Anyone here who uses the compliance feature of CPI 3.4 ??
If so, does it always work reliable ??
I am asking this question, because I have experienced some weird behaviour while trying to write some policies and testing them, here comes:
What I like to do is to have a policy which checks for a valid NTP configuration on IOS devices (2 servers and a peer acl), so at first I created the policy, added two rule input variables for the servers (at first) and used them in the conditions:
Up to this point, the ruleset works perfectly, all valid servers are checked, when invalid servers are found, violations are raised, the policy results in "failure" and all found violations could be removed through the fix after the policy has been run on the test device:
Now strange things happen:
When I add another input variable (the acl number to check for) to the rule and run it again on the test devices, the result of the audit changes into "Success" (which should not happen !!!) .....:
To be clear:
Nothing else has been changed, not in the conditions and also not in the configuration of the test device !!! Just a third input variable has been added !!
This is reproducible, meaning if I delete the third input variable from the rule and run it again, it works fine again !!!
If it is added again, wrong result !!!
Even putting an additional condition in the rule, which actually uses the third input variable makes no difference !
Although I am trying to use the compliance feature for a short time only, I do not think this is a mistake that I make somewhere in the process, this smells like a fat bug instead .....
Can anyone confirm that weird behaviour ??
CPI is running on GEN2 Appliance, PI 3.4.1 Update 02, Prime Infrastructure 3.4 Device Pack 9.
DP9 and Update 02 have only been installed some days ago, I am not sure, if this behaviour already showed before installing Update 02 and DP9 .....
Would you like to know how TRex helps in supporting BGP/OSPF/RIP/ISIS on both ipv4/v6, and how network emulation or routing emulation is possible, is all here in the nerdlunch video.
Know more about how DevX has added more capabilities, much stable builds...
NBI Notifications API will be deprecated in Prime 3.7 and removed in future releases. We will update API documentation to reflect this.
NBI Server-Sent Events API is official replacement for the Notifications API. In 3.7 we will provid...
What is Network Emulation?
Network emulation is one of the key elements of effective network testing, helping you find problems in-house instead of customer environments. To create such test environments, it would require either physical hardware or ...
If you are a cisco employee, u can test the code using ASR9K devices in lab. I did test on 172.18.87.36 (be connected to cisco vpn).
The use case of the code is that, customer has to everytime manually upload logs and files in SR which are shared by TAC o...
Today there are about six billion things connected to the internet. This number will triple by the year 2020, putting an even greater demand on the network. Thus, companies will need solutions that come from its very foundation – the network.