Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles[MX] Using escape quotation marks not valid in NETCONF
For some third-party devices, configuring the Junos OS via NETCONF with escape quotation marks may result in configuration failure and other cascaded issues.
This article explains that NETCONF is an XML channel where strings are read as is, so using escape quotation marks is not valid and that the string value is required for any command attributes to work.
For example, the following match string is unexpected, and may cause some errors:
<match>"\".*CMDLINE.*|.*JUNOSCRIPT_CMD.*"\"</match>
The full details are listed as below:
labroot@router> netconf
<!-- No zombies were killed during the creation of this user interface -->
<!-- user labroot, class j-super-user -->
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file</capability>
<capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?scheme=http,ftp,file</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</capability>
<capability>http://xml.juniper.net/netconf/junos/1.0</capability>
<capability>http://xml.juniper.net/dmi/system/1.0</capability>
</capabilities>
<session-id>4131</session-id>
</hello>
]]>]]>
<?xml version="1.0" encoding="UTF-8"?>
<nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:c08d06b1-34b4-46e3-8289-49af1cfed204">
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/19.4R0/junos" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:c08d06b1-34b4-46e3-8289-49af1cfed204">
<open-configuration>
<private/>
</open-configuration>
</nc:rpc>
]]>]]></rpc-reply>
]]>]]>
<rpc>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/19.4R0/junos">
<edit-config>
<target>
<candidate/>
</target>
<config>
<configuration>
<system>
<syslog>
<file>
<name>cli.log</name>
<contents>
<name>interactive-commands</name>
<info/>
</contents>
<match>"\".*CMDLINE.*|.*JUNOSCRIPT_CMD.*"\"</match>
<archive>
<size>5m</size>
<files>10</files>
</archive>
</file>
</syslog>
</system>
</configuration>
</config>
</edit-config>
</rpc>
]]>]]> <ok/>
</rpc-reply>
]]>]]>
<?xml version="1.0" encoding="UTF-8"?>
<nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:e1569655-3894-48fd-b658-ff541faf2122">
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/19.4R0/junos" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:e1569655-3894-48fd-b658-ff541faf2122">
<get-configuration compare="rollback" rollback="0" format="text"/>
</nc:rpc>
]]>]]><configuration-information>
<configuration-output>
[edit system]
+ syslog {
+ file cli.log {
+ interactive-commands info;
+ match "\".*CMDLINE.*|.*JUNOSCRIPT_CMD.*"\";
+ archive size 5m files 10;
+ }
+ }
</configuration-output>
</configuration-information>
</rpc-reply>
]]>]]>
<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:aa6e914d-ed1c-4457-bcb7-2c5ab3d53f10">
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/19.4R0/junos" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:aa6e914d-ed1c-4457-bcb7-2c5ab3d53f10">
<commit-configuration>
</commit-configuration>
</nc:rpc>
]]>]]>
<load-success/>
<load-success/>
<?xml version="1.0" encoding="UTF-8"?>
<nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:bdd80b22-9bfb-4c76-9ac6-0bc7c2cebb27">
<close-configuration/>
</nc:rpc>
]]>]]>
<ok/>
</rpc-reply>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/19.4R0/junos" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:bdd80b22-9bfb-4c76-9ac6-0bc7c2cebb27">
</rpc-reply>
]]>]]>
<?xml version="1.0" encoding="UTF-8"?>
<nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:d6e9ffb7-eb8f-4e7c-81cb-12c7df521373">
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/19.4R0/junos" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:d6e9ffb7-eb8f-4e7c-81cb-12c7df521373">
<nc:close-session/>
</nc:rpc>
]]>]]><ok/>
</rpc-reply>
]]>]]>
<!-- session end at 2020-02-03 16:52:11 PST -->
Last login: Mon Feb 3 16:41:58 2020 from 172.27.16.111
--- JUNOS 19.4R1.10 built 2019-12-19 04:03:35 UTC
labroot@router> configure private
warning: uncommitted changes will be discarded on exit
Entering configuration mode
[edit]
labroot@router# set interfaces ae0 description "value3"
[edit]
labroot@router# commit
commit complete
[edit]
labroot@router# run show system commit
0 2020-02-03 16:52:55 PST by labroot via cli
1 2020-02-03 16:52:04 PST by labroot via netconf
2 2020-02-03 16:45:35 PST by labroot via cli
3 2020-02-03 16:42:49 PST by labroot via cli
4 2020-02-03 16:41:43 PST by labroot via netconf
5 2020-02-02 21:09:16 PST by labroot via cli
6 2020-02-02 20:50:00 PST by labroot via cli
7 2020-02-02 20:26:28 PST by labroot via cli
8 2020-01-31 09:06:51 PST by root via cli
9 2020-01-31 09:04:46 PST by root via other
10 2020-01-31 08:18:32 PST by root via cli
11 2020-01-24 13:44:35 PST by root via cli
12 2020-01-22 14:01:55 PST by root via cli
13 2019-12-11 00:49:39 PST by root via other
14 2019-12-10 01:56:26 PST by labroot via cli
15 2019-12-10 01:55:31 PST by labroot via cli
16 2019-12-10 01:54:15 PST by labroot via cli commit confirmed, rollback in 2mins
17 2019-12-10 01:44:07 PST by root via other
18 2019-12-10 01:14:36 PST by labroot via cli
19 2019-12-10 01:13:30 PST by labroot via cli
20 2019-12-10 00:38:27 PST by labroot via cli
21 2019-12-10 00:38:14 PST by labroot via cli commit confirmed, rollback in 2mins
22 2019-12-10 00:37:29 PST by root via other
23 2019-12-10 00:35:11 PST by labroot via cli commit confirmed, rollback in 2mins
24 2019-11-17 22:24:50 PST by labroot via cli
25 2019-10-21 17:39:37 PDT by labroot via cli
26 2019-10-21 17:14:47 PDT by labroot via cli
27 2019-10-21 16:20:04 PDT by labroot via cli
28 2019-10-21 16:14:05 PDT by labroot via cli
29 2019-10-21 16:12:43 PDT by labroot via cli
30 2019-10-17 16:55:31 PDT by labroot via cli
31 2019-10-17 16:16:44 PDT by labroot via cli
32 2019-10-17 13:12:14 PDT by labroot via cli
33 2019-10-16 17:15:30 PDT by labroot via cli
34 2019-10-16 17:15:14 PDT by labroot via cli commit confirmed, rollback in 1mins
35 2019-09-12 10:37:02 PDT by labroot via cli
36 2019-09-12 10:19:44 PDT by labroot via cli
37 2019-09-12 10:08:59 PDT by labroot via cli
38 2019-09-11 17:00:24 PDT by labroot via cli
39 2019-09-11 16:52:50 PDT by labroot via cli
40 2019-09-11 16:48:29 PDT by labroot via cli
41 2019-09-11 16:38:34 PDT by labroot via cli
42 2019-09-11 16:36:31 PDT by labroot via cli
43 2019-09-11 16:29:31 PDT by labroot via cli
44 2019-09-11 16:16:16 PDT by labroot via cli
45 2019-09-11 16:11:31 PDT by labroot via cli
46 2019-09-11 16:03:11 PDT by labroot via cli
47 2019-09-11 16:00:33 PDT by labroot via cli
48 2019-09-11 15:49:50 PDT by labroot via cli
49 2019-09-11 15:34:13 PDT by labroot via cli
[edit]
labroot@router# rollback 2
load complete
[edit]
labroot@router# show | compare
[edit system]
- syslog {
- file cli.log {
- interactive-commands info;
- match ".*CMDLINE.*|.*JUNOSCRIPT_CMD.*";
- archive size 5m files 10;
- }
- }
[edit interfaces ae0]
- description value3;
+ description qld-fvly-re1:ae0_aar_cqu_jcu;
[edit]
labroot@router# commit and-quit
[edit system syslog file cli.log match]
'match ".*CMDLINE.*|.*JUNOSCRIPT_CMD.*"'
warning: statement does not match patch: '".*CMDLINE.*|.*JUNOSCRIPT_CMD.*"' != '.*CMDLINE.*|.*JUNOSCRIPT_CMD.*'
[edit]
labroot@router# exit
The configuration has been changed but not committed
Discard uncommitted changes? [yes,no] (yes)
Exiting configuration mode
labroot@router> configure private
warning: uncommitted changes will be discarded on exit
Entering configuration mode
[edit]
labroot@router# rollback 2
load complete
[edit]
labroot@router# show | compare
[edit system]
- syslog {
- file cli.log {
- interactive-commands info;
- match ".*CMDLINE.*|.*JUNOSCRIPT_CMD.*";
- archive size 5m files 10;
- }
- }
[edit interfaces ae0]
- description value3;
+ description previousValue;
[edit]
labroot@router# commit and-quit
[edit system syslog file cli.log match]
'match ".*CMDLINE.*|.*JUNOSCRIPT_CMD.*"'
warning: statement does not match patch: '".*CMDLINE.*|.*JUNOSCRIPT_CMD.*"' != '.*CMDLINE.*|.*JUNOSCRIPT_CMD.*'
[edit]
labroot@router# exit
The configuration has been changed but not committed
Discard uncommitted changes? [yes,no] (yes)
Exiting configuration mode
labroot@router> configure
Entering configuration mode
[edit]
labroot@router# rollback 2
load complete
[edit]
labroot@router# show | compare
[edit system]
- syslog {
- file cli.log {
- interactive-commands info;
- match ".*CMDLINE.*|.*JUNOSCRIPT_CMD.*";
- archive size 5m files 10;
- }
- }
[edit interfaces ae0]
- description value3;
+ description previousValue;
[edit]
labroot@router# commit and-quit
commit complete
Exiting configuration mode
===================================
<<<<< Without NETCONF, all good:
labroot@router> configure
Entering configuration mode
The configuration has been changed but not committed
[edit]
labroot@router# load merge terminal
[Type ^D at a new line to end input]
system {
syslog {
file cli.log {
interactive-commands info;
match ".*CMDLINE.*|.*JUNOSCRIPT_CMD.*";
archive size 5m files 10;
}
}
}
load complete
[edit]
labroot@router# commit and-quit
commit complete
Exiting configuration mode
labroot@router> configure private
warning: uncommitted changes will be discarded on exit
Entering configuration mode
[edit]
labroot@router# set interfaces ae0 description "value3"
[edit]
labroot@router# show | compare
[edit interfaces ae0]
- description previousValue;
+ description value3;
[edit]
labroot@router# commit
commit complete
[edit]
labroot@router# run show system commit
0 2020-02-03 17:05:31 PST by labroot via cli
1 2020-02-03 17:04:52 PST by labroot via cli
2 2020-02-03 16:56:00 PST by labroot via cli
3 2020-02-03 16:52:55 PST by labroot via cli
4 2020-02-03 16:52:04 PST by labroot via netconf
5 2020-02-03 16:45:35 PST by labroot via cli
6 2020-02-03 16:42:49 PST by labroot via cli
7 2020-02-03 16:41:43 PST by labroot via netconf
8 2020-02-02 21:09:16 PST by labroot via cli
9 2020-02-02 20:50:00 PST by labroot via cli
10 2020-02-02 20:26:28 PST by labroot via cli
11 2020-01-31 09:06:51 PST by root via cli
12 2020-01-31 09:04:46 PST by root via other
13 2020-01-31 08:18:32 PST by root via cli
14 2020-01-24 13:44:35 PST by root via cli
15 2020-01-22 14:01:55 PST by root via cli
16 2019-12-11 00:49:39 PST by root via other
17 2019-12-10 01:56:26 PST by labroot via cli
18 2019-12-10 01:55:31 PST by labroot via cli
19 2019-12-10 01:54:15 PST by labroot via cli commit confirmed, rollback in 2mins
20 2019-12-10 01:44:07 PST by root via other
21 2019-12-10 01:14:36 PST by labroot via cli
22 2019-12-10 01:13:30 PST by labroot via cli
23 2019-12-10 00:38:27 PST by labroot via cli
24 2019-12-10 00:38:14 PST by labroot via cli commit confirmed, rollback in 2mins
25 2019-12-10 00:37:29 PST by root via other
26 2019-12-10 00:35:11 PST by labroot via cli commit confirmed, rollback in 2mins
27 2019-11-17 22:24:50 PST by labroot via cli
28 2019-10-21 17:39:37 PDT by labroot via cli
29 2019-10-21 17:14:47 PDT by labroot via cli
30 2019-10-21 16:20:04 PDT by labroot via cli
31 2019-10-21 16:14:05 PDT by labroot via cli
32 2019-10-21 16:12:43 PDT by labroot via cli
33 2019-10-17 16:55:31 PDT by labroot via cli
34 2019-10-17 16:16:44 PDT by labroot via cli
35 2019-10-17 13:12:14 PDT by labroot via cli
36 2019-10-16 17:15:30 PDT by labroot via cli
37 2019-10-16 17:15:14 PDT by labroot via cli commit confirmed, rollback in 1mins
38 2019-09-12 10:37:02 PDT by labroot via cli
39 2019-09-12 10:19:44 PDT by labroot via cli
40 2019-09-12 10:08:59 PDT by labroot via cli
41 2019-09-11 17:00:24 PDT by labroot via cli
42 2019-09-11 16:52:50 PDT by labroot via cli
43 2019-09-11 16:48:29 PDT by labroot via cli
44 2019-09-11 16:38:34 PDT by labroot via cli
45 2019-09-11 16:36:31 PDT by labroot via cli
46 2019-09-11 16:29:31 PDT by labroot via cli
47 2019-09-11 16:16:16 PDT by labroot via cli
48 2019-09-11 16:11:31 PDT by labroot via cli
49 2019-09-11 16:03:11 PDT by labroot via cli
[edit]
labroot@router# rollback 2
load complete
[edit]
labroot@router# show | compare
[edit system]
- syslog {
- file cli.log {
- interactive-commands info;
- match ".*CMDLINE.*|.*JUNOSCRIPT_CMD.*";
- archive size 5m files 10;
- }
- }
[edit interfaces ae0]
- description value3;
+ description previousValue;
[edit]
labroot@router# commit and-quit
commit complete
Exiting configuration mode
labroot@router>
Note: Sometimes the third party device may successfully push the configuration to the Junos platform with the wrong format. However, when users roll back configuration with configure private, the system will report an error as shown above.
NETCONF is an XML channel where strings are read as is, so using escape quotes is not valid. The programming language is strict and the format needs to be exact for any configuration to work.
Use the following string format without escape quotation marks via NETCONF:
<match>".*CMDLINE.*|.*JUNOSCRIPT_CMD.*"</match>
Issue is not seen with this data.
<match>.*CMDLINE.*|.*JUNOSCRIPT_CMD.*</match>
Issue is not seen with this data.
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search