ca_374 Posted November 13, 2013 Share Posted November 13, 2013 (edited) Hi, I'm currently testing a software based AAA(authentication, authorization, accounting) server from http://www.tacacs.net/ and this requires me to use regular expression to authorize specific Cisco commands when users are logged in to our switches. I'm very new to regular expression and I need help to make the "authorization" part of this AAA server works. I've been searching the Internet and trying different syntax of regular expression for XML but I was unsuccessful. What I'm trying do is, match the exact command "show running-config interface fasthethernet 1/0/1".(the "1/0/1" entry is up to "1/0/52"). Also, I would like to match the same command when the user type the shortcut method like "sh run int fa1/0/1". If I could make this work, I could apply the same syntax to other commands that I would like to either permit or deny. If someone could give me an idea how I can make it work, I would appreciate. I attached the authorization.xml file and if you need additional information, just let me know. Based on the attached file, the <Shell> </Shell> section is what I'm working on: <Shell> <!--note that the login and exit commands are always permitted--> <Permit>configure terminal</Permit> <Permit/> </Shell> Thanks! authorization.xml Edited November 13, 2013 by ca_374 Link to comment Share on other sites More sharing options...
justsomeguy Posted November 13, 2013 Share Posted November 13, 2013 Regular expressions are for pattern matching, not really meant for finding specific strings. If you want to find a specific string then your regular expression pattern is the exact string you're looking for. You may need to escape certain characters that have a meaning in regular expressions, like . + * ? etc, but other than that if you're looking for a specific string then your pattern is that string. Matching a range of numbers like 1 through 52 is more complicated, you need to do it in parts. It could be a single-digit number, 1-9, so you would need this: [1-9] or, there could be 2 digits, where the first goes through 1 to 4 and the second goes through 0 to 9, to match 10-49, which is this: [1-4][0-9] then to match 50-52: 5[0-2] so you put all of those together to get 1 through 52: ([1-9])|([1-4][0-9])|(5[0-2]) Link to comment Share on other sites More sharing options...
ca_374 Posted November 14, 2013 Author Share Posted November 14, 2013 Thanks for the reply justsomeguy. how can i properly add the character "/" on the syntax that you gave? the character "/" needs to be part of the command. Thanks. Link to comment Share on other sites More sharing options...
justsomeguy Posted November 14, 2013 Share Posted November 14, 2013 You can escape any regular expression meta-character by putting in front of it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now