This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Query all configration files stored in NPM/NCM for any line with the below: mac-address dynamic __:__:__:__:__:__ drop vlan XX

Hi All

I was wondering as I was asked this question today as we came across a scenario where a static mac-address dynamic __:__:__:__:__:__ drop vlan xx was blocking the device from getting network. Had to use netscoute on interface to identify where the location was as we have over 2000 devices/6000-7000 objects and over 1000 switches. Is there a way to setup NCM when it does a config backup setup for each evening that a scheduled task is setup to query all ncm files for that day if there is any mac address that is being blocked and to report the device details.

Parents
  • I must be able to query for "latest available config" on NCM to check for a "DENY" or "DROP" with a "Role Function" of device to not include firewalls but only Access/Distribution and Core Function Devices on network.

  • You could either do two rules, one for 'deny' and one for 'drop', or you could do a regex to match both, ie: "(deny|drop)".

    Not sure what you mean by "role function", is that a custom property you set up to distinguish between device types or something?   You set up what devices you want the report to target in the "Policy" part of the compliance section.   ie: you assign the rule (shown above) to a policy, and that policy has the ability to choose what devices you want to run it on.

    If you have a custom property named "RoleFunction", you would simply choose "Dynamic selection" of nodes, choose your custom property "RoleFunction" in the dropdown and choose "is" and type in whatever it needs to match in the last box.   If you have multiple things it needs to match, do an "or" with another rule below it with what else it needs to match.   Alternatively you could do a single rule that instead of saying "is", you could do "is not" and put in "Firewall" or whatever you use for firewalls there.

    I used the "MachineType" myself, which is the model of the device as its contained in SW.   But how you do it is your choice.  

Reply
  • You could either do two rules, one for 'deny' and one for 'drop', or you could do a regex to match both, ie: "(deny|drop)".

    Not sure what you mean by "role function", is that a custom property you set up to distinguish between device types or something?   You set up what devices you want the report to target in the "Policy" part of the compliance section.   ie: you assign the rule (shown above) to a policy, and that policy has the ability to choose what devices you want to run it on.

    If you have a custom property named "RoleFunction", you would simply choose "Dynamic selection" of nodes, choose your custom property "RoleFunction" in the dropdown and choose "is" and type in whatever it needs to match in the last box.   If you have multiple things it needs to match, do an "or" with another rule below it with what else it needs to match.   Alternatively you could do a single rule that instead of saying "is", you could do "is not" and put in "Firewall" or whatever you use for firewalls there.

    I used the "MachineType" myself, which is the model of the device as its contained in SW.   But how you do it is your choice.  

Children
No Data