05-22-2008 06:26 AM
I'm trying to build a baseline job to ensure the correct snmp community strings are set, but it doesn't seem to work. I'm using:
+ snmp-server community [#!string#] RO
+ snmp-server community [#!string2#] RW 1
The correct strings are in the config but the job shows the devices out of compliance. If i change the "+" to a "-" then they become compliant... I don't understand the problem.
Thanks in advance.
05-22-2008 07:21 AM
These expressions say that in order to be compliant the configuration must have a line:
snmp-server community
That is not followed with "string" then ends with RO. For example, the following would match:
snmp-server community public RO
That would be a compliant line. Typically, when doing negative matching (i.e. [#! ... #]) you use '-' to denote "anything else should NOT be in the config".
05-22-2008 08:54 AM
Ok, thanks that makes sense. So if I wanted to ensure that the only RO and RW strings where stringRO and stringRW would the statement look like this:
+ snmp-server community [#stringRO#] RO
- snmp-server community [#!.*#] RO
+ snmp-server community [#stringRW#] RW 1
- snmp-server community [#!.*#] RW [#.*#]
Or is there a better way to confirm only the RO and RW strings are there and no others?
Thanks again
05-22-2008 09:01 AM
Not exactly. You need to understand how basline matching works. Each line in the template is compared to each line in the config -- line by line. So, you want:
+ snmp-server community stringRO RO
+ snmp-server community stringRW RW 1
- snmp-server community [#!(stringRO|stringRW)#] [#RO|RW#]
You don't need to worry about the trailing ACL number. If the community doesn't match, it's non-compliant anyway.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: