diff --git a/tools/linux/juniper-ctrl/juniper-net-manager/README.md b/tools/linux/juniper-ctrl/juniper-net-manager/README.md new file mode 100644 index 0000000..7f3f957 --- /dev/null +++ b/tools/linux/juniper-ctrl/juniper-net-manager/README.md @@ -0,0 +1,41 @@ +# 🛠 Juniper Network Toggle Too + +This script automates the activate / deactivate operations on Juniper JunOS devices via SSH. It intelligently distinguishes between interface addresses and static routes. + +--- + +### 🚀 Key Features +* **Dual Mode:** Detects if the target is an interface (`address`) or a static route (`route`). +* **Dynamic CIDR:** Supports masks from `/24` up to `/32`. +* **Safety First:** Runs in Bash Strict Mode (`set -uo pipefail`). +* **Dry Run Ready:** Includes a debug echo of the command before execution. + +### ⚙️ Prerequisites +* **Packages:** `ipcalc`, `openssh-client`. +* **Access:** Passwordless SSH access to the Juniper host. +* **Config:** A `juniper-net-manager.conf` file defining `JUNIPER_USER`. + +### 🏃 Quick Start +```bash + # Deactivate a network (Interface) + ./juniper-net-toggle.sh 10.10.1.1 192.168.50.0/30 OFF + + # Activate a static route + ./juniper-net-toggle.sh core-router-01 185.65.200.0/24 ON +``` + +### 🔧 Parameters +| Argument | Description | +| :--- | :--- | +| `HOSTNAME` | Target Juniper IP or FQDN. | +| `NETWORK` | Network with CIDR (e.g., 1.1.1.0/24). | +| `ACTION` | ON (activate) or OFF (deactivate). | + +### ⚠️ Troubleshooting +* **Error: Not found:** Ensure the IP and Mask match the Juniper configuration exactly as seen in show configuration. +* **Unbound variable:** Ensure all 3 arguments are provided. + +--- + +### ⚖️ License +MIT [LICENSE](https://github.com/andsyrovatko/s4k-admin-toolbox/blob/main/LICENSE). Free to use and modify. diff --git a/tools/linux/juniper-ctrl/juniper-net-manager/juniper-net-toggle.conf.example b/tools/linux/juniper-ctrl/juniper-net-manager/juniper-net-toggle.conf.example new file mode 100644 index 0000000..0b34d8b --- /dev/null +++ b/tools/linux/juniper-ctrl/juniper-net-manager/juniper-net-toggle.conf.example @@ -0,0 +1,4 @@ +# ip_manager.conf - Configuration for IPSET Management Script + +# --- CREDENTIALS --- +JUNIPER_USER="your_ssh_user_here" \ No newline at end of file diff --git a/tools/linux/juniper-ctrl/juniper-net-manager/juniper-net-toggle.sh b/tools/linux/juniper-ctrl/juniper-net-manager/juniper-net-toggle.sh new file mode 100755 index 0000000..6058137 --- /dev/null +++ b/tools/linux/juniper-ctrl/juniper-net-manager/juniper-net-toggle.sh @@ -0,0 +1,116 @@ +#!/usr/bin/env bash +# ============================================================================= +# Script Name : juniper-net-toggle.sh +# Description : Activate/Deactivate Juniper network interfaces or static routes via SSH. +# Usage: : ./juniper-net-toggle.sh +# For details - see README.md +# Author : syr4ok (Andrii Syrovatko) +# Version : 1.0.0b +# ============================================================================= + +# --- STRICT MODE --- +set -uo pipefail +IFS=$'\n\t' +if [[ $# -lt 3 ]]; then + { + echo "[ERROR]: Not enough arguments!" + echo "Usage: $0 " + echo "Actions: OFF (deactivate), ON (activate)" + } + exit 1 +fi + +# Configuration Loader +CONFIG_FILE="$(dirname "$0")/juniper-net-toggle.conf" + +if [[ -f "$CONFIG_FILE" ]]; then + # shellcheck source=/dev/null + source "$CONFIG_FILE" +else + echo "[Error]: Configuration file not found. Create ip_manager.conf from example." + exit 1 +fi + +# Received variables +JUNIPER_HOST="$1" +NET_TO_DISABLE="$2" +ACT="$3" + +# Environment & Tools +SSH_BIN=$(which ssh 2>/dev/null || true) +IPCALC_BIN=$(command -v ipcalc) + +if [[ -z "$IPCALC_BIN" ]]; then + echo "[Error]: 'ipcalc' is not installed. Run: sudo apt install ipcalc" + exit 1 +fi + +# Logic for Dynamic Masks +# Extract CIDR mask (e.g., from 192.168.1.0/24 it gets 24) +MASK=$(echo "$NET_TO_DISABLE" | cut -d'/' -f2) +# If no mask provided, default to 32 +if [[ "$NET_TO_DISABLE" == "$MASK" ]]; then + MASK=32 +fi + +# Clear network for static routes +NET_ONLY=$(echo "$NET_TO_DISABLE" | cut -d'/' -f1) + +# Get the network/gateway address +# For /32 it's just the IP, for others it's the HostMin +if [[ "$MASK" -eq 32 ]]; then + net_to_gw_cvrt=$(echo "$NET_TO_DISABLE" | cut -d'/' -f1) +else + net_to_gw_cvrt=$($IPCALC_BIN -b "$NET_TO_DISABLE" | grep HostMin | awk '{print $NF}') +fi + +echo "[INFO]: Searching for $NET_ONLY (interface or route) on ${JUNIPER_HOST}..." + +# Get config line via SSH +config_line=$($SSH_BIN -o ConnectTimeout=5 ${JUNIPER_USER}@${JUNIPER_HOST} "show configuration | display set | match \"address ${net_to_gw_cvrt}/${MASK}\"" | head -n1) +if [ -z "$config_line" ]; then + # If static route + config_line=$($SSH_BIN -o ConnectTimeout=5 "${JUNIPER_USER}@${JUNIPER_HOST}" \ + "show configuration | display set | match \"route $NET_ONLY/${MASK}\"" | head -n1) +fi + +if [ -z "$config_line" ]; then + echo "[Error]: Address for network ${NET_TO_DISABLE} not found on Juniper." + exit 1 +fi + +# Prepare commands +deactivate_cmd="${config_line/set/deactivate}" +activate_cmd="${config_line/set/activate}" + +case "${ACT^^}" in # Convert to uppercase for robustness + "DELETE"|"REJECT"|"RESTRICT"|"OFF") + echo "[INFO]: Deactivating network (${NET_TO_DISABLE})..." + COMMAND="$deactivate_cmd" + MSG="Address ${NET_TO_DISABLE} deactivated!" + ;; + "NEW"|"RESUME"|"ON") + echo "[INFO]: Activating network (${NET_TO_DISABLE})..." + COMMAND="$activate_cmd" + MSG="Address ${NET_TO_DISABLE} activated!" + ;; + *) + echo "[!] Unsupported or unknown ACT value (${ACT})" + exit 1 + ;; +esac + +echo "$COMMAND" # DEBUG + +# Execute on Juniper + ssh -tt ${JUNIPER_USER}@${JUNIPER_HOST} << EOF +configure +$COMMAND +commit +exit +exit +EOF + +echo "[SUCCESS] $MSG" + +exit 0