Network Change & Configuration Management

Reply
Accepted Solution

Using the Raw XML Editor to check for multiple statements

Authority
Posts: 22
2174     0

Folks,

 

I'm trying to figure out how to check for multiple configuration statements within a block. I'm using L3 descriptions xml file from the github repositiory as a base. I've modified this section as follows. It checks for the interface being up and having the text 'switchport mode access'. 

 

Then I would liket to check to see if that interface has multiple configuration statements. I've found that using mulitple ConfigFileCheck statements is not the way to go. Do I have to use a single ConfigFileCheck statement with a long regex match, or should I be nesting each configuration statement? 

 

Sorry for the confusion, this is my first attempt at using an XML file for this type of check.

 

<ConfigBlockCheck block-start="^interface (.*)$" boundary-method="indent">
<If>
<!-- Must be an access port and not be shutdown -->
<Expr expression="1 and 2">
<Expr label="1" op="matches">
<Expr variable="_block"/>
<Expr value="^\s*switchport mode access"/>
</Expr>
<Expr label="2" op="does-not-match">
<Expr variable="_block"/>
<Expr value="^\s*shutdown"/>
</Expr>
</Expr>
<Then>
<If>
<!-- In the context of ConfigBlockCheck, the ConfigFileCheck will search
only the block, not the entire file by default. -->
<ConfigFileCheck op="contains-all">\s*storm-control broadcast level 20.*</ConfigFileCheck>
<ConfigFileCheck op="contains-all">\s*no cdp enable</ConfigFileCheck>
<ConfigFileCheck op="contains-all">\s*switchport port-secuirty maximum 3</ConfigFileCheck>
<ConfigFileCheck op="contains-all">\s*switchport port-security violation restrict</ConfigFileCheck>
<ConfigFileCheck op="contains-all">\s*ip arp inspection limit rate 150</ConfigFileCheck>
<ConfigFileCheck op="contains-all">\s*spanning-tree bpduguard enable</ConfigFileCheck>
<Then>
<Expr op="push">
<Expr variable="good-ifcs"/>
<Expr variable="_start_match_1"/>

Re: Using the Raw XML Editor to check for multiple statements

Adviser
Posts: 357
2175     0

For this section:

 

<!-- In the context of ConfigBlockCheck, the ConfigFileCheck will search
only the block, not the entire file by default. -->
<ConfigFileCheck op="contains-all">\s*storm-control broadcast level 20.*</ConfigFileCheck>
<ConfigFileCheck op="contains-all">\s*no cdp enable</ConfigFileCheck>
<ConfigFileCheck op="contains-all">\s*switchport port-secuirty maximum 3</ConfigFileCheck>
<ConfigFileCheck op="contains-all">\s*switchport port-security violation restrict</ConfigFileCheck>
<ConfigFileCheck op="contains-all">\s*ip arp inspection limit rate 150</ConfigFileCheck>
<ConfigFileCheck op="contains-all">\s*spanning-tree bpduguard enable</ConfigFileCheck>

You can list each regex on a separate line in a single ConfigFileCheck (be careful with the whitespace), or you can wrap all of those in an "and" Expr:

 

<Expr op="and">
  <ConfigFileCheck ...>
  <ConfigFileCheck ...>
...
</Expr>

The conditional for an If must be a single expression.

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You