08-18-2015 12:28 PM
I am running Network Automation 6.8.7 and want to create a Policy Compliancy Check to verify that all user switch ports have 802.1x authentication enabled.
I would like to evaluate each Ethernet port to see if it is a user switchport (switchport mode access) and see if the port also has the corresponding 802.1x and MAB commands.
Sample port config to evaluate:
! defines user switch port
switchport mode access
! 802.1x and MAB port commands
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer reauthenticate server
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x timeout supp-timeout 5
dot1x max-req 3
dot1x max-reauth-req 3
Can someone point me in the right direction of building a policy to evaluate thisz?
09-24-2015 10:45 AM
I have a similar question. I want to be able to evaluate all the interfaces within the configuration and not just one. For example you could use something like this:
(and then put the commands you want below it) but I think it will only evaluate the first instance of this and not every interface.
10-06-2015 06:46 AM
I highly recommend upgrading to 6.9 minimum to get the XML ConfigBlockCheck. At that point, it will let you define block start and block end, then loop your logic for each block.