vManage generate wrong configuration for custom control-policy

Martin Kyrc · ‎05-24-2019

I'm playing with custom control-policies and CLI configuration generated based on "GUI process" is wrong. Relevant part of generated config here:

 control-policy SC3-BR51
    sequence 1
     match tloc
      site-list HQ
      source-ip 0.0.0.0/0 << this row is generated but not accepted after applying policy
     !
     action reject
     !
    !
<cut>
  default-action accept
 !

Attempt of activating policy ends with syntax error "unknown source-ip ...". When I create the same custom control-policy without this row, everything works correct. I'm not able confugure "source-ip" in the GUI.

Step by step in "GUI" (based on some lab guide):

Under Topology select Add Topology and choose Custom Control (Route & TLOC).
Specify name and description (in my case SC3-BR51).
Add Sequence Type and select TLOC. Add first sequence rule. Under Match choose
Site and select "HQ" site list. Default action – reject is suitable.

vManage and vSmart version is 18.4.0.

Any ideas?

--

martin

David Klebanov · ‎05-31-2019

Hi Martin,

The addition of source 0.0.0.0/0 in the match condition of centralized policies built using the policy builder wizard was needed for some internal operation, however, unfortunately, it created an issue where matching was not occurring. There would not be an issue to activate a policy, but the policy may not have worked as expected... This sounds a little different from what you are describing, but nonetheless my suggestion would be to upgrade the controllers and routers to a later 18.4.x release if you want to stay on the 18.x train or to the 19.1 release.

Hope this helps.

David

@DavidKlebanov

Twitter: @DavidKlebanov