I'm working on a Baseline Template for compliance. One of the interfaces that we use across all our routers is Loopback 1. I want to use a baseline template to check if Loopback 0 exists and then if it exists, I want to check certain lines in its interface config. Here is how I have my Template configured:
Prerequisite Command Set - checkLoopback
Subordinate Command Set - checkLoopbackConfig
+description Network Management Interface
+ip address [#172\.16\..*\..*#] [255.255.255.0]
Basically I want to confirm that Loopback 1 exists and then check that the standard description has been used and that the IP Address is within a certain range.
Whether the interfrace is configured or not, when I run the compliance check it reports that the device is compliant. I've also tried "-interface Loopback1" in the Prerequisite Command Set and the result still reports the device is compliant.
How can I accomplish my goal of checking that the interface exists first then check the config of the interface?
I created parent/child command sets as recommended above. Even with Loopback1 configuration cleared and shutdown (no loopback1), the compliance check reports that the device is compliant. I've tried hundreds of commandset configurations and the results are always the same, the device shows as being compliant. I'm beginning to think that the baseline compliance command sets won't check Loopback interfaces.
I figured out what my problem is. After each configuration change on the router device, I need to synchronize the configuration. Meaning, PrimeLMS does not compare to the running config on the device but rather the running config that had been collected at the last configuration archive…..
Once I began synch’ing the config after each configuration change and before running the compliance check, I started achieving the desired results.
I didn't realize Prime used the archived configuration instead of the running configuration on the device.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...