It seems like this needs to be changed, but I am not sure where the data is coming from so I wanted to see what others thought.
in NCM under Compliance the 'Cisco Policy Report' under 'Cisco Reports', that by default runs a rule called "Lin CON 0 - Input all" with a specific command "line con 0.*\n(.*\n)*.*transport input all". The problem is that for line console 0 there is no "input" as an available command. You can only use transport preferred or transport output because its a console port.
3560X-TEST#
3560X-TEST#
3560X-TEST#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3560X-TEST(config)#line con 0
3560X-TEST(config-line)#transport input
^
% Invalid input detected at '^' marker.
3560X-TEST(config-line)#transport ?
output Define which protocols to use for outgoing connections
preferred Specify the preferred protocol to use
3560X-TEST(config-line)#
3560X-TEST(config-line)#
3560X-TEST(config-line)#
3560X-TEST(config-line)#transport output ?
all All protocols
none No protocols
ssh TCP/IP SSH protocol
telnet TCP/IP Telnet protocol
3560X-TEST(config-line)#transport output
But this doesn't apply to a VTY port, obviously. So it would seem the policy needs to be changed and is broken by default, I don't know if this is a policy that Cisco sends to Solarwinds and then on to my NCM? Does it update with patches? Or is it statically put into the product then "shipped" when the product is first installed.
In any case this policy will never show a violation..... ever, because the scenario isn't possible.
Tested on 3560, 3560v2, 3560X, 3750X, 6500Vss
e-
