4 weeks ago
Is there a way to create a custom NetMRI policy rule that will check for any rogue IP address in a configuration that is outside of a defined subnet? If so, what do you think the most efficient method is?
4 weeks ago
Can you post an example of each? It will help us see what you are trying to achive
3 weeks ago
I have switch configurations with various IP addresses referenced throughout (i.e. virtual interfaces, ntp servers, snmp server, dns name servers, default gateway, etc.). All those IP addresses in my configs reside in a couple different subnets (i.e. 10.80.10.0/24, 10.80.11.0/24).
Let's say a bad actor logged onto a switch and configured an interface and snmp-server in 192.168.1.0/24, outside of those two subnets above. I want to write a policy in NetMRI that would alert on that "untrusted subnet" configuration change. In other words, any configured IPs within those two subnets above would be "safe", anything deviating from those I would want to know about.
I'm struggling with how to write the policy and am looking for some guidance.
Well I would approach it a diffrent way using Rule Logic Builder and Negative Look Ahead in RegEX
What the above mean is that if any other logging server besides 192.168.1.11 this will through an error
So now you can do that that for Logging, TACACS Servers, SNMP, etc...
I hope this helps
Good tip on the negative lookahead. Is that how the CPD is implemented when one has:
access-list 123 permit ip 184.108.40.206
access-list 123 .*
I will have to double check CPD, I haven't used it in like 7 years
Of course you know I had to test it
And yes you are correct CPD does worked that way
I know that CPD has been deprecated but it's so intuitive for "mortals" who want to copy/paste config snippets. And it has always accepted regex if one used that.