SRX Services Gateway
Reply
Contributor
aeroplane
Posts: 723
Registered: ‎06-30-2009
0

JUNOS Security By Rob Cameron ....There is a mistake in book????

Hi

 

There is a topic "Case Study 6-1: Site to Stie VPN" page number 332. OSPF over IPSEC VPN  configurations.

 

/*OSPF Protocol Configuration Configuration for Campus Core*/
[edit protocols]
root@SRX5800#show
ospf {
    area 0.0.0.0 {
            interface st0.0 {
                neighbor 192.168.100.1;
                neighbor 192.168.100.2;
                neighbor 192.168.100.3;
            interface-type p2mp;
            dynamic-neighbor
        }
    }
}

/*OSPF Protocol Configuration Configuration for Remote Offices*/
[edit protocols]
root@SRX5800#show
ospf {
    area 0.0.0.0 {
        interface st0.0 {
            neighbor 192.168.100.5;
        dynamic-neighbor;
        }
    }
}

 

I am getting the below error. I believe if we use the dynamic-neighbour key word, then we cannot specify neighour manually. So what is the correct configuraiton for this. If the author of book can put some light on this. It would be apprecited.

 

[edit protocols ospf area 0.0.0.0 interface st0.0]
  'neighbor'
    Neighbors cannot be specified manually if dynamic-neighbors is set
error: configuration check-out failed: (statements constraint check failed)

 

Thanks

Super Contributor
imirza
Posts: 88
Registered: ‎12-14-2009
0

Re: JUNOS Security By Rob Cameron ....There is a mistake in book????

Hi,

 

I am not the author of the book but I can certainly see your issue in my lab as well.

 

root@D10_32-SRX240H-Node1-HQ-SSH# show protocols ospf
area 0.0.0.0 {
interface st0.0 {
interface-type p2mp;
dynamic-neighbors;
##
## Warning: Neighbors cannot be specified manually if dynamic-neighbors is set
##
neighbor 50.50.50.4;
neighbor 50.50.50.2;

 

root@D10_32-SRX240H-Node1-HQ-SSH# commit check
[edit protocols ospf area 0.0.0.0 interface st0.0]
'neighbor'
Neighbors cannot be specified manually if dynamic-neighbors is set
error: configuration check-out failed: (statements constraint check failed)

 

 

It surely doesn't allow two things at the same time. You can either have static neighbors or dynamic.

 

It sure looks like a typo in the book.

 

Thanks

Iqbal Mirza

SRX Global JTAC

JNCIE-SEC#68, JNCIS-M, CCNP
_______________________________________
"Accepted Solution" = If the solutions works for you.
"Accepted Solution+Kudos" = If you really think I earned it.
Juniper Employee
JUNOSRob
Posts: 50
Registered: ‎09-10-2008
0

Re: JUNOS Security By Rob Cameron ....There is a mistake in book????

Hello I am one of the authors. You can submit this as an eratta on the link below. We are currently reviewing a plan to update the book. Your eratta would be most helpful in ensuring that the updated book will contain this fix. Thanks for the find!

 

http://shop.oreilly.com/product/0636920001317.do

Contributor
aeroplane
Posts: 723
Registered: ‎06-30-2009
0

Re: JUNOS Security By Rob Cameron ....There is a mistake in book????

Hi Rob

 

Just I want to confirm one thing that "dynamic-neighbour" under ospf configuration on HUB site keyword is necessary to build the NHTB entry automatically with non-juniper device?

 

Thanks

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.