cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 11

RFE Multiple Config Block Violation Remediation

I have a rule that verifies multiple interfaces are configured with particular features.  Here is a copy of this rule.

Start Block:
interface.*\n.*description DS[13]|interface.*\n.*description Link:|interface.*\n.*description Isolated|interface.*\n.*description Limited|interface.*\n.*description Printers|interface.*\n.*description Voice|interface.*\n.*description Computers|interface.*\n.*description Management|interface.*\n.*description Servers

End Block:
!

The rule produces the correct results as follows.

 

I would like to be able to remediate all violations using a single script.  This would require the policy engine to recursivly execute the remediation script for each config block in violation and be able to use the "Start Line:" as a variable.  Example:
conf t
 ${StartLine}
  ip verify unicast reverse-path
 exit
exit
${SaveConfig}

5 Replies
Level 11

Can we do this yet?  It seems like if we can search blocks for problems we should be able to remediate them also.  Being able to remediate multiple block violations would be VERY helpful to me in ensuring all our router and switch interfaces match our polcy requirement.  Would also allow less technical staff remediate configuration issues.

0 Kudos

Hi JustinY,

could you please take a look at this thread policy reporter smarter remediation scripts and tell us whether this is another description of what you want? Or what are the differences?

Thanks,

Jiri

0 Kudos

Yes, its pretty much the same thing I requested.

The detection logic using regex is smart enough to pin-point what interfaces you want to test specific conditions on a particular set of "blocks" but there is no inteligent method of remidating the issues detected on violating blocks.

0 Kudos

0 Kudos

Tracked as #138942.

0 Kudos