[tac_plus] need help with crafting a cmd with some regex

Asif Iqbal vadud3 at gmail.com
Tue Feb 20 19:28:46 UTC 2018


All users can execute ip route A.A.A.A B.B.B.B <VlanX/GigabitX> <next-hop
IP>.  However, without <VlanX/GigabitX>, tacacs should reject it.

Meaning the ip route command would have to contain a VLAN or Interface
specifier , or be rejected.

Here are some examples:

Good static route – accepted:
ip route 192.168.1.128 255.255.255.192 Vlan1686 192.168.1.6 name foo_to_bar
ip route 192.168.2.0 255.255.255.0 TenGigabitEthernet4/16.689 192.168.2.12
ip route vrf S609150:1678 172.26.0.0 255.255.0.0 Vlan1682 10.35.174.33

Bad static route: - rejected:
ip route vrf s617:securities-micro:B 192.168.7.60 255.255.255.255
192.168.7.58
ip route 172.29.141.48 255.255.255.240 172.26.250.73 name bar_to_foo

Thanks

-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20180220/ed55e83f/attachment.html>


More information about the tac_plus mailing list