Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Baseline Template range does not work

In the baseline template the following is configured:

+ tacacs-server directed-request

+ tacacs-server host 10.22.2.10

+ tacacs-server host 10.22.102.10

+ tacacs-server host 10.10.10.1

- tacacs-server [#!(10\.22\.2\.10|10\.22\.102\.10|directed-request)#]

You would expect that this will result that the + servers are added, and that server 10.10.10.1 will be removed.

However this is not the case, when I run a compliance check, the only thing he wants to remove is "+ tacacs-server directed-request" and nothing else, even when I remove the "directed-request" (- tacacs-server [#!(10\.22\.2\.10|10\.22\.102\.10)#] from the template, he only wants to remove the "-tacacs-server directed-request".

Can someone please help me with this?

Many many thanks!

5 REPLIES
Cisco Employee

Re: Baseline Template range does not work

This template says that the following lines MUST be in a compliant config:

tacacs-server directed-request

tacacs-server host 10.22.2.10

tacacs-server host 10.22.102.10

tacacs-server host 10.10.10.1

Anything else starting with "tacacs-server" that is not followed by 10.22.2.10, 10.22.102.10, or directed-broadcast will be non-compliant.

It sounds like what you want is:

+ tacacs-server host 10.22.2.10

+ tacacs-server host 10.22.102.10

- tacacs-server [#!(10\.22\.2\.10|10\.22\.102\.10)#]

This would enforce that 10.22.2.10 and 10.22.102.10 must be in the config, but no other tacacs-server lines should be. If you only care about removing tacacs-server directed-request, then you need:

+ tacacs-server host 10.22.2.10

+ tacacs-server host 10.22.102.10

- tacacs-server directed-request

New Member

Re: Baseline Template range does not work

Thanks for your rapid response.

What I want in my config is this:

tacacs-server directed-request

tacacs-server host 10.22.2.10

tacacs-server host 10.22.102.10

Any other tacacs-server command must be removed.

I don't know how but this

+ tacacs-server host 10.22.2.10

+ tacacs-server host 10.22.102.10

- tacacs-server [#!(10\.22\.2\.10|10\.22\.102\.10)#]

will result only that the "tacacs-server directed-request" statement is removed, and the "tacacs-server host 10.10.10.1" not.

Cisco Employee

Re: Baseline Template range does not work

Ah, I see. You probably want this then:

+ tacacs-server host 10.22.2.10

+ tacacs-server host 10.22.102.10

- tacacs-server host [#!(10\.22\.2\.10|10\.22\.102\.10)#]

- tacacs-server [#!host#]

New Member

Re: Baseline Template range does not work

Thanks for your patience, but it still doesn't do exactly what I want.

When I run a compliance check he now wants to remove:

-tacacs-server host 10.10.10.1

-tacacs-server directed-request

I still don't understand why he wants to remove the -tacacs-server directed-request statement, I don't want this to be removed. Any ideas?? thanks again ;-)

New Member

Re: Baseline Template range does not work

Never mind, found it this did the trick:

- tacacs-server [#!directed-request#]

222
Views
0
Helpful
5
Replies
CreatePlease login to create content