Copying Configuration Elements

The output from the info commands can be copied and pasted and used as a direct input to another MD-CLI session, or loaded from a file.

The following example shows the output from the info command, displaying the following configuration for the profile of the user ‟guest1”.

*(ex)[/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }

The output can be copied and pasted to configure an identical profile for another user; for example, ‟guest2”. The working context must be at the same hierarchy level, as the info command output is context-sensitive.

Enter the context for configuring the profile for guest2:

(ex)[/]
A:admin@node-2# configure system security aaa local-profiles profile guest2

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#

Copy the info command output and paste each line into the command line:

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     default-action permit-all

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 10 {

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 10]
A:admin@node-2#         action deny

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 10]
A:admin@node-2#         match "configure system security"

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 10]
A:admin@node-2#     }

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 20 {

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 20]
A:admin@node-2#         action deny

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 20]
A:admin@node-2#         match "configure li"

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 20]
A:admin@node-2#     }

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 30 {

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 30]
A:admin@node-2#         action deny

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 30]
A:admin@node-2#         match "show li"

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 30]
A:admin@node-2#     }

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 40 {

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 40]
A:admin@node-2#         action deny

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 40]
A:admin@node-2#         match "tools"

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 40]
A:admin@node-2#     }

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#

The info command displays the configuration changes for profile ‟guest2”, which are identical to the configuration for profile ‟guest1”.

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#

Similarly, the info flat command output can be copied and pasted for the user profile for ‟guest3”; for example:

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2# info flat
    default-action permit-all
    entry 10 action deny
    entry 10 match "configure system security"
    entry 20 action deny
    entry 20 match "configure li"
    entry 30 action deny
    entry 30 match "show li"
    entry 40 action deny
    entry 40 match "tools"

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#
*(ex)[/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# /configure system security aaa local-profiles profile "guest3"

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#  default-action permit-all

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 10 action deny

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 10 match "configure system security"

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 20 action deny

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 20 match "configure li"

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 30 action deny

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 30 match "show li"

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 40 action deny

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 40 match "tools"

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#

The output from the info full-context command contains the full configuration path for the configuration statements. This output can be used to reconfigure the same user profile on another router, or to rebuild the user profile if it was deleted or discarded. The following example begins with a ‟guest1” user profile, which is subsequently deleted and re-added using the output from the info full-context command.

The following output shows the ‟guest1” user profile:

*(ex)[/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# info full-context
    /configure system security aaa local-profiles profile "guest1" default-action permit-all
    /configure system security aaa local-profiles profile "guest1" entry 10 { }
    /configure system security aaa local-profiles profile "guest1" entry 10 { action deny }
    /configure system security aaa local-profiles profile "guest1" entry 10 { match "configure system security" }
    /configure system security aaa local-profiles profile "guest1" entry 20 { }
    /configure system security aaa local-profiles profile "guest1" entry 20 { action deny }
    /configure system security aaa local-profiles profile "guest1" entry 20 { match "configure li" }
    /configure system security aaa local-profiles profile "guest1" entry 30 { }
    /configure system security aaa local-profiles profile "guest1" entry 30 { action deny }
    /configure system security aaa local-profiles profile "guest1" entry 30 { match "show li" }
    /configure system security aaa local-profiles profile "guest1" entry 40 { }
    /configure system security aaa local-profiles profile "guest1" entry 40 { action deny }
    /configure system security aaa local-profiles profile "guest1" entry 40 { match "tools" }

The ‟guest1” user profile is deleted, and the info full-context command after the delete shows no matches for profile ‟guest1”:

*(ex)[/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# back

*(ex)[/configure system security aaa local-profiles]
A:admin@node-2# delete profile ‟guest1”

*(ex)[/configure system security aaa local-profiles]
A:admin@node-2# info full-context | match guest1

*(ex)[/configure system security aaa local-profiles]
A:admin@node-2# 

In the next step, the original full-context output for ‟guest1” is copied and pasted. Because the output contains the full configuration path, the statements can be pasted from any configuration context.

[ex:/configure]
A:admin@node-2#  /configure system security aaa local-profiles profile "guest1" default-action permit-all

*[ex:/configure]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 10 { }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 10 { action deny }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 10 { match "configure system security" }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 20 { }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 20 { action deny }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 20 { match "configure li" }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 30 { }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 30 { action deny }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 30 { match "show li" }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 40 { }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 40 { action deny }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 40 { match "tools" }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#

The displayed output from the compare command can also be used to copy and paste statements in the MD-CLI. See Viewing the Uncommitted Configuration Changes for information about using the compare command.

Using the copy Command

The copy command allows elements to be duplicated for use within an MD-CLI configuration. The source and destination elements must be the same type (such as containers, lists, or leaf elements) and must be at the same configuration level.

A copied element inherits all characteristics from the source element. If a container is copied to another container element, all child elements of the container are also copied.

The following example shows the configuration of a BGP peer (neighbor 200.200.200.2). The copy command is used to deploy a new peering session (neighbor 200.200.200.200).

(ex)[/configure router "Base" bgp]
A:admin@node-2# info flat neighbor "200.200.200.2"
    group "mesh"
    keepalive 10
    local-preference 100
    local-as { }
    local-as { as-number 65535 }
    local-as { private true }
    add-paths { }
    add-paths { ipv4 }
    add-paths { ipv4 send multipaths }
    add-paths { ipv4 receive true }
    add-paths { ipv6 }
    add-paths { ipv6 send multipaths }
    add-paths { ipv6 receive true }
    import { }
    import { policy ["ALLOW-ALL"] }
    export { }
    export { policy ["ALLOW-ALL"] }

(ex)[/configure router "Base" bgp]
A:admin@node-2# copy neighbor "200.200.200.2" to neighbor 200.200.200.200

*(ex)[/configure router "Base" bgp]
A:admin@node-2#  compare flat
+   neighbor "200.200.200.200" { }
+   neighbor "200.200.200.200" { group "mesh" }
+   neighbor "200.200.200.200" { keepalive 10 }
+   neighbor "200.200.200.200" { local-preference 100 }
+   neighbor "200.200.200.200" { local-as as-number 65535 }
+   neighbor "200.200.200.200" { local-as private true }
+   neighbor "200.200.200.200" { add-paths }
+   neighbor "200.200.200.200" { add-paths ipv4 send multipaths }
+   neighbor "200.200.200.200" { add-paths ipv4 receive true }
+   neighbor "200.200.200.200" { add-paths ipv6 send multipaths }
+   neighbor "200.200.200.200" { add-paths ipv6 receive true }
+   neighbor "200.200.200.200" { import }
+   neighbor "200.200.200.200" { import policy ["ALLOW-ALL"] }
+   neighbor "200.200.200.200" { export }
+   neighbor "200.200.200.200" { export policy ["ALLOW-ALL"] }

Using the rename Command

The rename command allows a list key to be renamed within the transactional MD-CLI configuration interface. Use the rename command instead of an using the copy and delete commands for a list with a specific key.

When the rename command is used to rename a key for a user-ordered list, the system maintains the list order.

The rename command may be service-impacting, as the operations involve add and delete operations.

The following example shows the BGP neighbor 200.200.200.200 renamed to neighbor 200.200.200.33. The compare command displays the actions performed when the configuration is committed.

(ex)[/configure router "Base" bgp]
A:admin@node-2# info flat neighbor "200.200.200.200"
    group "mesh"
    keepalive 10
    local-preference 100
    local-as { }
    local-as { as-number 65535 }
    local-as { private true }
    add-paths { }
    add-paths { ipv4 }
    add-paths { ipv4 send multipaths }
    add-paths { ipv4 receive true }
    add-paths { ipv6 }
    add-paths { ipv6 send multipaths }
    add-paths { ipv6 receive true }
    import { }
    import { policy ["ALLOW-ALL"] }
    export { }
    export { policy ["ALLOW-ALL"] }

(ex)[/configure router "Base" bgp]
A:admin@node-2# rename neighbor "200.200.200.200" to 200.200.200.33

*(ex)[/configure router "Base" bgp]
A:admin@node-2# compare flat
+   neighbor "200.200.200.33" { }
+   neighbor "200.200.200.33" { group "mesh" }
+   neighbor "200.200.200.33" { keepalive 10 }
+   neighbor "200.200.200.33" { local-preference 100 }
+   neighbor "200.200.200.33" { local-as as-number 65535 }
+   neighbor "200.200.200.33" { local-as private true }
+   neighbor "200.200.200.33" { add-paths }
+   neighbor "200.200.200.33" { add-paths ipv4 send multipaths }
+   neighbor "200.200.200.33" { add-paths ipv4 receive true }
+   neighbor "200.200.200.33" { add-paths ipv6 send multipaths }
+   neighbor "200.200.200.33" { add-paths ipv6 receive true }
+   neighbor "200.200.200.33" { import }
+   neighbor "200.200.200.33" { import policy ["ALLOW-ALL"] }
+   neighbor "200.200.200.33" { export }
+   neighbor "200.200.200.33" { export policy ["ALLOW-ALL"] }
-   neighbor "200.200.200.200" { }
-   neighbor "200.200.200.200" { group "mesh" }
-   neighbor "200.200.200.200" { keepalive 10 }
-   neighbor "200.200.200.200" { local-preference 100 }
-   neighbor "200.200.200.200" { local-as as-number 65535 }
-   neighbor "200.200.200.200" { local-as private true }
-   neighbor "200.200.200.200" { add-paths }
-   neighbor "200.200.200.200" { add-paths ipv4 send multipaths }
-   neighbor "200.200.200.200" { add-paths ipv4 receive true }
-   neighbor "200.200.200.200" { add-paths ipv6 send multipaths }
-   neighbor "200.200.200.200" { add-paths ipv6 receive true }
-   neighbor "200.200.200.200" { import }
-   neighbor "200.200.200.200" { import policy ["ALLOW-ALL"] }
-   neighbor "200.200.200.200" { export }
-   neighbor "200.200.200.200" { export policy ["ALLOW-ALL"] }
Note: Renaming a list key does not change references to the renamed key at other locations in the configuration. Changing the name of a list key without altering all references causes the MD-CLI candidate configuration to fail validation (when the validate or commit command is issued).
Note: Renaming a user-ordered list maintains the list order.