Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.

Do actions base on time of day via event-options

  • 1.  Do actions base on time of day via event-options

    Posted 03-09-2021 18:09
    How to setup a time of day event change on your non SRX JUNOS device.
    Background . So I knew about the two ways to schedule stuff on the SRX but I could never find out how to do that on the Junos EX / QFX platform.
    I saw this yesterday on Junper's Youtube channel https://www.youtube.com/watch?v=t7hmGVZH1-s   THANK YOU !!!
    Ive asked for a feature enhancement for YEARS and have asked my SEs with no luck , and to  find out this was in the code since Junos 11.    
    So making wine out of my sour grapes by sharing with everyone and doing this in  my time of day lab. The coolest thing about this .. It can be used so many things.

    When I came from the Cisco world this was always a day one kinda of how to do ACLs. Hope this helps someone , but even if not I am happy to have fulfilled my need to know how to do this :)

    Below is the event scripts that will run every day at 8am and at 5pm. The -0500 seems to happen automatically to my config as ive set system time-zone America/New_York in my config.
    **Edit. One thing I have leaned is Junos does not name their built in policies and such with CAPITAL letters so I like to use capital letters to easily show I'm using custom policies and not built in ones.
    [edit event-options]
    generate-event {
    DAILY-8am time-of-day "08:00:00 -0500";
    DAILY-5pm time-of-day "22:00:00 -0500";
    }
    policy DENY-traffic-greater-than-3meg {
    events DAILY-8am;
    then {
    execute-commands {
    commands {
    "activate firewall family inet filter tom-wizard-mockup-ingress term 15";
    "commit comment update-time-of-day-filter-at-8am";
    }
    output-filename DENY-traffic-greater-than-3meg;
    destination local-to-box;
    output-format text;
    }
    }
    }
    policy ALLOW-greater-than-3meg {
    events DAILY-5pm;
    then {
    execute-commands {
    commands {
    "deactivate firewall family inet filter tom-wizard-mockup-ingress term 15";
    "commit comment allowed-greater-than-3meg-time-of-day-filter-5pm";
    }
    output-filename allowed-greather-than-3meg;
    destination local-to-box;
    output-format text;
    }
    }
    }
    destinations {
    local-to-box {
    archive-sites {
    /var/tmp/;
    }
    }
    }
    Just a snip of what my term 15 looked like.

    set firewall family inet filter tom-wizard-mockup-ingress term 15 from source-address 1.1.1.0/24
    set firewall family inet filter tom-wizard-mockup-ingress term 15 from destination-address 9.9.9.9/32
    set firewall family inet filter tom-wizard-mockup-ingress term 15 then policer 3meg
    set firewall family inet filter tom-wizard-mockup-ingress term 15 then count term15-counter
    set firewall family inet filter tom-wizard-mockup-ingress term 15 then syslog
    set firewall family inet filter tom-wizard-mockup-ingress term 15 then accept