cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Compliance Report Optional Config Block?

Jump to solution

Is there a way to only apply the block rules if the block is actually found? I.e. don't alarm on not finding a mandatory command in a block if the block doesn't exist?

I'm trying to make sure unused AUX lines in our equipment are turned off as per Cisco best practices. I'm looking for the presence of commands like "no exec" and absence of commands such as "password" or "transport input <something>" in the "aux 0" command block.

This works just fine as long as there's an "aux 0" line, but if the equipment doesn't have one, it gets immediately flagged to be in violation.

There are many other kinds of lines that have different config requirements, so global searches for those config stanzas won't work.

Any tips or suggestions?

Labels (1)
0 Kudos
1 Solution
Level 12

There is a check box in the config block section for it to not trigger a violation if the block is not found. I have highlighted it in the below image.Do not Trigger.JPG

View solution in original post

4 Replies
Level 12

There is a check box in the config block section for it to not trigger a violation if the block is not found. I have highlighted it in the below image.Do not Trigger.JPG

View solution in original post

Wow, don't I feel like an idiot now. Thank you!

0 Kudos

That is why we are all here!

Might need to handle this at the policy level, as in say that particular rule only applies to xyz machinetypes.  Might take a bit of testing to figure out which devices you need to exclude but thats the usual method for rules that don't apply to every device.

- Marc Netterfield, Github
0 Kudos