Problem
Some of the configuration sections for many of the routers in your network are identical, and you want to propagate the common information to all routers so your network operations center (NOC) staff never has to set it.
Solution
Define the common information in a configuration group:
[edit] aviva@router1# edit groups global [edit groups global ] aviva@router1# set system domain-name mynetwork.com aviva@router1# set system backup-router 192.168.15.2 aviva@router1# set system name-server 192.168.15.3 aviva@router1# set system root-authentication encrypted-password $123 poppI aviva@router1# set system ntp server 192.168.2.100 aviva@router1# set system services ssh aviva@router1# set snmp location "JUNOS cookbook lab" aviva@router1# set snmp contact cookbook-lab-admin aviva@router1# set snmp interface fxp0.0 aviva@router1# set snmp community public authorization read-only
Then apply the group to the configuration:
[edit] aviva@router1# set apply-groups global
Discussion
JUNOS configuration groups define common configuration snippets in one part of the router configuration, which you then import, or apply, in other parts of the configuration. This allows you to define common portions of the configuration once and have them apply in many places in the configuration, thus minimizing or eliminating the risk of configuration inconsistencies or errors. If you are a network designer who develops router configurations that are then distributed to a number of routers in a point of presence (POP) or NOC, configuration groups are a good tool for propagating common configuration snippets across a number of routers. Having this information in a separate part of the configuration also lessens the possibility that others might inadvertently modify it. Use configuration groups for network-wide information, such as the domain name, addresses of name and authentication servers, router login accounts, and static routes (as we have done in this recipe) and to make it easier to configure items that have multiple instances, such as all channels on channelized interfaces.
Create the configuration groups under the [edit groups] hierarchy. The structure of the statements in the configuration group mirrors that of the complete JUNOS configuration.
In this recipe, we create one configuration group named global that defines the basic router information discussed in Recipe 1.1, along with pointers to our SNMP NMS system. You can create any number of group configurations, each with a distinct name.
The apply-groups statement causes the statements in a group be inherited by the proper location in the configuration. This recipe applies the global group at the top level ([edit] level) of the configuration because the group includes statements that affect a number of different top-level hierarchies ([edit system], [edit snmp], and [edit routing-options]).
You can include the configuration group statements in the configuration file of each router or in a template file that you use when configuring new routers. An easy way to add the information to existing configurations is to copy the configuration snippet using the load merge terminal command (see Recipe 1.13).
When you issue a plain show command in configuration mode, you see the statements only where you actually typed them. This means that you see the configuration group statements in the [edit groups] portion, not in the hierarchies where they are applied. If you pipe the show output to the display inheritance command, you see the statements in the hierarchy that inherited them:
[edit system] aviva@router1# show | display inheritance host-name router1; domain-name mynetwork.com; ## ## 'backup-router' was inherited from group 'global' ## '192.168.71.254' was inherited from group 'global' ## backup-router 192.168.15.2; ## ## 'root-authentication' was inherited from group 'global' ## root-authentication { ## ## '$1$ZUlES4dp$OUwWo1g7cLoV/aMWpHUnC/' was inherited from group 'global' ## encrypted-password "$1$ZUlES4dp$OUwWo1g7cLoV/aMWpHUnC/"; ## SECRET-DATA } name-server { ## ## '192.168.15.3' was inherited from group 'global' ## 192.168.15.3; } services { ## ## 'ssh' was inherited from group 'global' ## ssh; ## } ## ## 'ntp' was inherited from group 'global' ## ntp { ## ## '192.168.2.100' was inherited from group 'global' ## server 192.168.2.100; ## }
Although this recipe shows how to apply a group at the top level of the configuration, you can apply a group anywhere in the configuration. For example, if all the serial interfaces on your router act as data terminal equipment (DCE), you can use groups to configure the common serial options:
[edit groups serial-dte-options] aviva@RouterA# set interfaces serial-options clocking-mode dce aviva@RouterA# set interfaces serial-options clock-rate 125.0khz
Here, the group is called serial-dte-options. The angle brackets enclose the wildcard se-* to apply the statements to all serial interfaces. You can then apply the group in the interfaces portion of the configuration:
[edit interfaces} aviva@routerA# set apply-groups serial-dte-options
Look at the group configuration to verify it:
[edit groups] aviva@RouterA# show serial-dte-options { interfaces { { serial-options { clocking-mode dce; clock-rate 125.0khz; } } } }
In the interfaces section, set up the basic configuration of the serial interfaces and verify it:
[edit interfaces] aviva@RouterA# show se-0/0/2 { unit 0 { family inet { address 10.0.21.1/24; } } } se-0/0/3 { unit 0 { family inet { address 10.0.16.1/24; } } }
Finally, check that the DCE configuration is inherited:
[edit interfaces] aviva@RouterA# show | display inheritance se-0/0/2 { ## ## 'serial-options' was inherited from group 'serial-dte-options' ## serial-options { ## ## 'dce' was inherited from group 'serial-dte-options' ## clocking-mode dce; ## ## '125.0khz' was inherited from group 'serial-dte-options' ## clock-rate 125.0khz; } unit 0 { family inet { address 10.0.21.1/24; } } } se-0/0/3 { ## ## 'serial-options' was inherited from group 'serial-dte-options' ## serial-options { ## ## 'dce' was inherited from group 'serial-dte-options' ## clocking-mode dce; ## ## '125.0khz' was inherited from group 'serial-dte-options' ## clock-rate 125.0khz; } unit 0 { family inet { address 10.0.16.1/24; } } }
The output confirms that both serial interfaces inherited the serial-options statement into the configurations.
See Also
Recipe 1.13
Router Configuration and File Management
Basic Router Security and Access Control
IPSec
SNMP
Logging
NTP
Router Interfaces
IP Routing
Routing Policy and Firewall Filters
RIP
IS-IS
OSPF
BGP
MPLS
VPNs
IP Multicast