cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
519
Views
0
Helpful
1
Replies

NSO Policy

pigallo
Cisco Employee
Cisco Employee

 

Hello,

 

i'm facing an issue with NSO version 5.5.

While i'm trying to playing with policies i found i cannot configure any error message for expression that matches True/False values.
For example, if i create an error for any attempt to enable ip source-route on the device:

i'm executing these policies on netsim devices just for study purposes.

 

 

admin@ncs(config)#
admin@ncs(config)# policy rule no-source-route foreach /devices/device[starts-with(name,'ios')] expr config/ios:ip/source-route[true] error-message "Ip source route is a denied policy!"
admin@ncs(config-rule-no-source-route)#
admin@ncs(config-rule-no-source-route)# commit
Aborted: Ip source route is a denied policy!
admin@ncs(config-rule-no-source-route)# end
Uncommitted changes found, commit them? [yes/no/CANCEL]
Aborted: by user
admin@ncs(config-rule-no-source-route)# end
Uncommitted changes found, commit them? [yes/no/CANCEL]
Aborted: by user
admin@ncs(config-rule-no-source-route)# commit
Aborted: Ip source route is a denied policy!
admin@ncs(config-rule-no-source-route)# end
Uncommitted changes found, commit them? [yes/no/CANCEL] y
Aborted: Ip source route is a denied policy!
admin@ncs(config)# end
Uncommitted changes found, commit them? [yes/no/CANCEL] no

 

I receive an abort action when i commit, there's something wrong here. It shouldn't do that.
There's no way to commit this error check.
So i was wondering that xpath was wrong and when i did check xpath i then tried to change the expression without any result.

 

admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# policy rule no-source-route foreach /devices/device[starts-with(name,'ios')] expr config/ios:ip/source-route true error-message "Ip source route is a denied policy!"
--------------------------------------------------------------------------------------------------------------------------------^
syntax error: element does not exist
admin@ncs(config)#
admin@ncs(config)# end
admin@ncs# show running-config devices device ios0 config ip source-route | display xpath
/devices/device[name='ios0']/config/ios:ip/source-route false

 

it gives me a syntax error for space between source-route true.
But anyway beyond that even with parenthesis it doesn't work. What's missing here?

I noticed that even with other paths, like for example ip http server, it doesn't work anyway.

Thanks for any help.

P.

1 Reply 1

Alex Stevenson
Cisco Employee
Cisco Employee

 

Hello @pigallo,

 

 

I wasn't able to find any Bugs similar to this on the Cisco Bug Search Tool , although I would check for myself if I was you, before ruling that out.

 

I would also take a look at Cisco DevNet's NSO Guide - 5.5

 

 

Hope this helps!