Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1351
Views
0
Helpful
0
Replies

Prime compliance recognizes non-existent start-blocks as success

NicP
Level 1
Level 1

‎12-27-2019 05:24 AM

I was checking if templates exist on switches and if they are compliant to the standard. I was planning to do this with the Compliance Policy tool within Cisco Prime. 

I didn't check separately if templates exist, i thought that using the "block start expression" was enough to check if it exist and continue in the next rule to check for specific configurations. The problem is that when the specific template does not exist, it just doesn't throw any error's and returns with a success.

 

My start rules start the following way:

Condition Scope Details: Device Command Outputs - Show run

Block Options: Block Start Expression - ^template WORKSTATION_INTERFACE_TEMPLATE

Condition Match Criteria: Matches the expression - ^template WORKSTATION_INTERFACE_TEMPLATE

Select Match Action: Continue

Select Does not Match Action: Raise violation

 

When a template does exist the rest of the underlying "Conditions & actions" are performed and check inconsistencies, but when a template is not present it doesn't trigger any of the "conditions & actions"
I performed this with Cisco Prime v3.7. on a C3560 with the newest firmware.

Is this intentional?

 

 

 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents