cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

546
Views
5
Helpful
8
Replies
Highlighted
Beginner

Q: LMS 3.1 compliance template with condition

Hello, forum,

I am trying to create a template to change TACACS settings on our devices, which I would like to work on both routers and switches.

The part for switching tacacs-server is straightforward. Then I would like all the routers to source its tacacs traffic via the Loopback0 interface.

Essentially, what I try to do is to apply the "ip tacacs source-interface Loopback0" command depending on the existance of the "interface Loopback0" in the device's configuration.

I thought that should be easy but I am not having any luck at all. Help would be greatly appreciated.

Regards,

--

Wei

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Q: LMS 3.1 compliance template with condition

Date Created: 12-FEB-2011 02:07 AM Created By: Reyes, Veronica(VERREYES,265015) 

After installing the patch correctly, we created the template as follows:

interface [#Loopback.*#]

+ ip tacacs source-interface loopback0

It ran ok in the customer's devices.

8 REPLIES 8
Beginner

Re: Q: LMS 3.1 compliance template with condition

From reading the details on the "Creating an Advanced Baseline Template" section in the online help, it seems that what I wanted to do is not there in LMS 3.1.

Is that a correct understanding?

It seems to me that, by adding a simple check to mark a Prerequisite a condition-only, that would have been possible. That way, a Prerequisite is only a condition for evaluating the next element that has it as prerequisite, but does not invalidate the entire template.

Hall of Fame Cisco Employee

Re: Q: LMS 3.1 compliance template with condition

Trying do this instead:

Name: CheckLoopback

IsPrereq: true

Submode: interface Loopback0

Body:

+ [#ip address .*#]

Beginner

Re: Q: LMS 3.1 compliance template with condition

I understand that's what "submode" means to do. But that's not what I want.

After talking to TAC, we basically concluded that, what I wanted was not possible, however simple it may be.

Hall of Fame Cisco Employee

Re: Q: LMS 3.1 compliance template with condition

My example should work, and I think it will do exactly what you want.  That is, if the device has a Loopback0 interface with an IP address, then the condition will be true.  You can then use that condition to apply the source interface command for TACACS+.  Am I misunderstanding your intention?

Beginner

Re: Q: LMS 3.1 compliance template with condition

Your example works the way you describe it. Mine does that, too, although mine does not check for the existence of an IP address on the Loopback interface -- In our network, that is standard practice.

The difference is this: The template will apply the IP sourcing command for TACACS+ traffic on those devices that have a Loopback0 interface, not on those that don't. AND, the result of evaluating this task will be success on those with a Loopback0 interface and failure with those that don't.

So that means this task has to be made a separate template and executed by itself -- it can not be part of another advanced template because it will stop any subsequent components of the advanced template from being executed. In the end, it means more mandatory human interference in the process.

Hall of Fame Cisco Employee

Re: Q: LMS 3.1 compliance template with condition

Okay, I understand now.  What you're seeing is a bug.  I fixed this for sub-mode commandlets, but not for global commandlets.  I played around with your template, and I got it working in LMS 3.2 and 4.0.  If you can upgrade to 3.2 (you can download the update from http://www.cisco.com/go/nmsevals), click the Open Service Request button in the Action panel of this thread, and I will provide the patch to your engineer.

Beginner

Re: Q: LMS 3.1 compliance template with condition

Joe, thanks!

I have upgraded to LMS 3.2 and entered a TAC case (SR 616449315).

Cisco Employee

Re: Q: LMS 3.1 compliance template with condition

Date Created: 12-FEB-2011 02:07 AM Created By: Reyes, Veronica(VERREYES,265015) 

After installing the patch correctly, we created the template as follows:

interface [#Loopback.*#]

+ ip tacacs source-interface loopback0

It ran ok in the customer's devices.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards