Hello everyone,
I Have multiple switches (Cisco + Brocade) in one Group.
I want to be able to show the port security (if it is enable or not) on all ports of all switches.
How can I do that ?
Thank you.
Hello,
Use Compliance Policy Reports.
Rule for Cisco devices:
Config block start: use your interface type.
Brocade - depends of config, you could also use "Blocks" for searching.
Regards,
Mateusz
Thank you ! It works great. I Have a few interfaces (They are trunks) where I did not enable the port-security (It is normal). Is that possible to avoid the control on these interfaces ?
Maybe I can add an excpetion where "switchport mode trunk" is enable ?
Hi naeschlimann,
You can extend the condition -- click on "Add Another String" and define the condition as "must not contain" string "switchport mode trunk".
Jiri
Hi Jiri,
Thank you for your advice but it does not work well. Look at the print screen below and tell me if I did something wrong. Even if he found trunk and did NOT find port security it marks the rule as violated.
Here you go:
Remember that this is port-security with "dash" char for Cisco.
Thanks for posting this. It has been very helpful. I have been able to use this to report on which switches in my environment do not have port security applied. However, I'm in need of some assistance. Is there a way to tweak the way a search is made? In other words, I have Vlan interfaces that I don't need included in the report. Using the "interface" attribute in the "Search Config File/Block" brings back any line that starts with "interface". Is there a way to logically omit these interfaces in that section of the rule?
Try changing the Config Block Start to 'interface.*ethernet' and set Config Block String Type to Regular Expression.
I ended up just changing the Config Block Start to "interface FastEthernet". This gets me where I need to be. Thanks for all the help...
Now, does anyone know how to export the report in to a usable format? Exporting to .csv or Excel is useless...doesn't give you the option to report the individual results per node. Basically, it just spits out what's on the screen, which is a list of nodes and whether or not they violate. I would want a more detailed report that tells me which nodes violate and the ports that need to be remediated. Thoughts?
Hi turturici,
Exporting the violation details is something we are working on -- see Network Configuration Manager v7.4 Beta2 is Available!.
I am struggling to get a report on port security to report back against all our switches in one single run. That is to say I can't find a way in either the config block or an reg expression to allow for EITHER a fast ethernet or gigabit ethernet interface to be queried. I can get results from an either or as per this report in the thread, but despite reading a number of other threads I can't seem to figure out a way to get results if the report is run against a fleet of Cisco switches that include models some with Fa's and others with Gi's interfaces.
Can anyone shine a light on how this might be achieved please in one report run?
We actually have tasked a contractor who specialises in Orion to figure a way to do this. and he has not succeeded either! Perhaps it isn't possible?
Any help appreciated.
Cheers.
Create two separate Rules, one for Gig interfaces and another one for Fa interfaces.
Put those into same Policy and then into Report.
Your Report should have two columns and violation should be related only to specific switch model (of course you can have 100M switch with 1Gig uplinks and report will include those).
Remember to mark this as String NOT found and use blocks (for Gig and Fa)
The first question should be - what do you want to achieve? You want to rule out ports where port-security is disabled?
Cheers,
