02-22-2017 09:46 PM
Hi friends,
I have created one profile in Cisco prime for compliance check, under that I have created one policy.
Under the policy I have created a rule and in that rule I have created 8 conditions.
line vty 0 4
04-21-2017 05:20 AM
Hello Ratnakar,
There are a couple of ways to do this.
If you want to look for all items in a VTY I would recommend doing a Parse Block.
On your first rule you will want to select Parse as Block. For you starting expression you will use:
line vty.*
Then in your condition criteria you will want to run Match the Expression
line vty (.*)
This will store any value after line vty. So it will store 0 4 and 5 15 in it's value. Think of it as an array.
On the next conditions you will select matches previous matched block on your condition in your scope details. You will do previous matched block until you are completed with your conditions.
You will then you create your conditions.
String contains:
exec-timeout 30 0
String contains:
logging synchronous
String contains
transport input ssh
To see which line vty it failed on you will want to do is a user defined violation.
For the description you will want to put something like this:
line vty <1.1> is missing exec-timeout 30 0
The <1.1> pulls the variable from the first line so either 0 4 or 5 15.
So if 0 4 fails you should see something like this:
line vty 0 4 is missing exec-timeout 30 0.
All violations will be raise violation and continue. In total you should have 4 conditions. Now this method will pick up any other line vtys that might be set up on. Think of this way as doing a while loop in programming. While there is something in the line vty variable check for these items else exit out of loop.
Variable <1.1> = [0 4, 5 15]
Another way you could do it is with the device command output on the condition scope.
At the start of each condition you would run
show run | section line vty 0 4
or
show run | section line vty 5 15
and then you would run which conditions you want to check. This method would be 6 conditions, but it would only check line vty 0 4 or 5 15.
Hope this helps.
04-21-2017 05:20 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
exec-timeout 30 0
logging synchronous
transport input ssh
line vty 5 15
exec-timeout 30 0
logging synchronous
transport input ssh
How Can I confirm that it will check exec-timeout 30 0,logging synchronous and transport input ssh command under both the Line VTY 0 4 and Line VTY 5 15.
As I know, it will check only one and if it found the match it will skip the rest .
Please suggest.
Thanks.
Ratnakar Singh