Hi,
I am looking to check that the configuration of interfaces on Cisco devices adhere to some basic standards. The search config block option in the creation of a rule allows me to to this, but it seems to have a flaw - which I think could be corrected in future releases without too much re-engineering. Alternatively, if I am wrong or anyone can suggest a workaround I am all ears.
The flaw is that the policy reporter assumes that a config block MUST exist in a config. This is fine if you start and end the config block with:
interface gigabitethernet (start)
! (end)
because you can easily predict if your devices have certain types of interfaces. However this logic will only ever let you check interface config lines that apply to ALL gigabit interfaces.
Let me present a scenario: Say I have a particilar type of kit which connects to a Cisco switch - say a number of call loggers - and I want to ensure that the ports are always in vlan 200 (switchport access vlan 200). This is just an example.
I could devise a standard, where all call logger ports have a description of "description Call logger - <name>" and create a rule with a config block of:
description Call logger(start)
! (end)
I could then add any regexs I like, such as "switchport access vlan 200"
The problem is I would get errors for any Cisco devices which did not contain the above config block. I want to be able to apply the regexs of a config block, ONLY if the config block exists.
Edit: A tick box in the rule definition which says "Alert if config block found" would make the policy reporter tool massively more useful.
Can anybody assist? If I have not made it clear, above, what I mean please ask.
Regards, Andy.