Automation

last person joined: yesterday 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.

  • 1.  restrict deleting Main interfaces

    Posted 03-29-2011 01:32

    Hi all

     

    how I can write a (commit-script) to protect 

    users  from deleting  Main Interfaces “ only “

    Basically wanted to restrict users from particular class  from Deleting main interfaces. If the user 

    accidently deleted the main interface  , then  customer error should

    appear .

     

     

    Thanks alot



  • 2.  RE: restrict deleting Main interfaces
    Best Answer

    Posted 04-05-2011 12:26

    I think you might be after something like this:

     

    http://code.google.com/p/junoscriptorium/source/browse/trunk/library/juniper/commit/interfaces/uplink-check/uplink-check.slax

     

    The script will throw a warning for any interfaces that are marked as 'Core' or 'CORE".

     

    The script has a typo/error in it, you should replace this line:

     

    if (contains($desc, "SCOR") || contains($desc, "scor")) {

     

    with this (or another phrase that you want to use:

     

    if (contains($desc, "CORE") || contains($desc, "core")) {

     

    We also modified the script by replacing the following in the script:

     

    xnm:warning

     

    With this:

     

    xnm:error

     

    This will prevent a commit from happening if someone tries to disable an interface marked as 'CORE' or 'Core' or 'core'.

     

    Also take a look at

     

    http://forums.juniper.net/t5/Junos-Automation-Scripting/How-to-protect-interfaces-based-on-their-description-with-a/td-p/68342



  • 3.  RE: restrict deleting Main interfaces

    Posted 04-06-2011 16:45

    Thanks a lot  it's working Smiley Happy



  • 4.  RE: restrict deleting Main interfaces

    Posted 04-06-2011 16:57

     

    @NateK wrote:

    I think you might be after something like this:

     

    http://code.google.com/p/junoscriptorium/source/browse/trunk/library/juniper/commit/interfaces/uplink-check/uplink-check.slax

     

    The script will throw a warning for any interfaces that are marked as 'Core' or 'CORE".

     

    The script has a typo/error in it, you should replace this line:

     

    if (contains($desc, "SCOR") || contains($desc, "scor")) {

     

    with this (or another phrase that you want to use:

     

    if (contains($desc, "CORE") || contains($desc, "core")) {

     

    Thanks NateK for bringing to our attention! I just fixed the typo in uplink-check.slax.

     



  • 5.  RE: restrict deleting Main interfaces

    Posted 04-07-2011 16:36

    I was going to report it, slipped my mind Smiley Happy



  • 6.  RE: restrict deleting Main interfaces

    Posted 06-07-2011 19:20

    I've used a beta version of 11.3 which has the 'protect' feature in it..

     

    just an FYI.

     



  • 7.  RE: restrict deleting Main interfaces

    Posted 09-30-2011 12:33

    just out of curiosity,  what if someone deletes the description first and commits?

     

     



  • 8.  RE: restrict deleting Main interfaces

    Posted 11-24-2014 10:45

    This is great if the user applies the 'disable' command to the interface, but I believe the OP's question was in regards to deleting the interface.  This wouldn't protect you if the interface is deleted entirely.

     

    I've struggled with how to accomplish this, without either evaluating the active config (not the candidate), or having some sort of @junos:deleted attribute.

     

    Any ideas how to accomplish the OP's request to protect from deletion (without using the JUNOS protect feature mentioned, as there are other applications of evaluated deleted nodes in the config tree, that would be insightful for me to know how to do)

     

    -Josh