cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
562
Views
0
Helpful
4
Replies
Beginner

Commands on Router but not in Baseline

Hi All,

Just a general question really; I have attempted to Google it & look through these forums but coun't see anything - not sure if its my poor wording of the search term??

I have created a baseline template to run compliancy checks, I understand that lines beginning with a + are mandatory and lines begining with a - should not be on the router.  What I need to know is, is there a catch all for any other commands on the router config (startup or running) but not mentioned in the baseline? 

For example, lets say this is my baseline:

+   service   timestamps   debug   datetime   msec

+   service   timestamps   log   datetime   msec

+   service   password-encryption

+   hostname  [hostname]

The router comes back as compliant as it has all the above lines.  However there is obviously more config on the router, but this doesn't show?  So I know I can get commands that are in the baseline but not on the router; but what about the other way round - on the router but not on the baseline?  Surely this exists - at the least from a security point of view, an attacker could well have configured the Dot11Radio int, however without entering the command with the minus prefix I can't tell? 

I'm on LMS 2.6 by the way - I know, blast from the past

Thanks

Andy

Everyone's tags (6)
4 REPLIES 4
Highlighted
Beginner

Commands on Router but not in Baseline

I've had a good look through CiscWorks; and feel that I am surely missing something obvious - but I just can't see the wood for the trees.  I am guessing I need something similar to:

+ All

+ Baseline

+ Config

+ First

+ Then

- No other config

I have read through the user guide for this - namely chapter 8 which deals with Baseline Templates, however just can't see it?  Am I even looking in the right place?

Highlighted
Beginner

Commands on Router but not in Baseline

Sorry to bump this, but has no one ever come across this before?  Is it as simple as being a limitation of Cisco Works - i.e. you can see what part of the baseline is on the router, but you can't see the remaining config on the router??

Highlighted
Beginner

Re: Commands on Router but not in Baseline

Sorry to bump this but has nobody every encountered this before? 

Highlighted
Beginner

Re: Commands on Router but not in Baseline

Ok, I still haven't figured this out - so just a final bump

Any suggestions at all are more than welcome

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards