How to exclude trunks using Regex in compliance rule creation

Hello all,

We are in the process of reviewing running configurations for STIG violations in the compliance section of NCM.

What I'm having an issue with is creating an operational Regex string that will check all access port configurations and exclude any trunks.

It looks like this can be accomplished with a well written Regex in the "Config block start" field however I'm a bit of a novice with Regex. (2 days in on learning this stuff)

I could have it start at "switchport mode access" however when an admin goes to check compliance it doesn't show the interface as the start line will be "switchport mode access"

Thank you

  • Here's an example - tall screenshot attached - of how I've done that for Cisco IOS.  Be VERY careful with the AND/OR conditions and the parenthesis/grouping in the "Advanced config search" section since it can have a dramatic effect on the behavior.  Experience has taught me to use the TEST button extensively to make sure you get the results you want.  I'm lucky enough to have a test switch set aside for this, but you could also test with random switchports that have nothing connected to them - program them every random way you can think, and check to see the rule evaluates the port programming the way you expect.  Another tripping point when I first got started dealing with interfaces is the space at the beginning of the lines after the beginning.  It can break the ^ character in the RegEx, which is an "anchor" that basically means "line starts here".  This would also apply to any of the configuration sections that are indented, such as the console and VTY lines in Cisco IOS.