Re: [j-nsp] Tool to go from Cisco config to Junper config

• Next message: German Martinez: "Re: [j-nsp] Tool to go from Cisco config to Junper config"
• Previous message: Rich Salaiz: "Re: [j-nsp] Tool to go from Cisco config to Junper config"
• In reply to: nicolas.fevrier@free.fr: "Re: [j-nsp] Tool to go from Cisco config to Junper config"
• Next in thread: German Martinez: "Re: [j-nsp] Tool to go from Cisco config to Junper config"
• Reply: German Martinez: "Re: [j-nsp] Tool to go from Cisco config to Junper config"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Fri, 7 Dec 2001 nicolas.fevrier@free.fr wrote:

>> I know Juniper guys have such a tool (called I-to-J or C-to-J, I'm not
>> sure), but I'm pretty sure it's not something they won't give it, nor
>> support it

Configuration converters in general produce ugly and hard-to-read configs
(like most of programming language converters and preprocessors). So,
full conversion of IOS configuration is something I would never recommend
as a good practice.

The only place where automation makes sense are Cisco access lists. A
script to convert access lists to firewall filters would be really neat
to have. I managed to write it for standard Cisco acl's. Extended lists
would require a bit more time (which I don't have), a bit more parsing
(they have a lot of protocols, options etc.). Here's the script:

#!/bin/sh
# Convert standard acl's from IOS to JUNOS firewall policies:
# Example:
# access-list 1 permit 10.1.2.0 0.0.0.255
# access-list 1 deny host 10.3.3.3
# access-list 1 permit any
#

gawk 'BEGIN {
    term = oldterm = "";
    seq = 0;
} { \
    if ($1!="access-list")
        next;
    if ($2 < 100) # Standard lists
        term=$3;
    else # Extended lists - not supported by this script
        next;
    if (term!=oldterm)
        seq+=5;
    if (term=="permit")
        action=" then accept";
    else
        action=" then reject";
    oldterm=term;
    term=term"-"seq
    if ($4=="any") {
        address="0.0.0.0";
        netmask="255.255.255.255";
    } else if ($4=="host") {
        address=$5;
        netmask="0.0.0.0";
    } else {
        address=$4;
        netmask=$5;
    }
    prefix = 32;
    split (netmask, byte, ".");
    for (i=1; i<=4; i++)
        prefix -= log(byte[i]+1)/log(2);
    print "set firewall filter list"$2" term "term" from address "address"/"prefix;
    print "set firewall filter list"$2" term "term action;
}' $1

Regards,
Beri

--------- Berislav Todorovic, Senior NOC Specialist --------
------- KPNQwest N.V. - IP NOC (formerly EUnet NOC) ------
---- Wilhelmina van Pruisenweg 78, 2595 AN Den Haag, NL ----
--- Phone: +31-70-379-3990; Mobile: +31-651-333-641 ---
-- Email: beri@kpnqwest.net <=> beri@EU.net --
--- _ _ ____ _ .--. ____ ____ __/_ ---
----- /__/ /___/ /\ / / / | / /___/ /___ / ------
------ _/ \_ / _/ \/ (__.\ |/\/ /___ ____/ (__. -----

• Next message: German Martinez: "Re: [j-nsp] Tool to go from Cisco config to Junper config"
• Previous message: Rich Salaiz: "Re: [j-nsp] Tool to go from Cisco config to Junper config"
• In reply to: nicolas.fevrier@free.fr: "Re: [j-nsp] Tool to go from Cisco config to Junper config"
• Next in thread: German Martinez: "Re: [j-nsp] Tool to go from Cisco config to Junper config"
• Reply: German Martinez: "Re: [j-nsp] Tool to go from Cisco config to Junper config"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:38 EDT