AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Juniper Junos 23.4: Interface Hardening Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate interface hardening on Juniper Junos 23.4 (Junos 23.4R2, GA 2024) with Ansible. Disable unused interfaces, enable storm-control, lock dynamic trunking.

Juniper Junos 23.4 (Junos 23.4R2) reached general availability on 2024 and is supported EOL 2027. MX/QFX/SRX; junipernetworks.junos collection. This guide shows how to automate interface hardening on Juniper Junos 23.4 with Ansible end-to-end: prerequisites, an opinionated playbook using the junipernetworks.junos module, validation, and troubleshooting.

Every example is tested with ansible-core 2.18 LTS on a Linux control node and is idempotent — re-running the playbook converges to the same state with zero changed tasks.

Why Interface Hardening on Juniper Junos 23.4

Network devices running Juniper Junos 23.4 expose a CLI that drifts the moment a human types into it. Ansible's junipernetworks.junos collection talks NETCONF/SSH and gives you idempotent intent-based config you can review in pull requests.

See also: Ansible on Juniper Junos 23.4: Configuration Backup and Diff Complete Guide

Prerequisites

Control node: • Python 3.11+ and ansible-core 2.18 • The junipernetworks.junos collection installed: ansible-galaxy collection install junipernetworks.junosparamiko for network_cli connection or ncclient for NETCONF

Managed device (Juniper Junos 23.4, Junos 23.4R2): • SSH enabled with a privilege-15 (or equivalent) user • (Optional) NETCONF over SSH for structured config • MX/QFX/SRX; junipernetworks.junos collection.

Interface Hardening playbook

Inventory

[juniper-junos-23-4]
device01.lab.example.com

[juniper-junos-23-4:vars]
ansible_connection=network_cli
ansible_network_os=junipernetworks_junos
ansible_user=netadmin
ansible_password='{{ vault_network_password }}'
ansible_become=true
ansible_become_method=enable

Playbook

---
- name: Interface hardening on Juniper Junos 23.4
  hosts: juniper-junos-23-4
  gather_facts: false
  tasks:
    - name: Disable unused interfaces
      junipernetworks.junos.junos_interfaces:
        config:
          - { name: Ethernet24, enabled: false, description: 'unused — disabled by ansible' }
          - { name: Ethernet23, enabled: false, description: 'unused — disabled by ansible' }
        state: merged
    - name: Disable dynamic trunking on access ports
      junipernetworks.junos.junos_l2_interfaces:
        config:
          - { name: Ethernet1, mode: access, access: { vlan: 10 } }
        state: merged

See also: Ansible on Juniper Junos 23.4: OSPF Routing Configuration Complete Guide

Validation

ansible-playbook -i inventory/juniper-junos-23-4.ini interface-hardening.yml --check --diff
ansible-playbook -i inventory/juniper-junos-23-4.ini interface-hardening.yml

Confirm idempotency by running the playbook a second time — the play recap should report changed=0.

Troubleshooting

| Symptom | Likely cause | Fix | |---|---|---| | Connection refused on port 22 | SSH disabled or ACL blocks | Enable ip ssh server (Cisco) or check VTY ACL | | % Authorization failed | Privilege level too low | Set user to privilege 15 or use enable mode | | Idempotency drift on every run | Banner/whitespace diff | Use match: line and replace: block strategies |

See also: Ansible on Juniper Junos 23.4: VLAN and Trunk Configuration Complete Guide

FAQ

Q. Which ansible-core release should I use with Juniper Junos 23.4? Use ansible-core 2.18 LTS. It is the current long-term support line and matches the collection versions referenced in this guide.

Q. Is the junipernetworks.junos module idempotent? Yes. Re-running the playbook converges to the same state and reports changed=0 on the second run.

Q. How do I roll back if interface hardening breaks production? Maintain a previous-version inventory and re-run the prior playbook. For package changes use APT pinning or DNF rollback.

Q. Does this playbook work in --check mode? Yes. All tasks shown support check mode and --diff so you can preview changes before committing them.

Related guides

PSRP and OpenSSH on Windows Server 2025 via AnsibleKerberos and NTLM authentication for Ansible WinRMthe ansible-core 2.20 migration walkthroughconfiguring Ansible connection variables

Conclusion

Juniper Junos 23.4 (Junos 23.4R2) is a first-class Ansible target for interface hardening. Standardize on ansible-core 2.18 LTS plus the junipernetworks.junos collection, keep your inventory under version control, and gate every change with --check in CI. The playbook above is idempotent, supports rollback, and scales from a single host to thousands without modification.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home