diff --git a/checks/cisco_eigrp_interface b/checks/cisco_eigrp_interface
index d61470773a14cb15483d77e5c1a739279b9904a2..51667c311b3f97a621bc8a0de96f543fd618dadc 100644
--- a/checks/cisco_eigrp_interface
+++ b/checks/cisco_eigrp_interface
@@ -126,9 +126,9 @@
factory_settings['cisco_eigrp_interface_defaults'] = {
- 'ignore_interfaces_auth': [
- 24, # Loopback
- ]
+ 'ignore_interfaces_auth': [24, ], # Loopback
+ 'no_auth_state': 2,
+ 'md5_auth_state': 1,
}
###########################################################################
@@ -274,8 +274,10 @@ def check_cisco_eigrp_interface(item, params, parsed):
state = 0
infotext = 'Peer count: %s, Hello interval: %s, Auth Mode: %s' % (cEigrpPeerCount, cEigrpHelloInterval, cEigrpAuthMode)
+ md5_auth_state = params.get('md5_auth_state')
+ no_auth_state = params.get('no_auth_state')
if interface_type not in params.get('ignore_interfaces_auth'):
- if cEigrpAuthMode in ['md5']:
+ if cEigrpAuthMode in ['md5'] and md5_auth_state != 0:
longoutput += '\n you can change the authentication mode to hmac-sha-256 by removing the eigrp authentication'\
'\n configuration from the interface and move it to the "router eigrp configuration"'\
'\n you need to change to "named mode configuration"'\
@@ -287,9 +289,9 @@ def check_cisco_eigrp_interface(item, params, parsed):
'\n eigrp YOUR-ROUTER-ID'\
'\n network ....'\
'\n end' % (cEigrpAS, cEigrpIfName)
- yield 1, 'weak authentication set'
- elif cEigrpAuthMode == 'none':
- yield 2, 'no authentication set'
+ yield md5_auth_state, 'weak authentication set'
+ elif cEigrpAuthMode == 'none' and no_auth_state != 0:
+ yield no_auth_state, 'no authentication set'
if cEigrpAuthKeyChain != '':
infotext += ', Key chain: %s' % cEigrpAuthKeyChain
diff --git a/cisco_eigrp.mkp b/cisco_eigrp.mkp
index 5603d6534dfa79bd5a31470fc269db892b976877..f8698a96bef3aef26a0413ceb08ccb0da2a26bba 100644
Binary files a/cisco_eigrp.mkp and b/cisco_eigrp.mkp differ
diff --git a/packages/cisco_eigrp b/packages/cisco_eigrp
index 6985a7a486e13d54ecdadaec081b9997dd5c0416..627b2d40eef8a7d7257fe82e5c38515e622ae773 100644
--- a/packages/cisco_eigrp
+++ b/packages/cisco_eigrp
@@ -12,6 +12,6 @@
'name': 'cisco_eigrp',
'num_files': 8,
'title': u'Cisco EIGRP checks',
- 'version': '20191016v.0.2',
+ 'version': '20191021v.0.2a',
'version.min_required': '1.2.8b8',
'version.packaged': '1.4.0p35'}
\ No newline at end of file
diff --git a/web/plugins/wato/cisco_eigrp_interface.py b/web/plugins/wato/cisco_eigrp_interface.py
index 1622784ff886c4c281fe715295b90ad48cb6fcd9..00f8e0b2429bbdc188d79c1dc1700ece41e3d93d 100644
--- a/web/plugins/wato/cisco_eigrp_interface.py
+++ b/web/plugins/wato/cisco_eigrp_interface.py
@@ -14,7 +14,7 @@
ignore_interfaces_auth = [
(6, 'Ethernet CSMAD'),
(24, 'Loopback'),
- (53, 'Proprietary Virtual - Cisco VLAN L3'),
+ (53, 'Proprietary Virtual (Cisco VLAN L3)'),
(131, 'Tunnel'),
(135, 'Layer 2 VLAN',),
(136, 'Layer 3 IP VLAN'),
@@ -29,12 +29,28 @@ register_check_parameters(
elements=[
('ignore_interfaces_auth',
ListChoice(
- title=_('no warning if EIRGP authentication not configured on'),
- label=_('no warning if EIRGP authentication not configured on'),
- help=_('no warning if EIRGP authentication not configured on'),
+ title=_('no warning if EIRGP authentication not configured on selected interface types'),
+ label=_('no warning if EIRGP authentication not configured on selected interface types'),
+ help=_('no warning if EIRGP authentication not configured on selected interface types'),
choices=ignore_interfaces_auth,
default_value=[],
)),
+ ('no_auth_state',
+ MonitoringState(
+ title=_('State to report when interface has no authentication configured'),
+ help=_(
+ 'State if an EIGRP enabled interface has no authentication configured. Default is critical'),
+ default_value=2,
+ ),
+ ),
+
+ ('md5_auth_state',
+ MonitoringState(
+ title=_('State to report when interface uses MD5 authentication'),
+ help=_('State if an EIGRP enabled interface uses an MD5 hash as authentication method. Default is warning'),
+ default_value=1,
+ ),
+ ),
],
),
TextAscii(title=_('Cisco EIGRP interface')),