[j-nsp] | display inheritance vs. logical-systems
Chuck Anderson
cra at WPI.EDU
Fri Feb 12 12:54:31 EST 2016
Thanks!
On Fri, Feb 12, 2016 at 12:33:54PM -0500, Phil Shafer wrote:
> This is now PR 1160955.
>
> Thanks,
> Phil
>
>
>
> Phil Shafer writes:
> >Yes, it's a bug. Please have your account team open a PR or let
> >me know and I'll open it. From a quick look, the firewall data
> >model has the right reference, but it's not working, likely broken
> >somewhere in my (ui) code.
> >
> >Thanks,
> > Phil
> >
> >
> >
> >Chuck Anderson writes:
> >>An interesting CLI bug:
> >>
> >>"show configuration | display inheritance" doesn't find prefix lists
> >>that are referenced via configuration groups that are applied inside a
> >>logical-system, but the configuration commits and works correctly:
> >>
> >>MX_RE0# show groups DROP-RESERVED-SOURCES
> >>logical-systems {
> >> <*> {
> >> firewall {
> >> family inet {
> >> filter <*> {
> >> term DROP-RESERVED-SOURCES {
> >> from {
> >> source-prefix-list {
> >> RESERVED-ADDRESSES;
> >> }
> >> }
> >> then {
> >> count DROP-RESERVED-SOURCES;
> >> discard;
> >> }
> >> }
> >> }
> >> }
> >> }
> >> }
> >>}
> >>
> >>MX_RE0# show logical-systems LSYS1 policy-options prefix-list RESERVED-ADDRESSES
> >>10.0.0.0/8;
> >>172.16.0.0/12;
> >>192.168.0.0/16;
> >>
> >>MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN
> >>apply-groups DROP-RESERVED-SOURCES;
> >>
> >>MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN | display inheri
> >t
> >>ance
> >>##
> >>## 'DROP-RESERVED-SOURCES' was inherited from group 'DROP-RESERVED-SOURCES'
> >>##
> >>term DROP-RESERVED-SOURCES {
> >> ##
> >> ## 'from' was inherited from group 'DROP-RESERVED-SOURCES'
> >> ##
> >> from {
> >> source-prefix-list {
> >> ##
> >> ## 'RESERVED-ADDRESSES' was inherited from group 'DROP-RESERVED-SOURCES'
> >> ##
> >> RESERVED-ADDRESSES; ## 'RESERVED-ADDRESSES' is not defined
> >> }
> >> }
> >> ##
> >> ## 'then' was inherited from group 'DROP-RESERVED-SOURCES'
> >> ##
> >> then {
> >> ##
> >> ## 'DROP-RESERVED-SOURCES' was inherited from group 'DROP-RESERVED-SOURCES'
> >> ##
> >> count DROP-RESERVED-SOURCES;
> >> ##
> >> ## 'discard' was inherited from group 'DROP-RESERVED-SOURCES'
> >> ##
> >> discard;
> >> }
> >>}
> >>
> >>Notice the comment "## 'RESERVED-ADDRESSES' is not defined". It is
> >>defined...
More information about the juniper-nsp
mailing list