Prime compliance recognizes non-existent start-blocks as success
I was checking if templates exist on switches and if they are compliant to the standard. I was planning to do this with the Compliance Policy tool within Cisco Prime.
I didn't check separately if templates exist, i thought that using the "block start expression" was enough to check if it exist and continue in the next rule to check for specific configurations. The problem is that when the specific template does not exist, it just doesn't throw any error's and returns with a success.
My start rules start the following way:
Condition Scope Details: Device Command Outputs - Show run
Condition Match Criteria: Matches the expression - ^template WORKSTATION_INTERFACE_TEMPLATE
Select Match Action: Continue
Select Does not Match Action: Raise violation
When a template does exist the rest of the underlying "Conditions & actions" are performed and check inconsistencies, but when a template is not present it doesn't trigger any of the "conditions & actions" I performed this with Cisco Prime v3.7. on a C3560 with the newest firmware.
(Pdf copy at the bottom)
Segmentation within SD-Access is enabled through the combined use of both Virtual Networks (VN), which are analogous to VRFs, and Cisco Scalable Group Tags (SGTs). VNs, like VRFs, provide comp...
The 2020 IT Blog Awards, hosted by Cisco, is now open for submissions through October 16. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco...
Hello,We have a pair of N3K-3064PQ-10GX and one of them acting as backup and we want to migrate from VyOS to it, we want to add 500x interface vlan and each interface vlan has its own ip/prefixes (for example /30 /29 ...) and we ahve 6-8x BGP session with...
We live in an age that is both thrilling and evolving substantially. A new trend/technology is always on rise even before the preceding has been used to its fullest potential. Although the concepts of digital transformation may seem over discussed, ...
Show CommandPurposeCiscoICX-RuckusShow Spanning tree infoShow spanning-treeshow 802-1wVerify Port-Channel / Link aggregation infosh lag briefsh etherchannel summaryShow CDC/LDP neighbor infoshow cdp neighbors detailsh lldp neighbors de sh mac a...