Table of Contents
Baseline Syntax and Policy Checking
Baseline Syntax and Policy Checking
This appendix describes the syntax and policy checks performed by the Connectivity Tools parser on the router configuration files when a baseline is created.
Following is a list and brief description (where needed) of the syntax checks performed by the Connectivity Tools's parser. The checks are divided into AppleTalk, Frame-Relay, IP, Novell/IPX, SRB, SNA, DLSW, and general categories.
- AppleTalk address must be
network
.
node
where
network
is in the range 0 through 65279 and
node
is in the range 0 through 254.
- AppleTalk cable range must be
start-end
where
start
and
node
are decimal numbers in the range 0 through 65279.
- Frame-Relay: address already in map.
- Frame-Relay not configured on this interface.
- Command valid for OSPF only.
- Interface subcommand not preceded by interface major command.
- Invalid access list number. The command requires a standard IP access list number. Must be in the range 1 through 99.
- Invalid bridge number. Must be in the range 1 through 15.
- Invalid channel group. Must be in the range 0 through 23.
- Invalid command specified. The command default-metric with multiple metrics can be applied to an IGRP routing process only.
- Invalid configuration command.
- Invalid EIGRP external distance. Must be in the range 1 through 255.
- Invalid EIGRP internal distance. Must be in the range 1 through 255.
- Invalid encapsulation type.
- Invalid ICMP code. Must be in the range 0 through 255.
- Invalid ICMP message name.
- Invalid ICMP type. Must be in the range 0 through 255.
- Invalid IGMP message name.
- Invalid IGMP type. Must be in the range 0 through 15.
- Invalid interface name. Valid interface names (case insensitive) are:
null
,
hssi
,
fddi
,
serial
,
ethernet
,
tokenring
,
bri
,
loopback
,
dialer
,
async
,
tunnel
,
atm
.
- Invalid IP address.
- Invalid net mask.
- Invalid OSPF cost value. Must be in the range 1 through 65535.
- Invalid OSPF metric type value. Must be 1 or 2.
- Invalid port number. Must be in the range 0 through 7.
- Invalid port name in IP extended access list.
- Invalid precedence level. Must be in the range 0 through 7.
- Invalid precedence name in IP extended access list.
- Invalid protocol command. The timers-basic command can only be used for EGP, RIP, or IGRP.
- Invalid protocol number. In the extended IP access list command, the protocol number must be in the range 0 through 255.
- Invalid queue size. Must be in the range 10 through 500.
- Invalid slot number. Must be in the range 0 through 4.
- Invalid TOS level. Must be in the range 0 through 15.
- Invalid TOS name in IP extended access list.
- Invalid TOS value. TOS must have a value of 0 in the command
metric weights TOS K1 K2 K3 K4 K5.
- Invalid Type of Service value. Must be in the range 0 through 15.
- Invalid variance multiplier. Must be nonzero positive integer.
- Invalid weight value. In the command metric weight, weight must be an integer in the range 10 through 255.
- Multiple active access-group commands per interface. There should be only one active access-group command per interface.
- Missing autonomous system number. In the router global command, an autonomous system number must be specified for the following routing protocols: IGRP, BGP, OSPF and EGP.
- Must delete all secondary IP addresses before deleting primary address.
- This command must be preceded by a router eigrp command.
- Invalid maximum hops. In the command metric maximum-hops hops, hop count must be in the range 1 through 255.
- Invalid Novell/IPX access list number.
- Invalid Novell/IPX address.
- Invalid Novell/IPX encapsulation type. Must be one the following:
arpa
,
hdlc
,
novell-ether
,
sap
, or
snap
.
- Invalid Novell/IPX host address (node ID). Must be dotted triplets of four-digit hexadecimal numbers. The value of each four-digit triplet must be in the range 0 through 65536.
- Invalid Novell/IPX network number. Must be a 32-bit number written in hexadecimal.
- Invalid Novell/IPX SAP access-list number. Must be in the range 1000 through 1099.
- Invalid Novell/IPX extended access list number. Must be in the range 900 through 999.
- Invalid Novell/IPX max paths. Must be in the range 1 through 512.
- Multiple Novell/IPX access-group commands. There should be only one IPX access-group command per interface.
- Multiple Novell/IPX input-network-filter commands. There should be only one IPX input-network-filter command per interface.
- Multiple Novell/IPX input-sap-filter commands. There should be only one IPX input-sap-filter command per interface.
- Multiple Novell/IPX output-network-filter commands. There should be only one IPX output-network-filter command per interface.
- Multiple Novell/IPX output-sap-filter commands. There should be only one IPX output-sap-filter command per interface.
- Multiple Novell/IPX router commands. There must be only one IPX routing command per configuration file.
- Duplicate source-bridge fst-peername command.
- Duplicate source-bridge remote-peer command.
- Duplicate source-bridge ring-group command.
- Invalid interface name. Valid interface names in the source-bridge remote-peer interface command must be of type
serial
,
ethernet
,
FDDI
, or
tokenring
.
- Invalid max frame size in source-bridge remote-peer command. Valid values are: 516, 1500, 2052, 4472, 8144, 11407, and 17800.
- Invalid ring group number. Must be in the range 1 through 4095.
- Invalid MAC address in sdllc traddr command. Must be of the form xxxx.xxxx.xx00.
- Invalid SDLC address in sdllc partner command. Must be in the range 1 through 0xfe.
- Invalid DLSW peer group number. Must be in the range 1 through 255.
- Invalid DLSW peer cost. Must be in the range 1 through 5.
- Invalid DLSW largest frame size.
- Invalid DLSW keep-alive time. Must be in the range 0 through 1200.
- Invalid DLSW lsap-output-list number. Must be in the range 200 through 299.
- Invalid DLSW max output TCP queue size. Must be in the range 10 through 2000.
- Router subcommand not preceded by router major command.
- A sub-interface must be preceded by the main interface to which it belongs.
This section describes the policy checking performed by the Connectivity Tools' parser.
You can have the Connectivity Tools parser program perform additional customized checking on the router configuration files by creating a template file in which you specify an action to be taken when the parser either encounters or does not encounter the command(s) you specify. You should name the template file default.router_template and place it in the data directory where you have placed your baseline(s).
The action specified in the file is taken on the first match. The entries you specify are case insensitive.
To specify the action to be taken when a command is encountered in the router configuration files, you create an entry in a template file using one of the following formats:
ACTION = warn_if_found
or
ACTION = warning |
Note Currently, the only action supported is to print a warning message displaying the complete command as it appears in the router configuration file (including its parameters), the router configuration file name, and the line number where the match occurred.
To specify the action to be taken when a command is not encountered in the router configuration files, you create an entry in a template file using the following format:
| action = warn_if_not_found |
Note Currently, the only action supported is to print a warning message displaying the name of the command you specified and the name of the router configuration file(s) where a match did not occur.
Following an action entry in the template file you must specify commands using their entire names, each on a separate line, followed by the parameters, if any, you wish to specify. The parser expects to find a command keyword as the first word in an entry, otherwise the entry is flagged as having an error and the template file is not loaded. A default list of command keywords is located in the $ECSP_HOME/resources/configkeyword file. You can make additional command keywords available to the parser by including them in a file you create. The parser first checks to see if the ECSP_CONFIGKEYWORD environment variable contains a pointer to this file. If it does and the file is readable, the additional command keywords are used by the parser when doing the customized checking. If this environment variable is not set, the parser checks to see if the $HOME/ecsp_configkeyword file exists and is readable. If so, the additional command keywords contained in this file are used by the parser when doing the customized checking.
You can construct regular expressions (RE) when specifying the parameter values to be used during the parser's searching of the router configuration files. The RE is constructed as follows:
- any character that is not a special character (see below) matches itself
- a backslash (\) character followed by any special character matches the literal character itself
- the special characters are:
- plus sign (+)
- asterisk (*)
- question mark (?)
- period (.)
- left bracket ([)
- right bracket (])
- caret (^)
- dollar sign ($)
- the period (.) matches any character except the newline
- a set of characters enclosed in brackets ([]) is a one-character RE that matches any of the characters within the brackets. A range of characters can be indicated with a dash (-) within the brackets. For example, [1-4] matches any number from one through four. If a caret (^) is the first character specified within the brackets, the RE matches any character except those characters in the set. For example, [^1-4] matches any number other than one through four.
The following rules are used to build a multi-character RE:
- a one-character RE followed by an asterisk (*) matches zero or more occurrences of the RE
- a one-character RE followed by a plus (+) matches one or more occurrences of the RE
- a question mark (?) is an optional element. The preceding RE can occur zero or once in the string, no more
- the concatenation of REs is a RE that matches the corresponding concatenation of strings.
As with access lists, the order of the commands listed in the template file is important. You are able to specify multiple commands, each on a separate line, in the file.
Following is a sample from a template file that prints a warning message whenever the two commands are encountered in the router configuration files:
action = warn_if_found
ip helper-address
novell routing |
Following is a sample from a template file that prints a warning message whenever the specified command is not encountered in the router configuration files:
ACTION = warn_if_not_found
no ip source-route |
The Connectivity Tools parser places the output from the policy checks you specified in the default.router_template file you created into the $ECSP_HOME/baseline_directory/default.template_warnings file.
For example, if you specified the following action commands in your default.router_template file,
action = warning
ip helper-address
action = warn_if_not_found
ip source-route
action = warn_if_found
novell routing |
the format of the information produced by the parser and stored in the default.template_warnings file is as follows:
*** List of template constraint violation messages. ****
** WARNING **
Command: ip helper-address 132.108.1.255
found on line: 68
in config file: netsys1
** WARNING **
Command: ip helper-address 132.108.22.172
found on line: 74
in config file: netsys1
** WARNING **
Command: ip helper-address 132.108.1.255
found on line: 28
in config file: netsys4
...
** WARNING **
Command: ip source-route
NOT found in config file: netsys1
** WARNING **
Command: ip source-route
NOT found in config file: netsys2
...
** WARNING **
Command: novell routing 0000.0c08.94dd
found on line: 18
in config file: netsys1
** WARNING **
Command: novell routing 0000.0c04.3a3e
found on line: 20
in config file: netsys3
** WARNING **
Command: novell routing aa00.0400.0134
found on line: 17
in config file: netsys4 |
Copyright 1988-1995
©
Cisco Systems Inc.
