System-Provisioned Configuration (SPC) objects (configuration list elements and their descendants) are provided as a convenience to users in SR OS.
There are two basic classes of SPC objects: deletable and non-deletable.
Deletable SPC objects are placed into the configuration by SR OS but can be deleted (removed) by a user. The following characteristics apply to deletable SPC objects.
In the classic CLI these are removed by specifying the keyword no, which is then visible in an info command or in a saved config (admin save); for example, no log-id 99.
Deletable SPC objects can be removed or recreated via NETCONF <edit-config> requests.
Deletable SPC objects that have not been removed are visible in a NETCONF <get-config> response.
Deletable SPC objects that have been removed are not visible in model-driven interfaces.
The following are examples of deletable SPC objects (in classic CLI format).
configure system security profile default
configure system security profile default entry 10-100
configure system security profile administrative
configure system security profile administrative entry 10-112
configure system security user "admin"
configure system security user console member "default"
configure system security ssh client-cipher-list protocol-version 1 cipher 200-210
configure system security ssh client-cipher-list protocol-version 2 cipher 190-235
configure system security ssh server-cipher-list protocol-version 1 cipher 200-205
configure system security ssh server-cipher-list protocol-version 2 cipher 190-235
configure log filter 1001
configure log filter 1001 entry 10
configure log log-id 99 & 100
Non-deletable SPC (ND-SPC) objects are not added to the configuration by SR OS, but they can be referenced by other parts of the configuration even if they are not visible as part of the configuration. The following characteristics apply to ND-SPC objects.
Some ND-SPC objects contain leafs (or other descendant elements) that can be modified (for example, cpu-protection policy 254). Some ND-SPC objects cannot be modified (for example, qos sap-ingress ‟default”).
ND-SPC objects are not displayed in model-driven interfaces as part of the configuration unless a user explicitly creates the object. This explicit creation of ND-SPC objects is only supported when operating in model-driven configuration mode; it is not supported in mixed configuration mode. When a user explicitly creates an ND-SPC object, SR OS remembers that it was explicitly created and displays it as part of the configuration. This may be useful for NETCONF clients and tools that perform offline validation of the configuration against the SR OS YANG models and to resolve leafrefs that point to ND-SPC objects.
ND-SPC objects are not displayed in the classic CLI as part of the configuration unless a child or descendant element is modified. Some exceptions to this behavior include configure service customer 1 name ‟1” and configure system security cpu-protection policy 254.
Deleted ND-SPC objects in model-driven interfaces no longer appear as part of the configuration. All descendant elements are reset as unconfigured.
ND-SPC objects cannot be deleted in the classic CLI. A deletion attempt returns an error.
ND-SPC objects can be referenced by other parts of the configuration regardless of whether they have been modified or created.
ND-SPC objects created inside a configuration group in model-driven interfaces do not appear in the output of info intended or info inheritance.
The following are examples of non-deletable SPC objects (in classic CLI format).
configure system security cpu-protection policy 254 & 255
configure system security user-template {tacplus_default|radius_default}
configure system security snmp view iso …
configure system security snmp view li-view …
configure system security snmp view mgmt-view …
configure system security snmp view vprn-view …
configure system security snmp view no-security-view …
configure system security snmp access group xyz (a set of access groups)
configure log event-control …
configure filter log 101
configure qos … various default policies cannot be deleted
configure card <x>
configure router "Base"
configure router "management"
configure router network-domains network-domain ‟default”
configure oam-pm bin-group 1
configure call-trace trace-profile ‟default”
configure eth-cfm default-domain bridge-identifier <x>
configure service customer 1 name "1"