Solved: Using RME baseline templates to find non-compliant SNMP strings

drizvi · ‎06-02-2011

Running LMS3.2.1

A. Can I run a compliance check using RME baseline template to find devices which have non standard SNMP strings IN ADDITION to the correct one?

How will the regular expression look like if we want to say

+ snmp-server community cisco123 ro

+ snmp-server community cisco456 rw 1

- snmp-server community [anything else] ro

- snmp-server community [anything else] rw [#.*#]

B. Is it possible to run a clean up job on the violating devices by using DEPLOY (or NetConfig, etc.)?

Joel Monge · ‎06-02-2011

- [#snmp-server community (?!cisco123|cisco456).*#]
+ snmp-server community cisco123 RO
+ snmp-server community cisco456 RW

From the compliance job result GUI, you can deploy the job directly after verifying the results. When you deploy this template, it will remove any community that does not match "cisco123" or "cisco456", and then add them if the device does not already have them.

View solution in original post

Joel Monge · ‎06-02-2011

- [#snmp-server community (?!cisco123|cisco456).*#]
+ snmp-server community cisco123 RO
+ snmp-server community cisco456 RW

From the compliance job result GUI, you can deploy the job directly after verifying the results. When you deploy this template, it will remove any community that does not match "cisco123" or "cisco456", and then add them if the device does not already have them.

drizvi · ‎06-06-2011

Thanks for the reply. It is working except for some old switches where the RO and RW are in lower case. It is marking those devices as non-compliant.