Cisco NX-OS disallowed features

Find disallowed features that are enabled on Cisco NX-OS devices

This query locates instances of the feature config line in NXOS devices and extracts the named feature from these config lines. It checks the enabled features against a set of features that should not be enabled.

Using patternMatches

disallowedFeatures = ["telnet", "scp-server"];

foreach device in network.devices
where device.platform.vendor == Vendor.CISCO &&
      device.platform.os == OS.NXOS
foreach match in patternMatches(device.files.config, `feature {featureName:string}`)
let isDisallowed = match.data.featureName in disallowedFeatures
select { Device: device.name,
         Feature: match.data.featureName,
         Fix: if isDisallowed then "no feature " + match.data.featureName else "",
         violation: isDisallowed
       }

Using patternMatch

disallowedFeatures = ["telnet", "scp-server"];

foreach device in network.devices
where device.platform.vendor == Vendor.CISCO &&
      device.platform.os == OS.NXOS
foreach line in device.files.config
let match = patternMatch(line.text, `feature {featureName:string}`)
where isPresent(match)
let isDisallowed = match.featureName in disallowedFeatures
select { Device: device.name,
         Feature: match.featureName,
         Fix: if isDisallowed then "no feature " + match.featureName else "",
         violation: isDisallowed
       }

Find disallowed features that are enabled on Cisco NX-OS devices​

Using patternMatches​

Using patternMatch​

Find disallowed features that are enabled on Cisco NX-OS devices

Using patternMatches

Using patternMatch