Hello everyone,
I am trying to make a rule condional on the first part being true. I want to ensure "ip verify unicast reverse-path" is configured on all our WAN connections. We set a description of "DS[13]*" on all our WAN interfaces so locate that and then match "ip verify unicast reverse-path"
So far my rule looks like this "description DS[13].*\n(.*\n)*.*ip verify unicast reverse-path"
The problem I am having is some of our routers do not have WAN connections so there is no match on "DS[13]" and that causes an exception. I need this rule to be ignored if there is no match for "description DS[13]"
I would like to create several of these expressions for my rules because we dont match on just "int Fa0/0" or "int Fa0/1" but have to match on "int BVI20" or on "int Fa0/0.20". To ensure we are matching the correct interface we assign a "description trusted" "description isolated" or "description restricted" to the appropriate interface, sub-interface or bridge interface. For each of these we need to conditionally match to each of these specific descriptions then require the "ip verify unicast reverse-path" be found next.
Example
int BVI20
desc trusted <-Found this or "isolated" or "restricted" or ....
ip verify unicast reverse-path<- Require this
exit
int fa0/0.10
desc isolated <-Tested. missing ip verify produce exception.
exit
int BVI35
desc private <-Not tested no exception.
exit
Thanks.