SRX

SRX newbie here, but long time NS/SSG user.

I'm trying to find out why people post the "long" configs vs the "short" ones. ( I realize I probably have the terms wrong.)

To me it seems that the "long" version is fairly useless. Can it be copied and pasted into the device to set the config? If not, why bother with it? I can see that it can make interpreting the config a little easier, but that's about it.

I ask because I'm looking at a KB article [15545] that has 400 lines of "long" code that can probably be done in 30-40 with the "short" code. And now I have to reverse engineer the 400 lines used to figure out what I actually need to TYPE into the console. So frustrating!

Is there a tool I can dump "long" code in and get "short" code out?

Enlighten me please.

Thanks!

For example, here's a "short" one

set interfaces vlan unit 0 family inet address 192.168.1.1/24

And the "long" version of the same thing

interfaces {
    vlan {
        unit 0 {
            family inet {
                address 192.168.1.1/24;
            }
        }
    }
}

I completely disagree about the configuration being useless.

The configuration is hierarchical.  Each item has its rightful place.  Interfaces go in the interfaces stanza.  Protocols go in the protocols stanza.  So on and so forth.  With IOS it's just a bunch of configuration commands with very little organization.  Where do you configure OSPF?  "router ospf"  Where do you configure an OSPF interface type?  On the actual interface.  With Junos it's all under [protocols ospf].

The way you modify the configuration is through the CLI with commands such as set, delete, replace and rename.  These commands aren't the configuration.  They're editing commands.

If you really need to see the configuration commands that would have built the configuration, type

[edit]
# show | display set

If you need to import a segment of actual configuration, you can use the load command.  For example if you wanted to import this firewall filter:

filter accept-bgp {
     term accept-bgp {
        from {
            source-prefix-list {
                bgp-neighbors;
                bgp-neighbors-logical-systems;
            }
            destination-prefix-list {
                router-ipv4;
                router-ipv4-logical-systms;
            }
            protocol tcp;
            port bgp;
        }
        then {
            count accept-bgp;
            accept;
        }
    }
}

You would simply copy it with CTRL-C, then go to your terminal and type the following command:

[edit]
# edit firewall
[edit firewall]
# load merge terminal relative
[Type ^D at a new line to end input]

Then just paste the config with CTRL-V, press enter, then press CTRL-D.  Then type:

[edit firewall]
# show | compare

This will display the delta between the running configuration and the candiate configuration.

Thanks Doug!

I never knew I could do this:

# load merge terminal relative

That makes a world of difference. That alone turns the configs from useless (to me) to something I can now use. I've spent hours working things backwards from the long config just to figure out what to type in. It would be nice if there was something in the KB articles that mentioned the "load" command. Just a pointer to another KB explaining how to use it, similar to what Microsoft does for any KB that requires editing the registry.

For what it's worth, there's really no reverse engineering required.  The configuration is pretty WYSIWYG (what you see is what you get)

The layout of the configuration perfectly aligns with the set command.

Glad that helped.