Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

Network Change & Configuration Management

Reply
Highlighted

How to use list values in a policy rule

Techie
Posts: 15
5716     0

Are there any examples on how to reference list values in a policy rule?  I'd like to have a list with two columns- username and password.  I would like the policy rule to check the username and password on devices.  If the policy rule fails then it would trigger a script to fix the username and/or password.  I'd like to have the username and password values in a list so that I don't have to update the policy rule and the script when the usernames or passwords change.

Highlighted

Use of lists within policy

Adviser
Posts: 353
5716     0

Use of lists within policy rules is not supported. There is an existing request for this; you may want to contact your rep so they can help get it prioritized.

Highlighted

Use of lists within policy

Expert
Posts: 127
5716     0

Hi Jeremy -

How is this different than the in the device viewer -> Settings & Status -> CLI Credentials?  I would imagine you could create a Perl or maybe a CSS script to find out which ones were failing and go from there.

If the devices have local authentication and a encrypted password you can create a policy that checks these.  The policy would need to contain the encrypted password (in encrypted form) to compare against.  Using this method requires that when you create the config of the device you cut/paste the encrypted password rather than having the device generate the encryption each time, which makes it different each time.

It also might not be a good best practice to keep passwords in clear text in a List.

Highlighted

I want to have a policy that

Techie
Posts: 15
5716     0

I want to have a policy that checks that only permitted usernames are in use and that the encrypted passwords are correct.  If a device is not compliant I have a trigger that runs a script to remove invalid usernames or update the passwords.  I already have it set up and working, but I'd like to have the username and password values in a list so that I don't have to update the policy rule and the script when the usernames or passwords change.  All I would have to do is update the values in the list.

Highlighted

Got it.  So, I guess you are

Expert
Posts: 127
5716     0

Got it.  So, I guess you are left with what John said, you'd need to submit a new feature request.

Highlighted

Why not just modify the

Techie
Posts: 19
5716     0
Why not just modify the script to make an issue for each account removed. Then schedule the script to run every day. You get automatic clean up, reporting and only need to update the list in one spot.
Highlighted

This is now supported in

Adviser
Posts: 353
5716     0

This is now supported in NetMRI 6.9 - you can now read from lists in policy rules.

Highlighted

How to use lists in rules

Techie
Posts: 5
5716     0
I have the same request. I would like to have a rule search a list and if any, or all(depending on the rules I am looking to create) match, I want the rule to pass or fail. Are there any examples of this? The help feature gives examples, but they do not work for me in xml.
Highlighted

I have uploaded some examples

Adviser
Posts: 353
5716     0

I have uploaded some examples at the link below. One for the list, and another for using the ConfigBlockCheck which breaks a configuration file in to blocks and performs checks on each block.

https://infoblox.box.com/s/fx1eti6j1rmpcf69z2rfoor837k5crek

I also uploaded the XSD file that describes the XML language (this is also available in the product directly).

Highlighted

I'm also going to add to it

Adviser
Posts: 431
5716     0

I'm also going to add to it as well Smiley Happy

 

Sif

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

www.sifbaksh.com
Highlighted

Re: I have uploaded some examples

Posts: 1
5717     0

I know it's from 5 years ago. Can you help upload those examples again? I am trying to figure out how to create templates, rules from a list. 

Can you also point me to some good resource regarding using 'Lists'?

Thanks a lot.

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You