Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Network Change & Configuration Management

Reply

Create a rule to check the vtp status

New Member
Posts: 6
4606     0

Dear,

 

I m trying to create a rule that checks the vtp status on a cisco swicth.

 

With the command: show vtp status

the swicth show the operation status server/client/transparant

 

Feature VLAN:
--------------
VTP Operating Mode                : Client

 

I would like a rule that check if the mode is set to client.

 

How can I use the scripts to first run the"sh vtp status" command an then read out the operation mode?

 

Kind regards

Re: Create a rule to check the vtp status

Superuser
Posts: 115
4606     0

Here is a script that can help

 

You will need to create a custom issue with the information below, it will create an issue if the device is equal to Server or you can change to that Client as well

 

Going to post it to our GitHub location - https://github.com/infobloxopen/netmri-toolkit

 

 

Script-Filter:
 $vendor eq "Cisco"

########################################################################
Action:
	Show Command

Action-Commands:
	sh vtp status
        
Output-Triggers:
    Parse-Output

########################################################################

Trigger:
    Parse-Output
    
Trigger-Variables:
    $vtp_status string

Trigger-Template:
VTP Operating Mode              : [[$vtp_status]]

Trigger-Commands:{$vtp_status like /Server/}
    SET: $fireissue = "yes"

Output-Triggers:
	VTP_Error
#######################################################################

Issue:
    VTP_Error

Issue-ID:
    VTPError
    
Issue-Severity:
    Error

Issue-Filter:
    $fireissue eq "yes"

Issue-Details:
    DeviceIP $IPAddress
    DeviceName $Name
    VTP_Status $vtp_status
Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

https://sifbaksh.com

Re: Create a rule to check the vtp status

Expert
Posts: 69
4606     0

It's unclear whether you want to do this once or on a repeating basis.  If it's a one-shot, you could just do a Config Search for  "doesn't match" "vtp mode client".  The resulting list would be ones you perhaps wish to correct.  If so, select all of them, then Execute Command (actually Run Script).  The default script is Ad-Hoc where you could push out "vtp mode client" to all.

 

From a Cisco perspective, I would set all of them to "vtp mode off", assuming the IOS versions are new enough to support that option.

Re: Create a rule to check the vtp status

New Member
Posts: 6
4606     0

Thank you both.

I wanted to have it as a rule and plicy compliance, but as I understood this isn't possible so I created the script mentioned above.

 

Thanks

Showing results for 
Search instead for 
Did you mean: 

Recommended for You