While building out a new enterprise network for a client using Juniper hardware (SRX240s and EX3300s), I ran into a decision I’ve encountered a number of times: how to generate repetitive configuration. For example:
set interface ge-2/0/0 unit 0 family ethernet-switching port-mode access vlan members corporate-data, etc.
set interface ge-2/0/1 unit 0 family ethernet-switching port-mode access vlan members corporate-data
Obviously interface-range exists to solve this issue, at least for switchport config, but other members of my team take issue with the transparency of configuration in that form, and I agree somewhat – to verify an interface’s configuration, you’re either following a chain of config items or using the less-than-ideal
show vlans. Additionally, interface-range only helps with interface configuration, not for security zones or policies.
In the past, I’ve used a quick bash script that I modify as necessary for outputting the required set commands. This is fine for me, but I wanted to make something a bit easier and more portable for my (Windows-using) team, so I converted it to a quick Python script.