cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

NCM Policy Rules / Regex Help

I'm trying to build a rule to match within a config block, that will report if any bgp neighbor does not have bgp authentication. The issue I am having is if within the config block there are multiple BGP neighbors, as long as one neighbor has authentication, it wont report any violation.

NO VIOLATION EXAMPLE:
router bgp 65000

bgp log-neighbor-changes

bgp default local-preference 200

network 10.1.1.1 mask 255.255.255.255

neighbor 10.1.1.142 remote-as 65000

neighbor 10.1.1.142 password saldjfalsdjfasdfj

neighbor 10.1.1.142 next-hop-self

neighbor 10.1.1.150 remote-as 65008

neighbor 10.1.1.150 password wqersadfasdfasf

neighbor 10.1.1.150 next-hop-self

maximum-paths ibgp 2

!

VIOLATION EXAMPLE:

router bgp 65000

bgp log-neighbor-changes

bgp default local-preference 200

network 10.1.1.1 mask 255.255.255.255

neighbor 10.1.1.142 remote-as 65000

neighbor 10.1.1.142 next-hop-self

neighbor 10.1.1.150 remote-as 65008

neighbor 10.1.1.150 password wqersadfasdfasf

neighbor 10.1.1.150 next-hop-self

maximum-paths ibgp 2

!

Unfortunately my policy is not triggering on what should be a policy, because there is at least one match, it does however report the violation if no BGP neighbors have authentication.

Here is my Regex:
String is NOT Found
must contain: (^\s+neighbor 10.*remote-as.*\n
and
must contain: ^\s+neighbor 10.*password.*\n)

In config block
Begin: router bgp
End: !


I have tried doing it as a single line in the must contain, and separated and joined with parenthesis, same result with both methods.









Labels (1)
0 Kudos
1 Reply

The "problem" here is, that you need to take the matching string that you found with your regEx (e.g. neighbor 10.1.1.142 = $String)  and find the exact same string as a prefix with a trailing password -> "$String password"

I haven't had the need for this in the past and I am no expert on regEx, but this might give you a starting point where to look further.

0 Kudos