cancel
Showing results for 
Search instead for 
Did you mean: 

Juniper MX Regular expressions and user permissions ACS 5.4

Highlighted
New Contributor

Juniper MX Regular expressions and user permissions ACS 5.4

Hi everyone!

 

Im having some trouble with regular expressions and permissions on our Juniper MX routers through ACS 5.4, and i would like some insight/help/poitners!!

 

We have a team of engineers that should only have read only permissions (important: show configuration) and also be able to just change the description on interfaces.

Thus far with the following regular expressions set for the shell profile they are going through i have managed the above, however the problem is when an engineer inputs "Show configuration", only the interfaces descriptions configuration is shown! The rest of the configuration will not be printed.

 

 

deny-commands1=.*.

allow-commands1=configure

deny-configuration1=.*.

allow-commands2=interfaces .*. description .*$

allow-configuration1=interfaces .*. description .*$

allow-commands2=show configuration.*

allow-commands3=show configuration

 

(some of these regex i know that are not needed, i was just playing around to check everything before posting)

 

Any pointers as to why or how to resolve this?

 

 

example output with the above:

 

show configuration

## Last commit: 2014-01-09 09:34:44 EET by someone

interfaces {

    xe-0/0/0 {

    }

    xe-0/0/1 {

        description xxxx;

    }

    xe-0/1/0 {

        description xxxx;

    }

    xe-0/1/1 {

        description xxxx;

    }

    xe-0/2/0 {

        disable;

    }

    xe-0/2/1 {

        description xxxx;

    }

    xe-0/3/0 {

        description xxxx;

    }

    xe-0/3/1 {

        description xxxx;

    }

    ae0 {

        description "xxxx";

    }

    ae1 {

        description xxxx;

    }

    demux0 {

    }

    lo0 {

    }

}

 

 

{master}

 

Thanks in advance!

 

Spyros

2 REPLIES 2
Highlighted
Regular Contributor

Re: Juniper MX Regular expressions and user permissions ACS 5.4

You have posted your query under the wrong Forum, You will need to post it under the appropriate forum. You can try posting this under the routing group. 

Highlighted
New Contributor

Re: Juniper MX Regular expressions and user permissions ACS 5.4

My bad! Thanks for indicating that ill post it there then!