Baseline template

shinji7800 · ‎06-03-2011

Hello,

I have a question about "baseline template"

I try know to find if some interfaces don't have OSPF key.

I create my basic template like this for find all the interface fastEthernet begins with 0/2/ who don't shut :

Conditional Block

sub mode

interface [#FastEthernet0/2/*#]

CLI commands

- shutdown

Compliance Block (Use the Submode of above condition is checked)

CLI commands

+ ip ospf message-digest-key [#*#]

and like this it doesn't works...

so I wonder how does works "stars *", "sharps #" ect ect ...

I try this because in the manual guide they use this, but I think I don't use them properly

thank you for answering me

Joe Clarke · ‎06-05-2011

Assuming you're on the latest RME, your strategy should work. You just need to use proper regular expressions. Try:

interface [#FastEthernet0/2/[0-9]+#]
 - shutdown

+ ip ospf message-digest-key [KEY]

shinji7800 · ‎06-06-2011

Thanks I try this immediately

there is a list, or may be a tutorial for use expression for multiple matches ?

like, "use [KEY] for match any ospf key" for example.

Joe Clarke · ‎06-06-2011

This is a good guide for the regular expression syntax used by baseline compliance:

http://download.oracle.com/javase/1.4.2/docs/api/java/util/regex/Pattern.html

The [KEY] notation means declare a variable named KEY to repesent that token (i.e. the token after message-digest-key). Anything in brackets where a '#' is not used is a variable.

shinji7800 · ‎06-06-2011

So I've tried :


+ ip ospf message-digest-key [KEY]

and also

+ ip ospf message-digest-key 1 md5 [KEY]

apparently it doesn't works.

in response "RME say" to me 0 of 56 are compliant

it say, I should add in all interface the line "ip ospf message-digest-key ...". it's curious because the most of it have the line :/.

thank you for the link, I will study it.

Joe Clarke · ‎06-06-2011

I checked the syntax of the command. It should be:

+ ip ospf message-digest-key 1 md5 [KEY]

Provided that's how it shows up on your device. Of course, this is an interface command, so you need to make sure your template is configured in such a way that you are in the proper interface submode. Typically, I would use an advanced template for this. I would create on commandlet to hold my conditional, then create another commandlet that is a child of the first and uses the first as a prerequisite.

shinji7800 · ‎06-06-2011

I will try in advanced mode like you said.

but I'm no sure to understand [KEY]. If I have understood how work "regex" [KEY] match if in the chain there is a K or E or Y ?

so It's doesn't work because when you put [KEY] you means put the real KEY ?

shinji7800 · ‎06-06-2011

so if i'm looking for any ospf key (because key are crypted) I sould put

+ ip ospf message-digest-key [#.*#]

am I right ?

shinji7800 · ‎06-06-2011

nop it doesn't works to :/

Joe Clarke · ‎06-06-2011

First, [KEY] is not a regular expression. It's just a variable name. It stands for any single token (i.e. word). If your key is encrypted, you need to account for the extra tokens. Try:

+ ip ospf message-digest-key 1 md5 7 [KEY]

shinji7800 · ‎06-06-2011

You right ! I shall have put all extra tokens.

it works almost with :

+ ip ospf message-digest-key 1 md5 7 [#.*#]

I say with, the template chexk also in shutted interfaces.

nevertheless I have

- shutdown

in the conditional block,

I continue to search ...

shinji7800 · ‎06-06-2011

I have the impression of the template check just for the fastEthernet 0/2/0 and not for all the fastEthernet ...

Joe Clarke · ‎06-07-2011

To check for all FastEthernet interfaces, use the following for your sub-mode:

interface [#FastEthernet.*#]

shinji7800 · ‎07-01-2011

Ok thank you !

but If I want check olny a group of FastEthernet interfaces ?

Joe Clarke · ‎07-01-2011

Can you be more specific? You can either use a generic regexp or list out interfaces. For example:

interface [#(FastEthernet0/1|FastEthernet0/2|FastEthernet0/3)#]