[j-nsp] | display inheritance vs. logical-systems

Phil Shafer phil at juniper.net
Fri Feb 12 12:33:54 EST 2016 

This is now PR 1160955.

Thanks,
 Phil



Phil Shafer writes:
>Yes, it's a bug.  Please have your account team open a PR or let
>me know and I'll open it.  From a quick look, the firewall data
>model has the right reference, but it's not working, likely broken
>somewhere in my (ui) code.
>
>Thanks,
> Phil
>
>
>
>Chuck Anderson writes:
>>An interesting CLI bug:
>>
>>"show configuration | display inheritance" doesn't find prefix lists
>>that are referenced via configuration groups that are applied inside a
>>logical-system, but the configuration commits and works correctly:
>>
>>MX_RE0# show groups DROP-RESERVED-SOURCES 
>>logical-systems {
>>    <*> {
>>        firewall {
>>            family inet {
>>                filter <*> {
>>                    term DROP-RESERVED-SOURCES {
>>                        from {
>>                            source-prefix-list {
>>                                RESERVED-ADDRESSES;
>>                            }
>>                        }
>>                        then {
>>                            count DROP-RESERVED-SOURCES;
>>                            discard;
>>                        }
>>                    }
>>                }
>>            }
>>        }
>>    }
>>}
>>
>>MX_RE0# show logical-systems LSYS1 policy-options prefix-list RESERVED-ADDRESSES 
>>10.0.0.0/8;
>>172.16.0.0/12;
>>192.168.0.0/16;
>>
>>MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN 
>>apply-groups DROP-RESERVED-SOURCES;
>>
>>MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN | display inheri
>t
>>ance 
>>##
>>## 'DROP-RESERVED-SOURCES' was inherited from group 'DROP-RESERVED-SOURCES'
>>##
>>term DROP-RESERVED-SOURCES {
>>    ##
>>    ## 'from' was inherited from group 'DROP-RESERVED-SOURCES'
>>    ##
>>    from {
>>        source-prefix-list {
>>            ##
>>            ## 'RESERVED-ADDRESSES' was inherited from group 'DROP-RESERVED-SOURCES'
>>            ##
>>            RESERVED-ADDRESSES; ## 'RESERVED-ADDRESSES' is not defined
>>        }
>>    }
>>    ##
>>    ## 'then' was inherited from group 'DROP-RESERVED-SOURCES'
>>    ##
>>    then {
>>        ##
>>        ## 'DROP-RESERVED-SOURCES' was inherited from group 'DROP-RESERVED-SOURCES'
>>        ##
>>        count DROP-RESERVED-SOURCES;
>>        ##
>>        ## 'discard' was inherited from group 'DROP-RESERVED-SOURCES'
>>        ##
>>        discard;
>>    }
>>}
>>
>>Notice the comment "## 'RESERVED-ADDRESSES' is not defined".  It is
>>defined...
>>_______________________________________________
>>juniper-nsp mailing list juniper-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list