Network Change & Configuration Management

Reply

Rule to detect port status in VLAN 5 but not shutdown

Authority
Posts: 42
2642     0

Hi,

Not sure if anyone has asked or provided a solution to this.

We have a requirement to setup a rule/policy to look at the configurations on network devices as follows:

interface FastEthernet1/0/1

 description blah blah

 switchport access vlan 5

<some other config>

 shutdown

 <rest of the config>

!

interface FastEthernet1/0/2

 description blah blah

 switchport access vlan 5

 <some other config>

 shutdown

 <rest of the config>

!

interface FastEthernet1/0/3

 description blah blah

 switchport access vlan 5

<some other config>

 <rest of the config>

!

 

The above is an example of the config. But notice that interface 1/0/3 is NOT shutdown (due to lack of the command, "shutdown").

What I need to do is to create a rule that looks at all interfaces and violates where the command "shutdown" is NOT present.

(basically our VLAN 5 is a black hole VLAN).

 

I have created a regex that seems to match but the rule itself doesn’t work because it matches on any of the instances.

 

I can’t use a template since there will be any number of switches in a stack, leading to different interface counts and also there will be instances where the interfaces are GigabitEthernet or TenGigabitEthernet.

 

The initial regex is;

 

MUST CONTAIN BLOCK

(interface .*Ethernet\d\/\d\/\d+)

(?: description\s.*

)? switchport access (vlan 5)

 switchport mode access(?:

\s.*)+?

 (shutdown)(?:.*

)+?\!

 

Anyone have ideas?

 

Re: Rule to detect port status in VLAN 5 but not shutdown

AMathewGeorge
Techie
Posts: 6
2643     0

 'Raw XML Editor' in rules should help you with your requirement.

 

Using Raw XML you can select a block and loop over and find a specific line or a block of lines to pass or fail the rule.

 

A block can defined using the below method 

 

<ConfigBlockCheck block-end='^!$' block-start='interface ((?:Gigabit|Fast|Ether).+)' boundary-method='regexp'>

 

and a config check using this line

 

<ConfigFileCheck op='does-not-contain-any'>^shutdown$</ConfigFileCheck>

 

-Arun

Re: Rule to detect port status in VLAN 5 but not shutdown

Authority
Posts: 42
2643     0

Thanks Arun,

I will try this.

However I have not used XML rules before so this is going to take me a bit of time to go through the document and examples.

 

Rgds

 

Russ

Re: Rule to detect port status in VLAN 5 but not shutdown

Authority
Posts: 42
2643     0

OK, after quite some delay, I managed to get around to learning the Raw XML with the assistance of Andrew St. John's  tutorial on Tab Session #4. 

Great tutorial and covered exactly what I wanted to achieve.

 

Now I have an ScriptXML rule that searches the block of config, as suggested by Arun (Thanks for pointing me in the right direction). and looks for the config with the VLAN 5 and Not shutdown.

 

A few issues along the way but I got there anyway.

 

 

 

 

Re: Rule to detect port status in VLAN 5 but not shutdown

Adviser
Posts: 407
2643     0

@RParker_1 do you mind sharing that with the rest of the community at - https://github.com/infobloxopen/netmri-toolkit/tree/master/policy

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: Rule to detect port status in VLAN 5 but not shutdown

Authority
Posts: 42
2643     0

Hi Sif, 

Although I have a Github account, I dont appear to have "Push access" - it is requesting this.

 

Russ

 

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You