Hello All,
I am looking to replace Ciscoworks with CA's Configuration Manager and am having trouble figuring out the commands that I can enter within the ncm policy editor that are the equivalents to what I am currently doing in Ciscoworks. Here is an example scenario of what I am currently able to do in Ciscoworks:
Case 1: Compliance check on community strings
Problem Definition: The user wants to make sure that only two community strings are present in the configuration.
Configuration of any extra SNMP community strings in addition to the ones mentioned below leads to noncompliance.
Mandatory community strings in the device configuration:
snmp-server community white ro
snmp-server community black rw
Solution: Use of the negation concept to solve the problem. The template to solve this issue is:
- snmp-server community [#!white#] ro
- snmp-server community [#!black#] rw
In this case, the beginning dash character (-) will make sure that the command is not present in the device configuration, and since the negation is applied, it will match all the community strings except those mentioned in the problem definition and will flag a noncompliance if there are any community strings except the desired ones.
Running a compliance check would list the additional community strings present in the configuration. An alternate way could be to deploy the changes (removing the unwanted ones from the configuration) in the same job. Refer to Figure 1 for a better understanding.
I've read through the documentation but can't seem to get the same results using the default "has line, does not have line, contains, does not contain, etc." unless there is something I am doing incorrectly. This would make creating policies much easier as I would not have to specify every statement that should not be in the configuration. Anyone have any suggestions on how this can be performed within CA's Config Manager?
Thanks,
Brian