Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] 'error: Maximum supported length is (250)' is seen while configuring policy names

0

0

Article ID: KB35994 KB Last Updated: 24 Jun 2020Version: 1.0
Summary:

This article explains the maximum length of characters supported while configuring policy names on certain Junos versions that might restrict successful commit operations on Junos series devices.

Ideally, policy-names with more than 250 characters (including quotes) on routing devices may return an error depending on the current Junos version running.

 
Symptoms:

Configuration Error:

error: key value is too long (253). Maximum supported length is (250)
error: statement creation failed: (( "DENY-DEFAULT" && "REMOVE-COMM-ALL" && "ACCEPT-AS99999.99999-ROUTE" && "SET-DENY-TESTE-INTERNAL" 
&& "SET-MED-TEN" && "SET-TYPE-DC" && "SET-LOCALPREF-TESTE" && "SET-SCOPE-WORLD" && "SET-LOCATION" && "SET-AS99999.99999-IN" && 
"ACCEPT-ANYCAST-ROUTE" ))

Here, the words in black represent the policy name.

Solution:

This is an expected error since certain releases of Junos have a restricted character length allocated for policy names. The maximum character length is 250 for some releases on the Junos series devices. The following versions have a strict 250 limit on policy names:

  • 15.1R7
  • 16.1R4-S5
  • 16.1R6
  • 16.2R3
  • 17.1R3
  • 17.2R2
  • 17.2X75-D50
  • 17.3R1

Example:

On a device running Junos OS 15.1F5: 

user@host# set policy-options policy-statement AS99999-TESTIN-IN term ONE from policy (( DENY-DEFAULT && REMOVE-COMM-ALL && ACCEPT-AS99999.99999-ROUTE && 
SET-DENY-TESTE-INTERNAL && SET-MED-TEN && SET-TYPE-DC && SET-LOCALPREF-TESTE && SET-SCOPE-WORLD && SET-LOCATION && SET-AS99999.99999-IN && 
ACCEPT-ANYCAST-ROUTE ))

user@host# set policy-options policy-statement AS99999-TESTIN-IN term ONE then accept

user@host# set policy-options policy-statement AS99999-TESTIN-IN term TWO then reject

The commit executes successfully even when the policy name exceeds 250 characters. The length of characters is counted after adding double quotes around each name separated by &&. In the above, the characters will be as below:

(( "DENY-DEFAULT" && "REMOVE-COMM-ALL" && "ACCEPT-AS99999.99999-ROUTE" && "SET-DENY-TESTE-INTERNAL" && "SET-MED-TEN" && "SET-TYPE-DC" && "SET-LOCALPREF-TESTE"
&& "SET-SCOPE-WORLD" && "SET-LOCATION" && "SET-AS99999.99999-IN" && "ACCEPT-ANYCAST-ROUTE" ))

‚ÄčTotal character count = 253

[MASTER]
[edit] user@host# commit 
 commit complete

Similarly, on a device running Junos OS 17.4R2:

[edit]
user@host# set policy-options policy-statement AS99999-TESTIN-IN term ONE from policy (( DENY-DEFAULT && REMOVE-COMM-ALL && ACCEPT-AS99999.99999-ROUTE && 
SET-DENY-TESTE-INTERNAL && SET-MED-TEN && SET-TYPE-DC && SET-LOCALPREF-TESTE && SET-SCOPE-WORLD && SET-LOCATION && SET-AS99999.99999-IN && 
ACCEPT-ANYCAST-ROUTE ))                                  

error: key value is too long (253). Maximum supported length is (250)
error: statement creation failed:
 (( "DENY-DEFAULT" && "REMOVE-COMM-ALL" && "ACCEPT-AS99999.99999-ROUTE" && "SET-DENY-TESTE-INTERNAL" && "SET-MED-TEN" &&
"SET-TYPE-DC" && "SET-LOCALPREF-TESTE" && "SET-SCOPE-WORLD" && "SET-LOCATION" && "SET-AS99999.99999-IN" && "ACCEPT-ANYCAST-ROUTE" ))

An error is displayed indicating that the character count exceeds 250.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search