cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1662
Views
0
Helpful
16
Replies

Baseline template

shinji7800
Level 1
Level 1

Hello,

I have a question about "baseline template"

I try know to find if some interfaces don't have OSPF key.

I create my basic template like this for find all the interface fastEthernet begins with 0/2/ who don't shut :

Conditional Block

     sub mode

interface [#FastEthernet0/2/*#]

     CLI commands

- shutdown

Compliance Block (Use the Submode of above condition is checked)

     CLI commands

+ ip ospf message-digest-key [#*#]

and like this it doesn't works...

so I wonder how does works "stars *", "sharps #" ect ect ...

I try this because in the manual guide they use this, but I think I don't use them properly

thank you for answering me

16 Replies 16

Joe Clarke
Cisco Employee
Cisco Employee

Assuming you're on the latest RME, your strategy should work.  You just need to use proper regular expressions.  Try:

interface [#FastEthernet0/2/[0-9]+#]
 - shutdown

+ ip ospf message-digest-key [KEY]

Thanks I try this immediately

there is a list, or may be a tutorial for use expression for multiple matches ?

like, "use [KEY] for match any ospf key" for example.

This is a good guide for the regular expression syntax used by baseline compliance:

http://download.oracle.com/javase/1.4.2/docs/api/java/util/regex/Pattern.html

The [KEY] notation means declare a variable named KEY to repesent that token (i.e. the token after message-digest-key).  Anything in brackets where a '#' is not used is a variable.

So I've tried :

+ ip ospf message-digest-key [KEY]

and also

+ ip ospf message-digest-key 1 md5 [KEY]

apparently it doesn't works.

in response "RME say" to me 0 of 56 are compliant

it say, I should add in all interface the line "ip ospf message-digest-key ...". it's curious because the most of it have the line :/.

thank you for the link, I will study it.


					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

I checked the syntax of the command.  It should be:

+ ip ospf message-digest-key 1 md5 [KEY]

Provided that's how it shows up on your device.  Of course, this is an interface command, so you need to make sure your template is configured in such a way that you are in the proper interface submode.  Typically, I would use an advanced template for this.  I would create on commandlet to hold my conditional, then create another commandlet that is a child of the first and uses the first as a prerequisite.

I will try in advanced mode like you said.

but I'm no sure to understand [KEY]. If I have understood how work "regex" [KEY] match if in the chain there is a K or E or Y ?

so It's doesn't work because when you put [KEY] you means put the real KEY ?

shinji7800
Level 1
Level 1

so if i'm looking for any ospf key (because key are crypted) I sould put

+ ip ospf message-digest-key [#.*#]

am I right ?

nop it doesn't works to :/

First, [KEY] is not a regular expression.  It's just a variable name.  It stands for any single token (i.e. word).  If your key is encrypted, you need to account for the extra tokens.  Try:

+ ip ospf message-digest-key 1 md5 7 [KEY]

You right ! I shall have put all extra tokens.

it works almost with :

+ ip ospf message-digest-key 1 md5 7 [#.*#]

I say with, the template chexk also in shutted interfaces.

nevertheless I have

- shutdown

in the conditional block,

I continue to search ...

I have the impression of the template check just for the fastEthernet 0/2/0 and not for all the fastEthernet ...

To check for all FastEthernet interfaces, use the following for your sub-mode:

interface [#FastEthernet.*#]

Ok thank you !

but If I want check olny a group of FastEthernet interfaces ?

Can you be more specific?  You can either use a generic regexp or list out interfaces.  For example:

interface [#(FastEthernet0/1|FastEthernet0/2|FastEthernet0/3)#]

Review Cisco Networking for a $25 gift card