[j-nsp] | display inheritance vs. logical-systems

Phil Shafer phil at juniper.net
Thu Feb 11 21:15:53 EST 2016 

Yes, it's a bug.  Please have your account team open a PR or let
me know and I'll open it.  From a quick look, the firewall data
model has the right reference, but it's not working, likely broken
somewhere in my (ui) code.

Thanks,
 Phil



Chuck Anderson writes:
>An interesting CLI bug:
>
>"show configuration | display inheritance" doesn't find prefix lists
>that are referenced via configuration groups that are applied inside a
>logical-system, but the configuration commits and works correctly:
>
>MX_RE0# show groups DROP-RESERVED-SOURCES 
>logical-systems {
>    <*> {
>        firewall {
>            family inet {
>                filter <*> {
>                    term DROP-RESERVED-SOURCES {
>                        from {
>                            source-prefix-list {
>                                RESERVED-ADDRESSES;
>                            }
>                        }
>                        then {
>                            count DROP-RESERVED-SOURCES;
>                            discard;
>                        }
>                    }
>                }
>            }
>        }
>    }
>}
>
>MX_RE0# show logical-systems LSYS1 policy-options prefix-list RESERVED-ADDRESSES 
>10.0.0.0/8;
>172.16.0.0/12;
>192.168.0.0/16;
>
>MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN 
>apply-groups DROP-RESERVED-SOURCES;
>
>MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN | display inherit
>ance 
>##
>## 'DROP-RESERVED-SOURCES' was inherited from group 'DROP-RESERVED-SOURCES'
>##
>term DROP-RESERVED-SOURCES {
>    ##
>    ## 'from' was inherited from group 'DROP-RESERVED-SOURCES'
>    ##
>    from {
>        source-prefix-list {
>            ##
>            ## 'RESERVED-ADDRESSES' was inherited from group 'DROP-RESERVED-SOURCES'
>            ##
>            RESERVED-ADDRESSES; ## 'RESERVED-ADDRESSES' is not defined
>        }
>    }
>    ##
>    ## 'then' was inherited from group 'DROP-RESERVED-SOURCES'
>    ##
>    then {
>        ##
>        ## 'DROP-RESERVED-SOURCES' was inherited from group 'DROP-RESERVED-SOURCES'
>        ##
>        count DROP-RESERVED-SOURCES;
>        ##
>        ## 'discard' was inherited from group 'DROP-RESERVED-SOURCES'
>        ##
>        discard;
>    }
>}
>
>Notice the comment "## 'RESERVED-ADDRESSES' is not defined".  It is
>defined...
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list