[j-nsp] | display inheritance vs. logical-systems

Chuck Anderson cra at WPI.EDU
Fri Feb 12 12:54:31 EST 2016


Thanks!

On Fri, Feb 12, 2016 at 12:33:54PM -0500, Phil Shafer wrote:
> This is now PR 1160955.
> 
> Thanks,
>  Phil
> 
> 
> 
> Phil Shafer writes:
> >Yes, it's a bug.  Please have your account team open a PR or let
> >me know and I'll open it.  From a quick look, the firewall data
> >model has the right reference, but it's not working, likely broken
> >somewhere in my (ui) code.
> >
> >Thanks,
> > Phil
> >
> >
> >
> >Chuck Anderson writes:
> >>An interesting CLI bug:
> >>
> >>"show configuration | display inheritance" doesn't find prefix lists
> >>that are referenced via configuration groups that are applied inside a
> >>logical-system, but the configuration commits and works correctly:
> >>
> >>MX_RE0# show groups DROP-RESERVED-SOURCES 
> >>logical-systems {
> >>    <*> {
> >>        firewall {
> >>            family inet {
> >>                filter <*> {
> >>                    term DROP-RESERVED-SOURCES {
> >>                        from {
> >>                            source-prefix-list {
> >>                                RESERVED-ADDRESSES;
> >>                            }
> >>                        }
> >>                        then {
> >>                            count DROP-RESERVED-SOURCES;
> >>                            discard;
> >>                        }
> >>                    }
> >>                }
> >>            }
> >>        }
> >>    }
> >>}
> >>
> >>MX_RE0# show logical-systems LSYS1 policy-options prefix-list RESERVED-ADDRESSES 
> >>10.0.0.0/8;
> >>172.16.0.0/12;
> >>192.168.0.0/16;
> >>
> >>MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN 
> >>apply-groups DROP-RESERVED-SOURCES;
> >>
> >>MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN | display inheri
> >t
> >>ance 
> >>##
> >>## 'DROP-RESERVED-SOURCES' was inherited from group 'DROP-RESERVED-SOURCES'
> >>##
> >>term DROP-RESERVED-SOURCES {
> >>    ##
> >>    ## 'from' was inherited from group 'DROP-RESERVED-SOURCES'
> >>    ##
> >>    from {
> >>        source-prefix-list {
> >>            ##
> >>            ## 'RESERVED-ADDRESSES' was inherited from group 'DROP-RESERVED-SOURCES'
> >>            ##
> >>            RESERVED-ADDRESSES; ## 'RESERVED-ADDRESSES' is not defined
> >>        }
> >>    }
> >>    ##
> >>    ## 'then' was inherited from group 'DROP-RESERVED-SOURCES'
> >>    ##
> >>    then {
> >>        ##
> >>        ## 'DROP-RESERVED-SOURCES' was inherited from group 'DROP-RESERVED-SOURCES'
> >>        ##
> >>        count DROP-RESERVED-SOURCES;
> >>        ##
> >>        ## 'discard' was inherited from group 'DROP-RESERVED-SOURCES'
> >>        ##
> >>        discard;
> >>    }
> >>}
> >>
> >>Notice the comment "## 'RESERVED-ADDRESSES' is not defined".  It is
> >>defined...


More information about the juniper-nsp mailing list