I need to change a MIP in my netscreen, I have tried removing every conceivable policy that refers to this MIP and tried removing the address the MIP refers to, but when I go in to the addresses, it will not let me change or remove the MIP. It still says that it's in use. Is there any way to force a MIP to not be used?
Use the CLI:
get config | include mip
That should show you where it's used, if it's not reset the box (do
*not* save config if prompted), and try again.HTH
Triffid
The only way to force the MIP to not be used IS to remove the policy in use. Another easy way to work around this is to download the config, modify it, upload it again replacing the current config and bounce the box.
So uploading the config and doing replace instead of merge will force it to take the config? What is the worst case scenario that could happen with this? Please excuse my ignorance, I am coming in to a situation where this thing is already in place and I know nothing of them.
Yes, it dumps it to flash and does not save the config in resident memory. Worst case, you connect to the console cable and upload via TFTP. But you won't have any problems. It should work fine, in fact, I recommend using the console cable to see where it breaks if it does so that you can modify the config and try again. It's VERY straight forward. You'll do fine.
Indeed, but the OP apparently missed the applicable policy, so I suggested using the CLI to search the config for references to the MIP.
I use this method exclusively as I find it more reliable and less prone to error than using the GUI to make changes on the fly. Netscreen configs are trivial to manipulate with perl or shell scripts - e.g. I maintain consistent configs across a number of branch office boxes using a generic config template, a table of local variables per office, and a script that plugs the location specifics into the generic template.
I also have a daily cron job that sshs to each box, dumps the config, and alerts me if the running config deviates from the template. If I had my way, it would also restore the standard config, but that's another story :-)
Triffid
Really Triffid, you need to get rid of that and use NSM.
Sounds like a mess, I'm sure it's working great, but 'cmon.
It's coming, it's coming...
There have been a few issues with NSM in our environment, but with any luck the latest upgrade will deal with the last of them so we can go live.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.