Page 1 of 1
config block compliance
Posted: Fri Jun 26, 2026 6:53 am
by dskundric
hi,
is there a config block comliance feature. For example ... each interface has to have some command configured. So you define BLOCK with start/end command for interface and then seek for these specific command in each block?
br
Re: config block compliance
Posted: Fri Jun 26, 2026 10:51 am
by Tomas
Hi,
This is coming in 2.10.0. We are adding "Strict" and "Sequential" matching modes to Compliance rules.
Strict - the block of text in the compliance condition has to be present in the device config exactly as-is
Sequential - each line of the compliance condition has to be present in the device config, in the order that's specified
Presence (current) - each line of the compliance condition just has to be present in the device config somewhere, independent of order
The "Strict" matching mode will do exactly what you are asking for
Re: config block compliance
Posted: Fri Jun 26, 2026 11:04 am
by dskundric
and strict mode will suport something like this
for each interface with ip address there must be no ip proxy-arp command
OR
for each line vty segment there must be transport input ssh command?