Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1969
Views
0
Helpful
6
Replies

Juniper to Cisco configuration

Noovi
Level 1
Level 1

‎07-15-2019 05:37 AM

Hi Team,

 

i am working on one task to replace existing EOL juniper switch with new Cisco 9300 switch.

 

i have current Juniper config , is there any way/tool to translate these Juniper commands to Cisco?

Labels:
0 Helpful
6 Replies 6

Mark Malone
VIP Alumni
VIP Alumni

‎07-15-2019 05:50 AM - edited ‎07-15-2019 05:50 AM

Hi
no dont think there is no official tool, here is all them listed that are supplied.

If you posit the config though we could help convert it

 

https://www.cisco.com/c/en/us/support/web/tools-catalog.html

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni

‎07-15-2019 05:50 AM

Hi there,

I have seen tools in the past for firewalls which would do one-way translation of config., but have not seen one switches.

 

This is a task best suited to a human with configuration experience in both device OS flavours. You could ask your supplier if they provide the service, at a cost. 

Or, just post the junos config and we can see if we have the required junos knowledge between us!

 

cheers,

Seb.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-15-2019 06:01 AM

Hello Noovi,

post the Juniper config.

 

The most important differences in default settings in Juniper switches:

- in Juniper a trunk link carries no Vlan by default. Cisco default is to allow all Vlans

- Juniper configuration is hierarchical: for example all spanning tree related configuration is under the [edit protocols rstp] hierarchy.

 

Hope to help

Giuseppe

0 Helpful

login1
Level 1
Level 1

‎07-22-2024 03:35 AM

convert below command juniper to cisco configuration 

source-address {
172.29.150.124/32;
172.29.150.106/32;
172.29.150.123/32;
172.29.142.225/32;
172.30.12.102/32;
172.29.146.116/32;
172.29.142.232/32;
172.29.85.90/32;
172.29.142.192/32;
172.29.142.217/32;
172.29.142.197/32;
172.22.73.153/32;
172.22.74.99/32;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
term terminal_access_denied {
from {
source-address {
0.0.0.0/0;
}
protocol tcp;
destination-port ssh;
}
then {
log;
discard;
}

 

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to login1

‎07-22-2024 06:41 AM

Hello @login1 ,

a good enough functional translation is to use a standard ACL and then to invoke it as an access-class x in under line vty

 

access-list 10 remark list of hosts

access-list 10 permit host 172.29.150.124

access-list 10 permit host 172.29.150.106

[ output ommitted one line for each permitted host]

access-list 10 permit 172.22.74.99

 

then under

line vty 0 4

transport input ssh

access-class 10 in

line vty 5 15

access-class 10 in

transport input ssh

to have a log of attempted logins from not allowed hosts you can add a final line to ACL 10

access-list 10 deny any log

Hope to help

Giuseppe

 

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to login1

‎07-22-2024 06:41 AM

Hi @login1 ,

It is preferable to open a new query in order to get assistance. This makes things easier for those reviewing the case and looking for answers.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card