Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
6

Junos Space Push Massive Configuration Changes

Anyone use Device Templates on Space to push config changes to multiple switches? Have a Juniper customer that used local authentication, no NTP, default SNMP, no syslog, etc... on all their switches. Basically I want to push a change in password, set up authentication and other best practices on all the edge EX switches. Any links, videos, advice for utilizing Space for this function? I've never used the product before but the customer has it up and running with most of their switches discovered.
Thanks as always!

6 comments
88% Upvoted
What are your thoughts? Log in or Sign uplog insign up
level 1
I drink and I route things5 points · 3 months ago

No. I would never trust Junos Space to configure ANY device on my network. It's useful for metrics... and that's about it.

The problem with space is that it'll push out tons of garbage config along with what you want, and there's not a real good way to verify if the push failed and why it failed. Plus if it's a brownfield deployment there's a major risk it'll blow away large chunks of your configuration causing outages.

You're better off using something as simple as a parallel rancid jlogin script, or ansiblehttps://www.reddit.com/jsnapy.

level 1

I've never used Space, but I was tasked with using another application for pushing configs to all of our Juniper devices. Since I couldn't test it in the lab, I found a device in production that wouldn't cause any issues with customer traffic if I messed with it. I configured it to log interactive commands, and ran a monitor of the log file so that I can watch what the application is actually doing when I push configs. This helped me tune the application to get it working the way I wanted.

To log interactive commands:

set system syslog file interactive-commands interactive-commands any
commit and-quit

Then, when you're getting ready to test, issue "monitor start interactive-commands"

To stop it, issue "monitor stop".

level 2
Original Poster1 point · 3 months ago

Doesn't seem anyone is a big fan of space. This is an extremely useful troubleshooting tool, thank you. Ive been meaning to get my feet wet with Python so I think I'll script it and use "monitor start interactive-commands" to help troubleshoot/deploy. Thank you.

level 1

It'd honestly just be easier to write a simple python script that logs into every switch one at a time and pastes the config you want to push and then commit it.

Juniper makes it easy, they have their own library tailored towards interacting with JUNOS it's called PyEZ.

level 1
CCNP/CCDP1 point · 3 months ago

I pretty much use space only for Security Director - We have dozens of distributed firewalls and it's easier to manage ruleset configs. For something like this I would try using Ansible to push out a config template.

level 1

"SkyEnterprise" is a Juniper-branded version of cloud-based OneConfig. Seems it does a fine job and can manage all types of devices. Else the OneConfig tool in general can push out to all Juniper devices last I knew.

Community Details

127k

Subscribers

879

Online

###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
1.
Rule #1: No Home Networking.
2.
Rule #2: No Certification Brain Dumps / Cheating.
3.
Rule #3: No BlogSpam / Traffic re-direction.
4.
Rule #4: No Low Quality Posts.
5.
Rule #5: No Early Career Advice.
6.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.