ā07-15-2019 05:37 AM
Hi Team,
i am working on one task to replace existing EOL juniper switch with new Cisco 9300 switch.
i have current Juniper config , is there any way/tool to translate these Juniper commands to Cisco?
ā07-15-2019 05:50 AM - edited ā07-15-2019 05:50 AM
Hi
no dont think there is no official tool, here is all them listed that are supplied.
If you posit the config though we could help convert it
https://www.cisco.com/c/en/us/support/web/tools-catalog.html
ā07-15-2019 05:50 AM
Hi there,
I have seen tools in the past for firewalls which would do one-way translation of config., but have not seen one switches.
This is a task best suited to a human with configuration experience in both device OS flavours. You could ask your supplier if they provide the service, at a cost.
Or, just post the junos config and we can see if we have the required junos knowledge between us!
cheers,
Seb.
ā07-15-2019 06:01 AM
Hello Noovi,
post the Juniper config.
The most important differences in default settings in Juniper switches:
- in Juniper a trunk link carries no Vlan by default. Cisco default is to allow all Vlans
- Juniper configuration is hierarchical: for example all spanning tree related configuration is under the [edit protocols rstp] hierarchy.
Hope to help
Giuseppe
ā07-22-2024 03:35 AM
convert below command juniper to cisco configuration
source-address {
172.29.150.124/32;
172.29.150.106/32;
172.29.150.123/32;
172.29.142.225/32;
172.30.12.102/32;
172.29.146.116/32;
172.29.142.232/32;
172.29.85.90/32;
172.29.142.192/32;
172.29.142.217/32;
172.29.142.197/32;
172.22.73.153/32;
172.22.74.99/32;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
term terminal_access_denied {
from {
source-address {
0.0.0.0/0;
}
protocol tcp;
destination-port ssh;
}
then {
log;
discard;
}
ā07-22-2024 06:41 AM
Hello @login1 ,
a good enough functional translation is to use a standard ACL and then to invoke it as an access-class x in under line vty
access-list 10 remark list of hosts
access-list 10 permit host 172.29.150.124
access-list 10 permit host 172.29.150.106
[ output ommitted one line for each permitted host]
access-list 10 permit 172.22.74.99
then under
line vty 0 4
transport input ssh
access-class 10 in
line vty 5 15
access-class 10 in
transport input ssh
to have a log of attempted logins from not allowed hosts you can add a final line to ACL 10
access-list 10 deny any log
Hope to help
Giuseppe
ā07-22-2024 06:41 AM
Hi @login1 ,
It is preferable to open a new query in order to get assistance. This makes things easier for those reviewing the case and looking for answers.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide