Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LMS 2.6 Baseline Templates: Multiline command support (Banners)?

Hi,

I'm wondering if anyone has figured out a way to check the compliance of multiline configuration entries (banners being a great example)? We have a corporate standard MOTD banner, and I'm looking for a way to make sure its audited as part of our existing baseline templates. I'm aware you can push banners using NetConfig -- I'm looking for a way with baseline templates that I can verify they're set correctly. Have tried with various RegEx-based checks, can't seem to get the right result. Anyone know if what I'm trying to do is even possible?

Thanks,

-Jeremy

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: LMS 2.6 Baseline Templates: Multiline command support (Banne

Yes, it is possible. I wrote the code to do this in RME 4.0.5. It did not exist prior to that. Check out the RME online help on the syntax, but basically, you put the whole banner on one line using "" to indicate where a newline should be:

+ banner motd "---------------------------------------------------- This is a highly monitored and secured device!--------------------------------------------------"

I find it best to stick the banner in a text file, then use Perl to convert it:

perl -pi.bak -e 's|\n||g' banner.txt

6 REPLIES
Cisco Employee

Re: LMS 2.6 Baseline Templates: Multiline command support (Banne

Yes, it is possible. I wrote the code to do this in RME 4.0.5. It did not exist prior to that. Check out the RME online help on the syntax, but basically, you put the whole banner on one line using "" to indicate where a newline should be:

+ banner motd "---------------------------------------------------- This is a highly monitored and secured device!--------------------------------------------------"

I find it best to stick the banner in a text file, then use Perl to convert it:

perl -pi.bak -e 's|\n||g' banner.txt

New Member

Re: LMS 2.6 Baseline Templates: Multiline command support (Banne

Thanks Joe! That was exactly what I was looking for. You have no idea how much time and frustration you have saved me. :)

-Jeremy

New Member

Re: LMS 2.6 Baseline Templates: Multiline command support (Banne

So, after a little testing, I am running into a slight problem with this.

I can now sucessfully deploy a multiline banner using the baseline templates using this method. Problem is, that a compliance check using the same exact template used to deploy the banner still fails.

I think this may be related to the additional "C" characters that IOS seems to insert after the user-specified delimiter character when setting a banner.

i.e.

+ banner motd ^ATTENTION!Test Banner...^

will create the desired banner on the device, however when looked at in the running config (which is what the compliance-check is auditing) it appears as:

banner motd ^C

ATTENTION!

Test Banner...

^C

I think the "C" character after the delimiter seems to cause the banner to fail the compliance check.

Has anyone seen this behavior?

Cisco Employee

Re: LMS 2.6 Baseline Templates: Multiline command support (Banne

I use '"' for my delimiter. However, when you look at the banner in show run, IOS will use a control+C (^C) character as the delimiter. So what you're seeing is expected. However, when you telnet to the device, the banner should just show as:

ATTENTION!

Test Banner...

New Member

Re: LMS 2.6 Baseline Templates: Multiline command support (Banne

Interesting indeed. Switching to the '"' character for a delimiter seemed to resolve the issue. When I was using '^' for a delimiter (as I always have in the past and as is also the listed example delimiter character in any IOS device), I could never get the compliance check to list the device as being compliant, even if the banner was deployed on the device using the same template as the audit. Very, very Odd.

Well, thanks yet again. It might be worth noting somewhere in the docs that you pretty much *must* use '"' as your delimiter if you want it to work correctly in both deployment and audit functions.

-Jeremy

Silver

Re: LMS 2.6 Baseline Templates: Multiline command support (Banne

Compliance verification isn't Cicowork's LMS 2.6's forte. I'd suggest looking at a Cisco Parner, Opsware NAS which fills that gap quite nicely.

503
Views
12
Helpful
6
Replies