I am trying to write a policy that detects if a switch has DHCP Snooping enabled globally and not just on a per-vlan basis.
The problem is, the command that enables it globally is the exact same string that starts the command that enables it on a per-vlan basis.
How can I write the rule in NCM so that it only matches the correct global command on its own line rather than the longer per-vlan basis?
DHCP Snooping enabled globally command:
ip dhcp snooping
DHCP Snooping enabled on a per-vlan basis:
ip dhcp snooping vlan 6
If I setup NCM to look for just "ip dhcp snooping" it will falsely match on switches where it is also enabled on a per-vlan basis. I have tried editing the rule to use a regex that matches the whole line like so:
I also tried string dependency with parenthesis but that also fails:
Does anyone have a way to force NCM to match a single line in its entirety and if that line is not found, alert for the profile?