05-13-2008 04:13 AM
In the baseline template the following is configured:
+ tacacs-server directed-request
+ tacacs-server host 10.22.2.10
+ tacacs-server host 10.22.102.10
+ tacacs-server host 10.10.10.1
- tacacs-server [#!(10\.22\.2\.10|10\.22\.102\.10|directed-request)#]
You would expect that this will result that the + servers are added, and that server 10.10.10.1 will be removed.
However this is not the case, when I run a compliance check, the only thing he wants to remove is "+ tacacs-server directed-request" and nothing else, even when I remove the "directed-request" (- tacacs-server [#!(10\.22\.2\.10|10\.22\.102\.10)#] from the template, he only wants to remove the "-tacacs-server directed-request".
Can someone please help me with this?
Many many thanks!
05-13-2008 05:12 AM
This template says that the following lines MUST be in a compliant config:
tacacs-server directed-request
tacacs-server host 10.22.2.10
tacacs-server host 10.22.102.10
tacacs-server host 10.10.10.1
Anything else starting with "tacacs-server" that is not followed by 10.22.2.10, 10.22.102.10, or directed-broadcast will be non-compliant.
It sounds like what you want is:
+ tacacs-server host 10.22.2.10
+ tacacs-server host 10.22.102.10
- tacacs-server [#!(10\.22\.2\.10|10\.22\.102\.10)#]
This would enforce that 10.22.2.10 and 10.22.102.10 must be in the config, but no other tacacs-server lines should be. If you only care about removing tacacs-server directed-request, then you need:
+ tacacs-server host 10.22.2.10
+ tacacs-server host 10.22.102.10
- tacacs-server directed-request
05-13-2008 05:19 AM
Thanks for your rapid response.
What I want in my config is this:
tacacs-server directed-request
tacacs-server host 10.22.2.10
tacacs-server host 10.22.102.10
Any other tacacs-server command must be removed.
I don't know how but this
+ tacacs-server host 10.22.2.10
+ tacacs-server host 10.22.102.10
- tacacs-server [#!(10\.22\.2\.10|10\.22\.102\.10)#]
will result only that the "tacacs-server directed-request" statement is removed, and the "tacacs-server host 10.10.10.1" not.
05-13-2008 06:20 AM
Ah, I see. You probably want this then:
+ tacacs-server host 10.22.2.10
+ tacacs-server host 10.22.102.10
- tacacs-server host [#!(10\.22\.2\.10|10\.22\.102\.10)#]
- tacacs-server [#!host#]
05-13-2008 10:45 PM
Thanks for your patience, but it still doesn't do exactly what I want.
When I run a compliance check he now wants to remove:
-tacacs-server host 10.10.10.1
-tacacs-server directed-request
I still don't understand why he wants to remove the -tacacs-server directed-request statement, I don't want this to be removed. Any ideas?? thanks again ;-)
05-14-2008 01:47 AM
Never mind, found it this did the trick:
- tacacs-server [#!directed-request#]
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: