Junos OS

last person joined: 6 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  config group not inheriting even though applied

    Posted 09-26-2016 16:57

    I've got this group configured and applied, but my EX2200 isn't applying the config for some reason. Anyone want to give me a second look to see if this is a problem or not? Basically the goal is to just apply this same config for ethernet-switching options at a group level for all built in copper ports...I see port error disabled being applied, but the interface stanzas aren't matching for some reason.

     

    groups {
    REQUIRED {
        ethernet-switching-options {
            secure-access-port {
                interface <ge-0/0/*> {
                    mac-limit 1 action drop;
                    persistent-learning;
                }
            }
            port-error-disable {
                disable-timeout 3600;
            }
            bpdu-block {
                interface <ge-0/0/*>;
            }
        }
    }
}
apply-groups [ REQUIRED ]

    All I get inherited is below...

     

    ##
## 'port-error-disable' was inherited from group 'REQUIRED'
##
port-error-disable {
    ##
    ## '3600' was inherited from group 'REQUIRED'
    ##
    disable-timeout 3600;
}

     



  • 2.  RE: config group not inheriting even though applied

     
    Posted 09-27-2016 01:18

    Hi, 

     

    In groups, configs under <ge-0/0/*> are applied when the interfaces are defined under that hierarchy due to apply-path. Since the interfaces are not defined under that hierarchy, it is not being inherited.

     

    You could try using interface-range but not sure if its supported under switch-options. I tested this on vMX:

    # show protocols layer2-control | display inheritance
    bpdu-block {
     ##
     ## 'ge-0/0/5' was expanded from interface-range 'TEST'
     ## 'ge-0/0/6' was expanded from interface-range 'TEST'
     ##
     interface [ ge-0/0/5 ge-0/0/6 ];
    }

    Else, you may need to define the interfaces individually and the remaining config will be inherited :

    set ethernet-switching-options secure-access-port interface ge-0/0/0

    Cheers,

    Ashvin



  • 3.  RE: config group not inheriting even though applied
    Best Answer

    Posted 09-28-2016 09:30

    I ended up doing this for the various service offerings we are going to have...It's a little more lines of code then I wanted but should work fine to do various different service profiles on a device that are just applied with apply-groups for customer CPEs. 

     

    Thanks again!

     

    groups {
    SERVICE-10M {
        interfaces {
            "<ge-0/0/*>" {
                mtu 9000;
                ether-options {         
                    link-mode automatic;
                    speed {
                        10m;
                    }
                }
                unit 0 {
                    family ethernet-switching {
                        port-mode access;
                        vlan {
                            members 201;
                        }
                    }
                }
            }
            ge-0/0/0 {
                unit 0;
            }
            ge-0/0/1 {
                disable;
            }     
            ge-0/0/2 {
                disable;
            }                           
            ge-0/0/3 {
                disable;
            }
            ge-0/0/4 {
                disable;
            }
            ge-0/0/5 {
                disable;
            }
            ge-0/0/6 {
                disable;
            }
            ge-0/0/7 {
                disable;
            }
            ge-0/0/8 {
                disable;                        
            }
            ge-0/0/9 {
                disable;
            }
            ge-0/0/10 {
                disable;
            }
            ge-0/0/11 {
                disable;
            }
            ge-0/1/0 {
                disable;
            }
            ge-0/1/1 {
                mtu 9000;
                unit 0 {
                    family ethernet-switching {
                        port-mode trunk;
                        vlan {
                            members 200-201;    
                        }
                    }
                }         
            }
        }
        ethernet-switching-options {
            secure-access-port {
                interface ge-0/0/0.0 {
                    mac-limit 1 action drop;
                    persistent-learning;
                }
                vlan all {
                    arp-inspection;
                    examine-dhcp;
                    ip-source-guard;
                }
            }            
            port-error-disable {
                disable-timeout 3600;
            }
            bpdu-block {
                interface ge-0/0/0.0 {
                    drop;
                }
            }
        }        
    }
}