juniper JUNOS and others
Somehow I got the impression with some equipment that the configuration file was nothing more than a direct copy in plain text of command line commands. This seemed logical and useful. Then those commands are automatically run at boot time. Then other commands can be added during run time and made permanent (or not).
(I don't appreciate those configuration files that are somehow encrypted and can't be read at all except by loading them into the device.)
I'm working with a Juniper SRX lately. The configuration files are readable so that's good. They are also editable via the J-Web GUI and that's good. And there's a CLI interface built within the GUI yet serious players seem to favor PuTTY.
It suddenly it occurs to me:
There is a configuration file that is readable that fits some "structured" format BUT while the structured format can be edited like code, its relationship to the CLI commands is rather obscure. Is that a reasonable way of looking at it?
That is, the CLI commands get "compiled or interpreted" into the configuration structure (?).
Did I miss reading some critical high-level description that talks about this?
I note that the CLI interface gives lots of help in structuring commands such as:
set security ?
will tell you what choices come next.
But that's not exactly the same as learning the CLI command set.
And doing that seems to imply learning the configuration file structure as well??
And why the departure from a serious GUI (with respect to the SSG line)? By serious I mean that it's complete and correct within reason and that most serious things can be done within it. Have the 'nix heads taken over?
(I don't appreciate those configuration files that are somehow encrypted and can't be read at all except by loading them into the device.)
I'm working with a Juniper SRX lately. The configuration files are readable so that's good. They are also editable via the J-Web GUI and that's good. And there's a CLI interface built within the GUI yet serious players seem to favor PuTTY.
It suddenly it occurs to me:
There is a configuration file that is readable that fits some "structured" format BUT while the structured format can be edited like code, its relationship to the CLI commands is rather obscure. Is that a reasonable way of looking at it?
That is, the CLI commands get "compiled or interpreted" into the configuration structure (?).
Did I miss reading some critical high-level description that talks about this?
I note that the CLI interface gives lots of help in structuring commands such as:
set security ?
will tell you what choices come next.
But that's not exactly the same as learning the CLI command set.
And doing that seems to imply learning the configuration file structure as well??
And why the departure from a serious GUI (with respect to the SSG line)? By serious I mean that it's complete and correct within reason and that most serious things can be done within it. Have the 'nix heads taken over?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I can't tell that much for JunOS, but with ScreenOS I work similar. WebUI for the quick check, simple change, some overview etc., but more complex stuff is made via CLI scripts. E.g. building a new VPN tunnel is much easier if you have the set of commands ready, only needing to replace individual parameters.
I certainly would do the same with JunOS. When I tried to use the J-Web GUI (on an EX switch) it was painfully slow, however.
I certainly would do the same with JunOS. When I tried to use the J-Web GUI (on an EX switch) it was painfully slow, however.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The "Junos as a Second Language" session is quite good for getting context - which is what I was looking for.
It's clear that the hierarchical configuration is more structured and logical than a random list of CLI statements.
Thanks for the insights!
It's clear that the hierarchical configuration is more structured and logical than a random list of CLI statements.
Thanks for the insights!
ASKER
Thanks for the insights!
ASKER
I don't really give a rip how the code is stored at run time.
I *am* trying to handle the device.
At the moment I'm dealing with a debugging issue and am getting pointers and help from JTAC. So, the emphasis is on the CLI interface.
What I'm doing right now is preparing debug "code" for when I want to instrument the problem. The problem doesn't happen all the time so I need to be ready.
I've had the experience of doing one thing only to find that I needed to do something else or something different. In this case I needed to learn how to *turn off* the debug stuff when I was done.
etc. etc.
As part of the reading and learning, I suddenly realized that there are two sets of notation for the SRX:
- there are the CLI commands
and
- there is the configuration
What I've been used to seeing in the past with other machines is that the "configuration" was just a list of CLI commands. My assumption was that the machine just ran those internally at boot time in order to become "configured". (Well, that's a simple-minded version.)
In the case of the SRX, there appears to be no text sequence of CLI commands that represents the configuration. Well, one could construct one from start to finish I guess. Instead, it appears that the configuration "is what it is" and however the CLI commands were used to get there is, well really, unimportant in some sense.
So, I was looking for confirmation that this is the case... that I had the right idea.
In the mean time, I've been reading and working away at this.
I've developed some of my own approaches to configuring the machine.
I'm using the J-Web GUI for most things.
Then, if that's too hard or not really suitable, I use the GUI CLI Tools / CLI Editor (which is really a *Configuration* editor) to do things like copy and paste long lists of web filter categories, etc.
I find that bouncing back and forth between the two is useful.
For example, if I don't know where or how to put something in the Configuration then I might put it in with the GUI interface, see how it looks in the Configuration, and then edit the Configuration from there.
How do others deal with it?