LMS 4.2.5 Compliance template

DAVID SCHULTZ · ‎03-04-2016

I have created a compliance template to check for port security commands on access ports.
When I run this template against a switch ALL the ports are showing non-compliant.
Including the management port and the trunked uplink port. So it would seem the prerequisite is not working.

Any thoughts on this?

This is on Cisco Prime LMS 4.2.5

Name: PortSecurityCMDs     SubMode: Yes      isPrerequisite: No
Ordered : No     Prerequisite-Commandset : PortSecurityAccessPort     Parent: none
interface   [#.*Ethernet.*#]
#To check for existence of command enter
#+
# To check for non existence of command enter
#-
# Commands without + or - are considered as comments
+switchport port-security
+switchport port-security mac-address sticky

Name: PortSecurityAccessPort     SubMode: Yes      isPrerequisite: Yes
Ordered : No     Prerequisite-Commandset : none     Parent: none
interface   [#.*Ethernet.*#]
#To check for existence of command enter
#+
# To check for non existence of command enter
#-
# Commands without + or - are considered as comments
+switchport mode access

luke.k.mester · ‎04-26-2016

You are using the commands in the wrong order, here is what i came up with:

Name: PortSecurityAccessPort SubMode: No isPrerequisite: Yes
Ordered : No Prerequisite-Commandset : none Parent: none
+switchport mode access

Name: PortSecurityCMDs SubMode: No isPrerequisite: No
Ordered : No Prerequisite-Commandset : PortSecurityAccessPort Parent: PortSecurityAccessPort
+switchport port-security
+switchport port-security mac-address sticky