Is there a way to only apply the block rules if the block is actually found? I.e. don't alarm on not finding a mandatory command in a block if the block doesn't exist?
I'm trying to make sure unused AUX lines in our equipment are turned off as per Cisco best practices. I'm looking for the presence of commands like "no exec" and absence of commands such as "password" or "transport input <something>" in the "aux 0" command block.
This works just fine as long as there's an "aux 0" line, but if the equipment doesn't have one, it gets immediately flagged to be in violation.
There are many other kinds of lines that have different config requirements, so global searches for those config stanzas won't work.
Any tips or suggestions?
Solved! Go to Solution.
Might need to handle this at the policy level, as in say that particular rule only applies to xyz machinetypes. Might take a bit of testing to figure out which devices you need to exclude but thats the usual method for rules that don't apply to every device.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.