Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Configuration tag visible when both RFC and YANG compliants are configured for NETCONF

0

0

Article ID: KB35131 KB Last Updated: 24 Feb 2020Version: 2.0
Summary:

When the yang-compliant knob is configured simultaneously with the rfc-compliant knob on MX Series routers, hidden commands are created with a configuration tag even though they should not be visible.

This article explains that the solution for the issue is to configure only one compliance knob as per requirement.

Symptoms:

When NETCONF is configured with the rfc-compliant and yang-compliant knobs simultaneously, the system will respond with a configuration tag even though the tag should not be visible. However, when the yang-compliant knob is removed, the output is corrected and the hidden command is shown under the undocumented tag and the configuration tag is not seen.

Request

<rpc>
    <get-config>
        <source><running/></source>
        <filter type="subtree">
            <configuration>
                <firewall>
                </firewall>
            </configuration>
        </filter>
    </get-config>
</rpc>

Configuration

set system services netconf rfc-compliant yang-compliant ssh
set firewall disable-arp-policers <<< Hidden command

Response

<nc:rpc-reply xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/17.3R1/junos">
<nc:data>
<configuration xmlns="http://yang.juniper.net/yang/1.1/jc/configuration/junos/17.3R1.8" junos:commit-seconds="1569504845" junos:commit-localtime="2019-09-26 06:34:05 PDT" junos:commit-user="user1">
    <firewall>
    </firewall>
</configuration> <<<<< That output will be visible even though it shouldn't be there.
</nc:data>
</nc:rpc-reply>

Configuration

set system services netconf rfc-compliant ssh

Response

<nc:rpc-reply xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/17.3R1/junos">
<nc:data>
<configuration xmlns="http://yang.juniper.net/yang/1.1/jc/configuration/junos/17.3R1.8" junos:commit-seconds="1569504986" junos:commit-localtime="2019-09-26 06:36:26 PDT" junos:commit-user="user1">
    <firewall>
        <undocumented><disable-arp-policers/></undocumented>
    </firewall>
</configuration>
</nc:data>
</nc:rpc-reply>

Configuration

set system services netconf yang-compliant ssh

Response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/17.3R1/junos">
<data>
<configuration xmlns="http://xml.juniper.net/xnm/1.1/xnm" junos:commit-seconds="1569505422" junos:commit-localtime="2019-09-26 06:43:42 PDT" junos:commit-user="user1">
    <firewall>
    </firewall>
</configuration>
</data>

 
Cause:

The above demonstrated interpretation is as per Junos OS design.

Solution:

Depending on the desired outcome, one of the session compliance knobs should be chosen. The possible outputs for the different options are shown above.

Modification History:
2020-02-24: minor non-technical edits.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search