cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
499
Views
0
Helpful
1
Replies

NSO Policy

pigallo
Cisco Employee
Cisco Employee

 

Hello,

 

i'm facing an issue with NSO version 5.5.

While i'm trying to playing with policies i found i cannot configure any error message for expression that matches True/False values.
For example, if i create an error for any attempt to enable ip source-route on the device:

i'm executing these policies on netsim devices just for study purposes.

 

 

admin@ncs(config)#
admin@ncs(config)# policy rule no-source-route foreach /devices/device[starts-with(name,'ios')] expr config/ios:ip/source-route[true] error-message "Ip source route is a denied policy!"
admin@ncs(config-rule-no-source-route)#
admin@ncs(config-rule-no-source-route)# commit
Aborted: Ip source route is a denied policy!
admin@ncs(config-rule-no-source-route)# end
Uncommitted changes found, commit them? [yes/no/CANCEL]
Aborted: by user
admin@ncs(config-rule-no-source-route)# end
Uncommitted changes found, commit them? [yes/no/CANCEL]
Aborted: by user
admin@ncs(config-rule-no-source-route)# commit
Aborted: Ip source route is a denied policy!
admin@ncs(config-rule-no-source-route)# end
Uncommitted changes found, commit them? [yes/no/CANCEL] y
Aborted: Ip source route is a denied policy!
admin@ncs(config)# end
Uncommitted changes found, commit them? [yes/no/CANCEL] no

 

I receive an abort action when i commit, there's something wrong here. It shouldn't do that.
There's no way to commit this error check.
So i was wondering that xpath was wrong and when i did check xpath i then tried to change the expression without any result.

 

admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# policy rule no-source-route foreach /devices/device[starts-with(name,'ios')] expr config/ios:ip/source-route true error-message "Ip source route is a denied policy!"
--------------------------------------------------------------------------------------------------------------------------------^
syntax error: element does not exist
admin@ncs(config)#
admin@ncs(config)# end
admin@ncs# show running-config devices device ios0 config ip source-route | display xpath
/devices/device[name='ios0']/config/ios:ip/source-route false

 

it gives me a syntax error for space between source-route true.
But anyway beyond that even with parenthesis it doesn't work. What's missing here?

I noticed that even with other paths, like for example ip http server, it doesn't work anyway.

Thanks for any help.

P.

1 Reply 1

Alex Stevenson
Cisco Employee
Cisco Employee

 

Hello @pigallo,

 

 

I wasn't able to find any Bugs similar to this on the Cisco Bug Search Tool , although I would check for myself if I was you, before ruling that out.

 

I would also take a look at Cisco DevNet's NSO Guide - 5.5

 

 

Hope this helps!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the NSO Developer community: