4-57
Cisco Prime Network 4.0 User Guide
OL-29343-01
Chapter 4 Device Configurations and Software Images Compliance Audit
Problem This policy checks if at least two NTP servers are configured on the device for NTP server
redundancy.
The following condition checks if the command ntp server appears at least twice.
Solution The following settings have to be made in the appropriate sections.
Problem This policy checks if the device is not configured with any prohibited community strings or
community strings that must be avoided for SNMP.
This condition checks if either snmp-server community public or snmp-server community private is
configured on the device. If configured, Compliance Audit raises a violation. Note that <1> in the
violation text is replaced with the actual community string configured on the device, at the runti me. In
this example, <1> indicates first captured group in the current condition.
Solution The following settings have to be made in the appropriate sections.
Creating a Policy Profile
After you have created policies, create a policy profile that will contain a set of policies. Go to
Compliance Audit > Policy Profile. The Policy Profile page (Figure 4-15) appears.
Does Not Match Action Raise a violation and exit this rule
Violation Text DNS Server must be configured as either 1.2.3.4 or 2.3.4.5.
Field Value
Field Value
Configuration Scope Configuration
Operator Matches the expression
Valu e (ntp server.*\n){2,}
Match Action Continue
Does Not Match Action Raise a violation and exit this rule
Violation Text At least two NTP servers must be configured.
Field Value
Configuration Scope Configuration
Operator Matches the expressi on
Valu e snmp-server commun ity (public|private)
Match Action Raise a violation and exit this rule.
Does Not Match Action Continue
Violation Text Community string <1> configured.