I've been working for awhile in setting up some compliance reports that allows me to check specific interfaces for configuration commands. My issue was that I needed to only make these checks on interfaces that were assigned to vlan 3001. I looked here, but couldn't find anyone else who solved this particular issue, so I thought i'd share my work and maybe help others out or refine my technique.
So my issue is that i need to make checks for qos commands on interfaces assigned to vlan 3001:
Example interface:
interface GigabitEthernet1/0/1
description This is for a critical device
switchport access vlan 3001
So the data i want is the first and third line. The regex I came up with is this:
^interface (Fast|Gigabit)Ethernet././.+\r\n\sdescription(.*$)\r\n\sswitchport access vlan 3001\r\n
This grabs the inteface information and matches only to switchports who have access vlan 3001. Now let's break it down line by line, since this is a multiline regex.
Line one is this part: ^interface (Fast|Gigabit)Ethernet././.+\r\n
This says that "interface" has to be at the start of the line. after interface it can say either Fast or Gigabit and Ethernet exists after both of them. In the ././.+ section the "." represents any alphanumeric character. the / is the / from the interface and the + allows for more than 1 character (so it matches 1 and 10). \r\n deal with carriage returns and newlines. Adding this allows us to evaluate the second line, description.
Line 2 is this part: \sdescription(.*$)\r\n
in conf-if, there is always a space before the command so \s accounts for the space before "description". After the word description, "(.*$)" matches any character (.) and as many as exists (*) until the end of the line ($). To end that line, we have another \r\n for carriage return and newline.
Line 3 is this part: \sswitchport access vlan 3001\r\n
Again, \s accounts for the space before the command, and I just typed out "switchport access vlan 3001" as that is the specific line i'm looking for. again, you see a \r\n to account for the carriage return and new line.
That regex searches for what i need. now, when i build my remediation commands, I can type out:
mls qos cos 4
mls qos trust cisco-phone
and if I tell the rule in NCM to "Run script on each config block in violation", then it will append the first line of the search, which happens to be the interface. If interface GigabitEther1/0/2 is non-compliant, you end up with remediation steps created by NCM that say:
interface GigabitEthernet1/0/2
mls qos cos 4
mls qos trust cisco-phone
And you're all done. To accomplish the task above, you have to use "Config Block" instead of "Entire Config" when you're searching for compliance. The regex is your start of the code block and "!" (without the quotes) is the end. If you look at a raw config, you'll see an ! at the end of each interface config. It's perfect for these uses.
Hope that helps someone. It surely helped me!
)
