This section will present a more complicated compliance example that uses two queries to check different parts of the configuration against each other. The intent of this example is to check that the management IP address of the Device being tested is contained in a subnet mapped by one of the Device’s Ethernet interfaces.
The Primary Query looks for an Interface with an IP address that contains the management IP address (which was put in a variable by the secondary query shown below). Management IP address primary query example illustrates the definition of the primary query.
Management IP address secondary query example illustrates the definition of the secondary query.
Here is a description of how this example works.
First, the secondary query is executed. (Note that the primary query is always run last, so that it can use variables generated by the other query(s)). The secondary query gets the Basic properties of the Device that is being tested. Note specifically that the “Limit query to device under test” option is checked; this is essential (otherwise the secondary Query would have a row for every Device in the system). The secondary query generates a single variable, managementIP, from the ManagementIP column of row 0 of the result set. Since there will only be a single entry in the result set corresponding to the Device under test, managementIP is therefore set to the management IP of the Device under test.
Next, the primary query is executed. It finds the InterfaceIpAddress subnet on the Device being tested that contains the IP address in variable managementIP, which is the Device’s management IP address. The result set will be a single line containing the DeviceName and the basic properties of the Interface(s) which contained the management IP address. (Note: it is not necessary to click the “Limit query to device under test option” on the primary query, since this is already assumed, however doing so will not cause an ill effect.) Result set for a typical device illustrates the result set that is generated for a typical Device.
Finally, the test rules are run. There is only one rule, as illustrated in One rule for a typical device.
It is a Must Contain rule that says the Interface’s technology type must be Ethernet.
This does not mean that the interface is necessarily the physical Ethernet interface; a Vlan interface running on top of an Ethernet interface will have an Ethernet technology type.
You can view this example in the Samples/Compliance/Attributed Tests folder. It is named “Management IP on Ethernet Interface”. It may be helpful to study the other attributed compliance test examples in this folder so that you can write your own compliance tests easily.