Copying configuration elements

The output from the info commands can be copied and pasted and used as a direct input to another MD-CLI session, or loaded from a file.

Example: Configuring identical profiles

The following example shows the output from the info command, displaying the following configuration for the profile of the user ‟guest1”.

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }

The output can be copied and pasted to configure an identical profile for another user; for example, ‟guest2”. The working context must be at the same hierarchy level, as the info command output is context-sensitive.

(ex)[/]
A:admin@node-2# configure system security aaa local-profiles profile guest2

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#

Copy the info command output and paste each line into the command line.

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     default-action permit-all

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 10 {

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 10]
A:admin@node-2#         action deny

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 10]
A:admin@node-2#         match "configure system security"

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 10]
A:admin@node-2#     }

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 20 {

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 20]
A:admin@node-2#         action deny

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 20]
A:admin@node-2#         match "configure li"

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 20]
A:admin@node-2#     }

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 30 {

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 30]
A:admin@node-2#         action deny

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 30]
A:admin@node-2#         match "show li"

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 30]
A:admin@node-2#     }

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#     entry 40 {

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 40]
A:admin@node-2#         action deny

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 40]
A:admin@node-2#         match "tools"

*(ex)[/configure system security aaa local-profiles profile "guest2" entry 40]
A:admin@node-2#     }

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#

The info command displays the configuration changes for profile ‟guest2”, which are identical to the configuration for profile ‟guest1”.

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#

Similarly, the info flat command output can be copied and pasted for the user profile for ‟guest3”.

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2# info flat
    default-action permit-all
    entry 10 action deny
    entry 10 match "configure system security"
    entry 20 action deny
    entry 20 match "configure li"
    entry 30 action deny
    entry 30 match "show li"
    entry 40 action deny
    entry 40 match "tools"

*(ex)[/configure system security aaa local-profiles profile "guest2"]
A:admin@node-2#

*(ex)[/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# /configure system security aaa local-profiles profile "guest3"

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#  default-action permit-all

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 10 action deny

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 10 match "configure system security"

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 20 action deny

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 20 match "configure li"

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 30 action deny

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 30 match "show li"

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 40 action deny

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#     entry 40 match "tools"

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }

*(ex)[/configure system security aaa local-profiles profile "guest3"]
A:admin@node-2#

The output from the info full-context command contains the full configuration path for the configuration statements. This output can be used to reconfigure the same user profile on another router, or to rebuild the user profile if it was deleted or discarded.

Example: Deleting and re-adding the ‟guest1” user profile

The following example begins with a ‟guest1” user profile, which is subsequently deleted and re-added using the output from the info full-context command.

*(ex)[/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# info full-context
    /configure system security aaa local-profiles profile "guest1" default-action permit-all
    /configure system security aaa local-profiles profile "guest1" entry 10 { }
    /configure system security aaa local-profiles profile "guest1" entry 10 { action deny }
    /configure system security aaa local-profiles profile "guest1" entry 10 { match "configure system security" }
    /configure system security aaa local-profiles profile "guest1" entry 20 { }
    /configure system security aaa local-profiles profile "guest1" entry 20 { action deny }
    /configure system security aaa local-profiles profile "guest1" entry 20 { match "configure li" }
    /configure system security aaa local-profiles profile "guest1" entry 30 { }
    /configure system security aaa local-profiles profile "guest1" entry 30 { action deny }
    /configure system security aaa local-profiles profile "guest1" entry 30 { match "show li" }
    /configure system security aaa local-profiles profile "guest1" entry 40 { }
    /configure system security aaa local-profiles profile "guest1" entry 40 { action deny }
    /configure system security aaa local-profiles profile "guest1" entry 40 { match "tools" }

The ‟guest1” user profile is deleted, and the info full-context command after the delete shows no matches for profile ‟guest1”:

*(ex)[/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# back

*(ex)[/configure system security aaa local-profiles]
A:admin@node-2# delete profile ‟guest1”

*(ex)[/configure system security aaa local-profiles]
A:admin@node-2# info full-context | match guest1

*(ex)[/configure system security aaa local-profiles]
A:admin@node-2#

In the next step, the original full-context output for ‟guest1” is copied and pasted. Because the output contains the full configuration path, the statements can be pasted from any configuration context.

[ex:/configure]
A:admin@node-2#  /configure system security aaa local-profiles profile "guest1" default-action permit-all

*[ex:/configure]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 10 { }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 10 { action deny }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 10 { match "configure system security" }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 20 { }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 20 { action deny }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 20 { match "configure li" }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 30 { }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 30 { action deny }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 30 { match "show li" }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 40 { }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 40 { action deny }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#     /configure system security aaa local-profiles profile "guest1" entry 40 { match "tools" }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2# info
    default-action permit-all
    entry 10 {
        action deny
        match "configure system security"
    }
    entry 20 {
        action deny
        match "configure li"
    }
    entry 30 {
        action deny
        match "show li"
    }
    entry 40 {
        action deny
        match "tools"
    }

*[ex:/configure system security aaa local-profiles profile "guest1"]
A:admin@node-2#

The displayed output from the compare command can also be used to copy and paste statements in the MD-CLI. See Viewing the uncommitted configuration changes for information about using the compare command.

Parent topic: Editing configuration in the MD-CLI

Using the copy command

The copy command allows elements to be duplicated for use within an MD-CLI configuration. The source and destination elements must be the same type (such as containers, lists, or leaf elements) and must be at the same configuration level.

A copied element inherits all characteristics from the source element. If a container is copied to another container element, all child elements of the container are also copied.

Example: Using the copy command

The following example shows the configuration of a BGP peer (neighbor 192.0.2.2). The copy command is used to deploy a new peering session (neighbor 192.0.2.200).

[ex:/configure router "Base" bgp]
A:admin@node-2# info flat neighbor "192.0.2.2"
    group "mesh"
    keepalive 10
    local-preference 100
    local-as { }
    local-as { as-number 65535 }
    local-as { private true }
    add-paths { }
    add-paths { ipv4 }
    add-paths { ipv4 send multipaths }
    add-paths { ipv4 receive true }
    add-paths { ipv6 }
    add-paths { ipv6 send multipaths }
    add-paths { ipv6 receive true }
    import { }
    import { policy ["ALLOW-ALL"] }
    export { }
    export { policy ["ALLOW-ALL"] }

[ex:/configure router "Base" bgp]
A:admin@node-2# copy neighbor "192.0.2.2" to neighbor 192.0.2.200

*[ex:/configure router "Base" bgp]
A:admin@node-2#  compare flat
+   neighbor "192.0.2.200" { }
+   neighbor "192.0.2.200" { group "mesh" }
+   neighbor "192.0.2.200" { keepalive 10 }
+   neighbor "192.0.2.200" { local-preference 100 }
+   neighbor "192.0.2.200" { local-as as-number 65535 }
+   neighbor "192.0.2.200" { local-as private true }
+   neighbor "192.0.2.200" { add-paths }
+   neighbor "192.0.2.200" { add-paths ipv4 send multipaths }
+   neighbor "192.0.2.200" { add-paths ipv4 receive true }
+   neighbor "192.0.2.200" { add-paths ipv6 send multipaths }
+   neighbor "192.0.2.200" { add-paths ipv6 receive true }
+   neighbor "192.0.2.200" { import }
+   neighbor "192.0.2.200" { import policy ["ALLOW-ALL"] }
+   neighbor "192.0.2.200" { export }
+   neighbor "192.0.2.200" { export policy ["ALLOW-ALL"] }
Note: pwc may also be used in the source or destination to specify the present working context instead of a path.
Note: The copy command includes the to keyword, which is always evaluated as an MD-CLI keyword. Therefore, contexts that include the command to cannot be copied as in the above examples. It is possible to copy the element by navigating to the destination context and omitting the destination parameter (that is, defaulting to the present working context). Examples where this limitation applies include:
  • configure policy-options policy-statement entry to
  • configure policy-options policy-statement named-entry to
  • configure oam-pm session mpls lsp rsvp-auto to
  • configure router mpls lsp to
  • configure subscriber-management local-user-db ipoe host host-identification encap-tag-range to
  • configure subscriber-management local-user-db ppp host host-identification encap-tag-range to

Example: Copying configuration from one entry to another without the destination parameter

The following example copies entry "5" data to entry "10" after navigating into the context for entry "10".

*[ex:/configure policy-options policy-statement "s"]
A:admin@node-2# info
    entry 5 {
        to {
            level 2
        }
    }
    entry 10 {
    }

*[ex:/configure policy-options policy-statement "s"]
A:admin@node-2# entry 10

*[ex:/configure policy-options policy-statement "s" entry 10]
A:admin@node-2# copy /configure policy-options policy-statement s entry 5

*[ex:/configure policy-options policy-statement "s" entry 10]
A:admin@node-2# info
    to {
        level 2
    }

Using the rename command

The rename command allows a list key to be renamed within the transactional MD-CLI configuration interface. Use the rename command instead of an using the copy and delete commands for a list with a specific key.

When the rename command is used to rename a key for a user-ordered list, the system maintains the list order.

The rename command may be service-impacting, as the operations involve add and delete operations.

Note:
  • Renaming a list key does not change references to the renamed key at other locations in the configuration. Changing the name of a list key without altering all references causes the MD-CLI candidate configuration to fail validation (when the validate or commit command is issued).
  • Renaming a user-ordered list maintains the list order.
  • pwc may also be used in the source or destination to specify the present working context instead of a list key.
Example

The following example shows the BGP neighbor 200.200.200.200 renamed to neighbor 200.200.200.33. The compare command displays the actions performed when the configuration is committed.

[ex:/configure router "Base" bgp]
A:admin@node-2# info flat neighbor "200.200.200.200"
    group "mesh"
    keepalive 10
    local-preference 100
    local-as { }
    local-as { as-number 65535 }
    local-as { private true }
    add-paths { }
    add-paths { ipv4 }
    add-paths { ipv4 send multipaths }
    add-paths { ipv4 receive true }
    add-paths { ipv6 }
    add-paths { ipv6 send multipaths }
    add-paths { ipv6 receive true }
    import { }
    import { policy ["ALLOW-ALL"] }
    export { }
    export { policy ["ALLOW-ALL"] }

[ex:/configure router "Base" bgp]
A:admin@node-2# rename neighbor "200.200.200.200" to 200.200.200.33

*[ex:/configure router "Base" bgp]
A:admin@node-2# compare flat
+   neighbor "200.200.200.33" { }
+   neighbor "200.200.200.33" { group "mesh" }
+   neighbor "200.200.200.33" { keepalive 10 }
+   neighbor "200.200.200.33" { local-preference 100 }
+   neighbor "200.200.200.33" { local-as as-number 65535 }
+   neighbor "200.200.200.33" { local-as private true }
+   neighbor "200.200.200.33" { add-paths }
+   neighbor "200.200.200.33" { add-paths ipv4 send multipaths }
+   neighbor "200.200.200.33" { add-paths ipv4 receive true }
+   neighbor "200.200.200.33" { add-paths ipv6 send multipaths }
+   neighbor "200.200.200.33" { add-paths ipv6 receive true }
+   neighbor "200.200.200.33" { import }
+   neighbor "200.200.200.33" { import policy ["ALLOW-ALL"] }
+   neighbor "200.200.200.33" { export }
+   neighbor "200.200.200.33" { export policy ["ALLOW-ALL"] }
-   neighbor "200.200.200.200" { }
-   neighbor "200.200.200.200" { group "mesh" }
-   neighbor "200.200.200.200" { keepalive 10 }
-   neighbor "200.200.200.200" { local-preference 100 }
-   neighbor "200.200.200.200" { local-as as-number 65535 }
-   neighbor "200.200.200.200" { local-as private true }
-   neighbor "200.200.200.200" { add-paths }
-   neighbor "200.200.200.200" { add-paths ipv4 send multipaths }
-   neighbor "200.200.200.200" { add-paths ipv4 receive true }
-   neighbor "200.200.200.200" { add-paths ipv6 send multipaths }
-   neighbor "200.200.200.200" { add-paths ipv6 receive true }
-   neighbor "200.200.200.200" { import }
-   neighbor "200.200.200.200" { import policy ["ALLOW-ALL"] }
-   neighbor "200.200.200.200" { export }
-   neighbor "200.200.200.200" { export policy ["ALLOW-ALL"] }