Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] How to protect a part of the configuration from being deleted via the delete command

0

0

Article ID: KB25493 KB Last Updated: 30 Jul 2020Version: 3.0
Summary:
This article provides information on how to protect part of the configuration from being deleted when a delete command is used on the configuration.
Symptoms:
Can I prevent some of the configuration from being deleted when the delete command is issued?
Solution:
You can use the protect keyword to protect any part of the configuration. For example, to protect the default route from being accidentally deleted, which may lead to the networking being down, the following configuration can be used:
[edit]
root@210-hm-4# show routing-options 
static {
    route 0.0.0.0/0 next-hop 4.2.2.2;
    route 192.168.1.1/32 next-hop 4.2.2.2;
}
 
To protect the default route (0.0.0.0/0) from being deleted, use the protect keyword as follows:
root@210-hm-4# protect routing-options static route 0/0
When the configuration is checked, you can see a protect keyword in front of the default route:
[edit]
root@210-hm-4# show routing-options 
static {
    protect: route 0.0.0.0/0 next-hop 4.2.2.2;
    route 192.168.1.1/32 next-hop 4.2.2.2;
}
 
Now, when you try to delete the routing-options, the following warning is displayed and the default route will not be deleted:
[edit]
root@210-hm-4# delete routing-options 
warning: [routing-options static route 0.0.0.0/0] is protected, 'routing-options static route 0.0.0.0/0' cannot be deleted

[edit]
root@210-hm-4# show routing-options 
static {
    protect: route 0.0.0.0/0 next-hop 4.2.2.2;
}
Also, you will not be able to modify the next-hop.  The following warning is displayed:
root@210-LM2# set static route 0.0.0.0/0 next-hop 192.168.1.2
warning: [routing-options static route 0.0.0.0/0] is protected,
'routing-options static route 0.0.0.0/0 next-hop next-hop 192.168.1.2' cannot be created

root@210-LM2# replace pattern 4.2.2.2 with 1.1.1.1
warning: [routing-options static route 0.0.0.0/0] is protected,
'routing-options static route 0.0.0.0/0 next-hop 192.168.1.1' cannot be renamed

 
To delete the default route, you have to unprotect it:
[edit]
root@210-hm-4# unprotect routing-options static route 0/0 

[edit]
root@210-hm-4# show routing-options 
static {
    route 0.0.0.0/0 next-hop 4.2.2.2;
}
After this, it can be deleted:
[edit]
root@210-hm-4# delete routing-options              

[edit]
root@210-hm-4# show routing-options 

[edit]
root@210-hm-4#
Modification History:
2020-07-30:Article reviewed for accuracy. Reference link added.
2017-12-17: Article reviewed for accuracy. Minor changes made, category list updated. Article is correct and complete.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search