3 Replies Latest reply on May 31, 2012 4:35 AM by cvachovecj

    policy reporter smarter remediation scripts




      Is it possible to make the policy reporter's remediation scripts smarter in a way that the script would apply a configuration change based on the violating interface in a router?




      Say we are looking for a specific command under all interfaces of a router or a switch, and interfaces fast 1/5 and 1/6 were found to be in violation for not having that command.


      Can we have the script rectify the configuration of only those interfaces?


      The logic we are using today is that we check every switch interface, and unless it is configured properly with the required lines, then the rule should check it if it shutdown, or would contain a specific line that would be accepted as well (in cases where we could have a port connecting to another switch, and in that case an access port checked to be access, would be accepted as trunk as an exception)


      So if a few interfaces are in violation, we can not shutdown all interfaces, nor configure that command for all interfaces, because it would affect the accepted "violating" port.


      The Violation detection today is flexible enough to allow us to introduce a certain logic, but no the remediation scripts...




      Bassem Kattan