3 Replies Latest reply on Feb 24, 2017 1:11 PM by scott.l

    Nested IF ELSE Statement (using AND/OR) for 802.1x Compliance

    scott.l

      I'm trying to perform a compliance check on some ports, but have come across an instance where I essentially require a nested if statement to perform a secondary check. I am able to check if a port has dot1x or sticky mac (image attached); however, I run into an issue when validating the dot1x configuration when adding a phone into the equation. The problem I encounter when checking if the port has a voice vlan, I need to verify it also has the host-mode multi-domain command. I can't seem to determine how to add this in using the and/or/brackets only allowed. I'm wondering if someone could shed some light on the approach I could take to produce a rule based on the following logic:

       

      If the config block contains string dot1x pae authenticator then

           If config block contain string switchport voice vlan Then

                must contain regex .*host-mode multi-domain

           End If

           must contain regex .*port-control auto

      Else

           must contain string switchport port-security

           and

           must contain string switchport port-security violation restrict

           and

           must contain string switchport mac-address sticky

      End If

       

      This would allow me to validate the 2 dot1x scenarios:

       

      !

      interface GigabitEthernet1/0/1

      switchport access vlan 22

      switchport mode access

      authentication port-control auto

      dot1x pae authenticator

      spanning-tree portfast

      end

      !

      interface GigabitEthernet1/0/2

      switchport access vlan 22

      switchport mode access

      switchport voice vlan 33

      authentication host-mode multi-domain

      authentication port-control auto

      dot1x pae authenticator

      spanning-tree portfast

      end

      !

       

      I have already voted for the IF/THEN/ELSE post created by jimdnorris