DX NetOps

Hi all,

I have several LAN containers under Universe, all with different Security Strings. Suddenly, some devices located under all the containers (found no pattern, seems random) have started inheriting the Security String of other container located at the same level than the others.

Universe has its Security string assigned and is properly inherited by its "son" containers. "Son" containers also have different security strings that are being correctly inherited by the devices contained.

The problem is that some devices (not all) located at container2, container3, container 4 ... are inheriting also security from container1.

For example: assuming that security string of Universe is secUni, container1's is secCon1, container2's is secCon2, container3's is secCon3, etc. a device located in container2 should inherit the security string secCon2|secUni. But in my case some devices are inheriting secCon2|secUni&secCon1|secUni without no reason, because there are no relation between both containers and both are located at same level.

When trying to change it, delete, etc. it reverts back again. We have tried to move topology to new containers and the problem persists.

Any help? Any idea? Everything would be appreciated,

Thank you in advance!

Looks like those devices have some relationship with Global Collection 1, by any chance are the devices also included in GC1? Do the affected devices have something in common, like if they are of the same make, part of same landscape, etc. 

Hi Julian,

  To add to what Hamza noted, you can try using CLI and run ./show associations on the model.  Look to see if there is an association to something else that may be adding the string (ie, a GC).  If that doesn't fix it, you'll probably need to open a case and have us take a look at the db.

Cheers

Jay

Thanks Jason, i'll check what you suggest.

Thank your for your reply.

I'm not talking about Global Collections, bad inheritance is happening in devices contained IN containers under Universe, are part of the same landscape, but i couldn't find any pattern that could make a relation between devices, it seems fully random.

Hi,

Oops - am sorry, got it

Hi Julian,

If this is still eluding you, please open a case so we can take a look at the database.

Cheers!

Jay

Hi Jason,

We temporary "solved" this issue by creating a new policy in the policy manager that force all devices under an especific Topology Location to set the correct Security Strings. After applying the policy, problem disappears.

We are just in the middle of the re-creation and migration of part of this server into another new one. If this issue persist after that, we'll open a case.

Thanks so much everybody,

Hello friend, how are you?
I was seeing a problem, and I realized that when I put a string in the Main Container, it replies to everyone below, I applied the string per container.

Example:

Note that my main container is the US Remote Site if  I insert the string into this container it replicates to the containers below it.

Thanks for your reply.

The inheritance from the main container's security string that you are talking about is the expected behaviour. In my case, the problem is that some devices (only a few random) belonging to one container are adding the security string of one of its "brother" container.