Change Template Parameters

JustinY

I want to create a change request template to allow our staff to configure PC ports to meet our security and documentation requirements.

The trick is that for each port configured it would have to include a description for each interface.  There was nothing in the documentation explaining how to do this.  Another option would be to limit the template so it could only be executed on a single interface at a time.  Again nothing in the documentation about this.

My script would run something like this.

First clear any existing interface configuraiton.
CLI { default interface (@ITF.InterfaceName) }

Next enter the required interface configuration.
CLI {
interface (@ITF.InterfaceName)
description computer: @PCName
switchport mode access
switchport nonegotiate
switchport voice vlan 60
switchport port-security
switchport port-security maximum 3
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
dot1x port-control auto
dot1x timeout quiet-period 2
dot1x timeout tx-period 2
dot1x timeout reauth-period server
dot1x timeout supp-timeout 2
dot1x timeout server-timeout 2
dot1x max-req 5
dot1x max-reauth-req 5
dot1x guest-vlan 20
dot1x reauthentication
dot1x auth-fail vlan 20
dot1x auth-fail max-attempts 2
fair-queue
hold-queue 64 in
hold-queue 64 out
}

JustinY

I got most of this figured out myself.  The change template forces the user to select a single interface per node but because it allows multiple nodes to be selected the description does not end up being unique.  So now I either need to somehow force only a single node to be selected for require unique descriptions for each interface selected.  That might require some extensive changes to the change template framework.

/*
.CHANGE_TEMPLATE_DESCRIPTION
        This change template configures a port for secure PC access with 802.1x authentication.
.CHANGE_TEMPLATE_TAGS
 Cisco, IOS, Security
.PLATFORM_DESCRIPTION
        Cisco IOS.PARAMETER_LABEL @ContextNode
        NCM Node
.PARAMETER_DESCRIPTION @ContextNode
        The node the template will operate on.  All templates require this by default. The target node is selected during the first part of the wizard so it will not be available for selection when defining values of variables..PARAMETER_LABEL @TargetPort
        Select Port
.PARAMETER_DESCRIPTION @TargetPort
        Select the port for which you would like to configure for secure PC access..PARAMETER_LABEL @PCName
        Name of the PC connected to this port.
.PARAMETER_DESCRIPTION @PCName
        Enter the name of the PC connected to this port. 
*/script ConfigureSecurePCPort802dot1x (    
                                          NCM.Nodes @ContextNode, 
                                          NCM.Interfaces @TargetPort, 
                                          string @PCName )
{
  // Enter configuration mode
  CLI 
  {
   configure terminal
  }
  CLI
  {
    default interface @TargetPort.InterfaceDescription
    interface @TargetPort.InterfaceDescription
     description computer: @PCName
     switchport mode access
     switchport nonegotiate
     switchport voice vlan 60
     switchport port-security
     switchport port-security maximum 3
     switchport port-security aging time 2
     switchport port-security violation restrict
     switchport port-security aging type inactivity
     dot1x port-control auto
     dot1x timeout quiet-period 2
     dot1x timeout tx-period 2
     dot1x timeout reauth-period server
     dot1x timeout supp-timeout 2
     dot1x timeout server-timeout 2
     dot1x max-req 5
     dot1x max-reauth-req 5
     dot1x guest-vlan 20
     dot1x reauthentication
     dot1x auth-fail vlan 20
     dot1x auth-fail max-attempts 2
     fair-queue
     hold-queue 64 in
     hold-queue 64 out
  }  
  CLI
  {
     exit
  }  // Exit configuration mode
  CLI
  {
    exit
  }
}