9 Replies Latest reply on Mar 20, 2018 1:04 PM by bdufresne

    Compliance checks

    rhidians

      Hi Folks,

       

      I'd like to be able to check through configs and make sure certain commands come under certain interfaces. Using the compliance reports I can check for this line of text or that command and get a corresponding line number that text appears on. When you are searching thousands of configs manually checking could take a while...

       

      So does any one know how to check for 'This command' under each interface?

      (I'm guessing this is going to be a regex type command)

       

      Cheers

       

      TIA

        • Re: Compliance checks
          bdufresne

          So, just to make sure I'm understanding correctly.. you want to be able to look through a config like the one below and identify, for example, where portfast is configured?  What is it you are actually looking for configured on the interfaces?

           

          interface gigabitEthernet 1/0/1

            switchport mode access

            switchport access vlan 10

            spanning-tree portfast

           

          interface gigabitEthernet 1/0/2

            switchport mode access

            switchport access vlan 10

            spanning-tree portfast

           

          interface gigabitEthernet 1/0/3

            switchport mode access

            switchport access vlan 10

            • Re: Compliance checks
              rhidians

              An example would be a good idea! We would like to enable IP Device Tracker on all access ports but disable it on the trunks. So on any interface that is a trunk we would look for ip device tracking max 0

               

              interface gigabitEthernet 1/0/1

                switchport mode trunk

                switchport access vlan 10

                spanning-tree portfast

              ip device tracking max 0

               

              I hope that makes it clearer.

               

              Cheers

                • Re: Compliance checks
                  bdufresne

                  So, it is possible to see those occurrences, but not well.  I think this could use some more code, such as a not interface in the middle.. but this is what I've got so far.  You can also try running this as a config block where ^interface begins it and ! ends it.

                   

                  ^interface [\s\S]*switchport mode trunk[\s\S]*ip device tracking max 0

                   

                  If you add config block, remove the ^interface [\s\S]* and just keep the switchport mode trunk[\s\S]*ip device tracking max 0

                   

                  Hope that helps,

                  Bryan