Solved: Re: LMS 2.6 Baseline Templates: Multiline command support (Banne

jeremy.reid · ‎12-22-2006

Hi,

I'm wondering if anyone has figured out a way to check the compliance of multiline configuration entries (banners being a great example)? We have a corporate standard MOTD banner, and I'm looking for a way to make sure its audited as part of our existing baseline templates. I'm aware you can push banners using NetConfig -- I'm looking for a way with baseline templates that I can verify they're set correctly. Have tried with various RegEx-based checks, can't seem to get the right result. Anyone know if what I'm trying to do is even possible?

Thanks,

-Jeremy

Joe Clarke · ‎12-22-2006

Yes, it is possible. I wrote the code to do this in RME 4.0.5. It did not exist prior to that. Check out the RME online help on the syntax, but basically, you put the whole banner on one line using "" to indicate where a newline should be:

+ banner motd "---------------------------------------------------- This is a highly monitored and secured device!--------------------------------------------------"

I find it best to stick the banner in a text file, then use Perl to convert it:

perl -pi.bak -e 's|\n||g' banner.txt

View solution in original post

Joe Clarke · ‎12-22-2006

Yes, it is possible. I wrote the code to do this in RME 4.0.5. It did not exist prior to that. Check out the RME online help on the syntax, but basically, you put the whole banner on one line using "" to indicate where a newline should be:

+ banner motd "---------------------------------------------------- This is a highly monitored and secured device!--------------------------------------------------"

I find it best to stick the banner in a text file, then use Perl to convert it:

perl -pi.bak -e 's|\n||g' banner.txt

jeremy.reid · ‎12-28-2006

Thanks Joe! That was exactly what I was looking for. You have no idea how much time and frustration you have saved me. :)

-Jeremy

jeremy.reid · ‎01-05-2007

So, after a little testing, I am running into a slight problem with this.

I can now sucessfully deploy a multiline banner using the baseline templates using this method. Problem is, that a compliance check using the same exact template used to deploy the banner still fails.

I think this may be related to the additional "C" characters that IOS seems to insert after the user-specified delimiter character when setting a banner.

i.e.

+ banner motd ^ATTENTION!Test Banner...^

will create the desired banner on the device, however when looked at in the running config (which is what the compliance-check is auditing) it appears as:

banner motd ^C

ATTENTION!

Test Banner...

^C

I think the "C" character after the delimiter seems to cause the banner to fail the compliance check.

Has anyone seen this behavior?

Joe Clarke · ‎01-05-2007

I use '"' for my delimiter. However, when you look at the banner in show run, IOS will use a control+C (^C) character as the delimiter. So what you're seeing is expected. However, when you telnet to the device, the banner should just show as:

ATTENTION!

Test Banner...

jeremy.reid · ‎01-05-2007

Interesting indeed. Switching to the '"' character for a delimiter seemed to resolve the issue. When I was using '^' for a delimiter (as I always have in the past and as is also the listed example delimiter character in any IOS device), I could never get the compliance check to list the device as being compliant, even if the banner was deployed on the device using the same template as the audit. Very, very Odd.

Well, thanks yet again. It might be worth noting somewhere in the docs that you pretty much *must* use '"' as your delimiter if you want it to work correctly in both deployment and audit functions.

-Jeremy

akemp · ‎12-27-2006

Compliance verification isn't Cicowork's LMS 2.6's forte. I'd suggest looking at a Cisco Parner, Opsware NAS which fills that gap quite nicely.

LMS 2.6 Baseline Templates: Multiline command support (Banners)?