07-27-2011 01:32 PM - edited 02-21-2020 04:24 AM
Hi Guys,
Got a little bit of a problem. I am trying to write a compliance job that is going to adjust the config in a trustpoint. I need it to first confirm that the trustpoint exists and then add some additonal command to the trust point.
crypto pki trustpoint fred
enrollment mode ra
enrollment xxxx
So from the above config I would write a job that would have a pre-requisite of crypto pki trustpoint fred
and then add auto-enroll x regenerate into the trustpoint.
However when I try to do this via compliance job the job always shows as compliant even though the device has not got the auto-enroll x regenerate line in the trustpoint.
It doesn't seem to matter whether I do a basic or advanced compliance job, or whether I set the pre-requite of crypto pki trustpoint fred as both a pre-requisite and parent of the subcommand auto-enroll x regenerate or just a pre-requisite. It also doesn't seem to matter whether I set the auto-enroll x regenerate command as a subcommand or global. All attempts seem to pass as compliant even though they only have the pre-requisite met and not the command I am looking for within the pre-requisite as a sub command?
Any ideas as I need to deploy this configuration across about 100 devices tomorrow
Thanks
07-28-2011 01:56 AM
Lots of views but no answers anyone got any ideas?
07-31-2011 02:39 PM
Just to let people know, I raised a bug with Cisco TAC and they have told me to install SP1. Apparently this fixes a lot of compliance type issues. Will report back once its done to confirm if the problem is fixed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide