Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Integrity Check Descriptions

    This section gives a description of some of the integrity checks (ICs) that are performed on the router configuration files during configuration import. The IC descriptions are organized by category. For each IC, a brief description, a msgID (corresponding to the msgID shown in the Integrity Checks reports), and the default severity are given.

    A more detailed description then follows to give more information about the particular IC check. The severity of the IC helps the network engineer to prioritize which ICs to look at first. High severity reports are critical reports believed to potentially cause major network problems. Medium and Low severity reports describe problems not considered severe, but should be fixed to prevent network problems or inadvertent side effects. Warning-level reports describe potential network problems that the network engineer should examine to make sure that the network is operating at its best.

    Access List and Prefix List Integrity Checks

    ["Non-utilized access-list rule (Cisco)", msgID=106, High]

    When access lists become long, preceding rules may be more general than subsequent rules. When this happens, the later rules are never utilized. This check identifies situations when rules are not utilized.


    ["Unknown access-list (Cisco)", msgID=86, High]

    This check identifies references to undefined access lists. Supported for IPv4 and IPv6.


    ["Unreferenced access-list (Cisco)", msgID=100, Warning]

    An access-list was defined, but not referenced. Supported for IPv4 and IPv6.


    ["Unknown prefix-list (Cisco)", msgID=107, High]

    This check identifies references to undefined prefix lists.


    ["Unreferenced prefix-list (Cisco)", msgID=108, Warning]

    A prefix-list was defined, but not referenced.

    BGP Integrity Checks

    ["Disabled BGP protocol (Juniper)", msgID=5, Warning]

    This check identifies situations where the BGP section is defined, but the disabled statement is present.


    ["Ignored 'community-list' statement due to unexpected 'permit'/'deny' location (Riverstone)", msgID=18, Warning]

    Because the permit/deny following the "community-list <name>" command is missing, the community-list statement is ignored.


    ["BGP neighbor shutdown", msgID=51, Warning]

    This check identifies situations when the BGP neighbor is shutdown.


    ["Unknown as-path access-list", msgID=109, High]

    This check identifies references to undefined as-path access lists.


    ["Unreferenced as-path access-list (Cisco)", msgID=110, Warning]

    An as-path access-list was defined, but not referenced.


    ["Unknown community-list", msgID=124, High]

    This check identifies references to undefined community lists.


    ["Unreferenced community-list (Cisco)", msgID=125, Warning]

    A community-list was defined, but not referenced.


    ["Unknown route-map action (Riverstone)", msgID=97, High]

    This check identifies references to an undefined community-list in the "route-map <name> deny/match <> community-list" command.

    EIGRP/IGRP Integrity Checks

    ["Inconsistent EIGRP definition", msgID=20, Medium]

    This check finds EIGRP to be enabled on one end of a line but not the other end.


    ["Inconsistent IGRP definition", msgID=21, Medium]

    This check finds IGRP enabled on one end of a line but not the other end.


    ["Invalid EIGRP inverse (wildcard) mask", msgID=61, High]

    When configuring which networks EIGRP will advertise, the inverse (wildcard) mask must be correct. This check identifies invalid EIGRP inverse mask values.


    ["Invalid IGRP inverse (wildcard) mask", msgID=62, High]

    When configuring which networks IGRP will advertise, the inverse (wildcard) mask must be correct. This check identifies invalid IGRP inverse masks values.


    ["Invalid EIGRP network address", msgID=65, High]

    This check identifies invalid network addresses that EIGRP is trying to advertise.


    ["Unexpected IGRP network address", msgID=66, High]

    This check identifies invalid network addresses that IGRP is trying to advertise.

    IP Integrity Checks

    ["Duplicate IP address (public)", msgID=9, High]

    All IP addresses assigned to router interfaces are checked for duplication since duplicate IP addresses can result in serious problems in a network.


    ["Duplicate IP address (private)", msgID=111, Warning]

    An IP address in one private address spaces can be duplicated in another (e.g., within different VPNs). This check identifies duplicated IP addresses within the same private address space.


    ["Duplicate host name", msgID=10, High]

    This check identifies duplicate config files for the same router. The duplicated config files are ignored.


    ["Error in address definition (Riverstone)", msgID=12, High]

    This check identifies invalid IP address formats in the "interface create ip <name> address-netmask" command.


    ["Inconsistent media interfaces with same subnet address", msgID=19, Warning]

    During configuration parsing, two interfaces are stitched up when

    • Their addresses are in the same subnet
    • Their media types are either Ethernet, SONET, or ATM and match on both sides.

    This check identifies situations where condition 1 is true, but condition 2 is not.


    ["Inconsistent bandwidth", msgID=29, Low]

    This check identifies the situation where there is a bandwidth mismatch between two terminating interfaces of a link.


    ["Missing host name", msgID=38, High]

    This check sees that a host name was not specified after the "hostname" command.


    ["Multiple hostnames defined", msgID=45, High]

    This check sees duplicate host names defined in the system section.


    ["Non-primary address matched", msgID=49, Warning]

    This check alerts the user to the fact that secondary addresses were used for stitch up.

    ["Overlapped subnet addresses", msgID=50, High]

    This check identifies overlapped subnet addresses.

    ["Unexpected IP address", msgID=63, High]

    This check identifies invalid IP addresses in Juniper or Riverstone configs.

    ["Unexpected IP mask (Riverstone, Juniper)", msgID=64, High]

    This check sees that the vlan specified in the "interface create ip <name> vlan" was not defined.

    ISIS Integrity Checks

    ["Inconsistent ISIS definition", msgID=22, Medium]

    This check sees that ISIS was enabled on one end of a line but not the other end.

    ["Asymmetric ISIS1 metric", msgID=114, Warning]

    This check finds ISIS1 metrics to be different at the two ends of a link.

    ["Asymmetric ISIS2 metric", msgID=115, Warning]

    This check finds ISIS2 metrics to be different at the two ends of a link.

    ["Overlapped network statements", msgID=164 Warning]

    This check flags overlapping IP address ranges related to network statements under the OSPF or BGP protocol, for Cisco and Huawei devices.

    RIP Integrity Checks

    ["Inconsistent RIP definition", msgID=112, Medium]

    This check sees that RIP is enabled on one end of a line but not the other end. OSPF Integrity Checks

    ["Invalid OSPF/IGRP/EIGRP network address", msgID=69, High]

    This check identifies invalid IP network prefixes in the OSPF, IGRP, or EIGRP sections.

    ["Duplicate area IDs defined (Riverstone)", msgID=6, High]

    This check sees that duplicate non-backbone area IDs are defined.

    ["Inconsistent OSPF area definition", msgID=25, High]

    This check sees that the two ends of an OSPF link are assigned to two different OSPF areas.

    ["Inconsistent OSPF definition", msgID=26, Medium]

    This check sees OSPF enabled on one end of a link but not the other end.

    ["Multiple defined backbone areas (Riverstone)", msgID=44, High]

    This check identifies situations in Riverstone configuration files where the backbone area0 is defined more than once.

    ["Invalid OSPF network address", msgID=67, High]

    This check identifies invalid OSPF network addresses.

    ["Unexpected OSPF inverse (wildcard) mask", msgID=68, High]

    This check indentifies invalid inverse (wildcard) masks on the network statement in the OSPF section.

    ["Unexpected area IP (Riverstone)", msgID=60, High]

    Riverstone uses the 4-octet format for non-backbone OSPF area designation. This check identifies cases in which the area entered in the "ospf create area" command was neither "backbone" nor a valid IP address.

    ["Unknown OSPF area (Riverstone)", msgID=81, High]

    Riverstone uses the 4-octet format for non-backbone OSPF area designation. This check identifies cases in which the area entered in the "ospf add interface to area" command was neither "backbone" nor a valid IP address.

    ["Asymmetric OSPF metric", msgID=113, Warning]

    This check identifies the situation where the OSPF metrics defined on the two end interfaces are different.

    ["ABR not in Area 0", msgID=119, Warning]

    This check finds an ABR that does not border Area 0.

    ["Unbalanced OSPF virtual-link", msgID=126, High]

    This check sees that OSPF virtual-link is defined only in one end but not the other.

    ["OSPF virtual-links not in the same transit area", msgID=127, High]

    OSPF virtual links can be used to establish OSPF routing in areas that can only be connected via non-backbone (transit) areas. This check identifies the situation where the OSPF virtual-links going to and from the backbone area are going through a different transit area.

    ["Asymmetric OSPF reference bandwidth", msgID=162, Low]

    This check identifies the situation where the OSPF reference bandwidth defined on the two end interfaces are different.

    QoS Integrity Checks

    ["Bandwidth and priority commands cannot be used in the same class within the same policy map (Cisco)", msgID=3, severity=Medium]

    Either the bandwidth or the priority option can be used for a particular class within a policy map to specify the guaranteed bandwidth, but not both.

    ["Duplicate policy-Map", msgID=11, Low]

    This check looks for duplicate policy-map names defined in a config file.

    ["Duplicate Class-Map", msgID=7, Low]

    This check looks for duplicate class-map names defined in a config file.

    ["Duplicate CoS-Queue-Group", msgID=8, Low]

    This check looks for duplicate CoS queue groups configured in a config file.

    ["Invalid IP precedence values", msgID=30, High]

    This check identifies IP precedence values that are outside of the allowed range of 0-7.

    ["Invalid MPLS EXP bit value", msgID=31, High]

    MPLS uses the EXP bits in the shim header to support differentiated services. Valid EXP bit values are 0-7. This check identifies invalid EXP bit values.

    ["Undefined class", msgID=55, Medium]

    This check sees that the class referenced in a policy-map section was not configured by the class-map command.

    ["Unknown class name in scheduler-map", msgID=90, Low]

    This check sees that the class name referenced in the scheduler-map section was not defined.

    ["Unknown scheduler name in scheduler-map", msgID=98, Low]

    This check sees that the scheduler name referenced in the scheduler-map section was not defined.

    ["Reference to an unknown policy-map", msgID=135, Medium]

    This check identifies references to an unknown policy-map name.

    LINK Integrity Checks

    ["Inconsistent PIM mode", msgID=27, High]

    This check sees that PIM was enabled on one end of a line but not the other end.

    ["Undefined filter (Juniper)", msgID=56, High]

    This check identifies situations where a filter is being applied to an interface, but the referenced filter is undefined.

    ["Unreferenced firewall filter", msgID=101, Warning]

    This check identifies firewall filters that are never referenced

    ["Unknown ISIS area-tag (Cisco)", msgID=89, High]

    This check identifies situations with Cisco ISIS configuration when a reference was made to an undefined area-tag.

    ["ip unnumbered command references an unknown interface (Cisco)", msgID=95, Medium]

    The ip unnumbered command borrows the IP address from the specified interface to the interface on which the command has been configured. This check identifies situations when the specified interface is unknown.

    MISCELLANEOUS Integrity Checks

    ["Invalid config file", msgID=33, Warning]

    This check identifies those files that are not router configuration files.

    ["non-text file", msgID=34, Warning]

    This check looks for files that contains too many unreadable characters.

    ["Undefined interface", msgID=77, High]

    This checks finds that the interface name entered in the "isis add interface" command was not defined by the "interface create" command.

    ["Undefined IP address (Riverstone)", msgID=76, High]

    This check looks for undefined IP addresses in Riverstone IP address statements.

    ["Undefined interface IP address", msgID=78, High]

    This check saw an undefined interface IP address in "isis add interface" command.

    ["Undefined LSP", msgID=79, Low]

    This check finds that the LSP name is not defined in the LSP section.

    ["Unknown interface", msgID=93, Low]

    This general check finds situations where the referred to interface was not defined. This could happen in many situations.

    ["vlan-id defined without configuration in vlan-tagging section(Juniper)", msgID=104, Medium]

    This checks finds that the vlan-id defined in the interface section was not configured in the vlan-tagging section.

    ["Inconsistent ATM bandwidth and PVC mean value", msgID=105, Warning]

    This check identifies situations in which the ATM bandwidth and PVC mean values are known, but the PVC mean value is different from the ATM bandwidth value.

    ["Reference to an unknown card (Alcatel)", msgID=139, High]

    This check identifies cases where references were made to an undefined card name.

    ["Reference to an unknown port (Alcatel)", msgID=140, High]

    This check identifies cases where references were made to an undefined port name.

    ["Reference to an unknown SDP (Alcatel)", msgID=141, High]

    This check identifies cases where references were made to an undefined SDP name.

    ["Reference to an unknown route-map (Cisco)", msgID=130, High]

    This check identifies references to an unknown route-map.

    ["Tunnel is configured as both autoroute announced and forwarding-adjacency", msgID=131, High]

    This checks identifies the situation where a tunnel is configured as both autoroute announced and forwarding-adjacency.

    ["No IGP on forwarding-adjacency tunnel", msgID=132, Medium]

    This checks sees that ISIS or OSPF was not configured on a forwarding-adjacency tunnel.

    ["bandwidth may exceed physical interface capacity", msgID=128, Low]

    This check looks for situations where the bandwidth value configured for an interface exceeds the physical interface capacity. E.g., this check would identify the case where the bandwidth for a Fast Ethernet interface is configured as 1000000 (1G).

    ["Unreferenced route-map", msgID=152, Warning]

    A route-map was defined, but not referenced.

    ["Unreferenced policy-map", msgID=153, Warning]

    A policy-map was defined, but not referenced.

    ["Empty route-map(route-policy) statement", msgID=163, Warning]

    A route-map statement was defined without any content. This integrity check applies to Cisco and Huawei devices.

    ["Hostname not configured", msgID=165, Warning]

    The hostname was not configured on the device. This integrity check applies to the following devices with cisco-like config: Cisco (IOS, IOS-XR), asa, casa, nxos, zte, oneaccess, adtran, hillstone, digitalchina, etc.

    MPLS Integrity Checks

    ["Multiple group-names assigned to the same group-value (Juniper)", msgID=4, severity=High]

    This check identifies situations where the same group-value (tunnel bit value) is assigned to multiple group-names under the admin-group statement.

    ["Inconsistent LDP/TDP definition", msgID=23, Medium]

    This check sees that LDP/TDP was enabled on one end of a line but not the other end.

    ["Inconsistent MPLS-TE definition", msgID=24, Medium]

    This check sees that MPLS-TE was enabled on one end of a line but not the other end.

    ["Invalid tunnelbit (Juniper)", msgID=32, High]

    This check finds that the MPLS admin-group tunnelbit is not in the allowed range (1~31).

    ["Undefined admin-group", msgID=70, High]

    This check finds that the admin-group referenced in the tunnel section was not configured.

    ["Invalid tunnel destination IP address format", msgID=72, High]

    This checks identifies tunnel destination IP addresses that have an invalid format.

    ["Invalid hop number", msgID=73, High]

    This checks sees that the hop number is out of the valid range (1~255).

    ["Invalid tunnel source IP address format", msgID=75, High]

    This check identifies tunnel Source IP addresses that have an invalid format.

    ["Unknown admin-group (Juniper, Alcatel)", msgID=87, High]

    This check identifies a reference to an undefined admin-group for Juniper and Alcatel routers.

    ["Unknown Tunnel/LSP path", msgID=96, High]

    This check finds references to unknown an tunnel/LSP path.

    ["RSVP not defined on MPLS enabled interface", msgID=118, Warning]

    This check warns the user that RSVP was not defined on an MPLS enabled interface.

    ["MPLS-TE tunnel is not enabled on the device", msgID=142, High]

    Prior to configuring MPLS-TE tunnels, the mpls traffic-eng tunnels statement is configured at the global level. This check identifies situations where this statement is missing.

    ["Asymmetric MPLS-TE metric", msgID=116, Warning]

    This check finds that the MPLS-TE metric to be different on the two ends.

    RSVP Integrity Checks

    ["Inconsistent RSVP bandwidth", msgID=28, Warning]

    This check identifies situations where the RSVP bandwidth is different on the two sides on a link.

    ["Inconsistent RSVP definition", msgID=147, Medium]

    RSVP was enabled on one end of a link but not the other end.

    Static Routes Integrity Checks

    ["Next hop not in local subnet", msgID=47, Warning]

    This check sees that the next hop address defined by static route does not belong to any of the subnets configured on the router.

    ["Shutdown interface in static route", msgID=52, Medium]

    This check sees that the next hop interface for the static route was a shutdown interface on the local router.

    ["Unknown tunnel in static route", msgID=82, High]

    The check finds the situation where the referenced next hop tunnel for the static route was not defined on the router.

    ["Unknown interface in static route", msgID=94, High]

    This check finds the situation where the referenced next hop interface for the static route was not defined on the router.

    ["Next hop is local address", msgID=146, High]

    This check sees that the next hop of the static route is a local address

    Tunnel Integrity Checks

    ["Undefined Tunnel (Cisco)", msgID=80, Low]

    This checks looks for a reference to an undefined tunnel in Cisco's 'mpls traffic-eng backup-path <tunnel ID>' statement, where the <tunnel ID> was not defined.

    ["Unknown destination address in Tunnel", msgID=92, Warning]

    This check any tunnel that has a destination address not in the given network.

    ["Asymmetric GRE tunnel", msgID=143, High]

    This check sees that a GRE tunnel is defined only on one end but not the other.

    ["Inconsistent GRE tunnels protocol", msgID=144, High]

    This check finds the GRE tunnel protocols to be defined inconsistently. If the GRE tunnel from the A end is in OSPF (ISIS) protocol section, then the GRE tunnel from the Z end also needs to be in the OSPF (ISIS) protocol section.

    ["autotunnel mesh groups not enabled", msgID=137, High]

    To configure AutoTunnel mesh groups, you must first enable it using the 'mpls traffic-eng auto-tunnel mesh' statement. This check identifies situations in which this statement is missing.

    ["autotunnel backup not enabled", msgID=138, High]

    To configure backup AutoTunnels, you must first enable it using the 'mpls traffic-eng auto-tunnel backup' statement. This check identifies situations in which this statement is missing.

    VPN Integrity Checks

    ["No remote Layer 2 circuit", msgID=48, Medium]

    This check finds situations where there's no remote layer2 circuit in L2M, VPLS, or L2 CCC VPNs.

    ["Singleton VPN", msgID=53, Warning]

    This check found only one VRF statement in a particular VPN.

    ["VRFs with same meshed route targets", msgID=133, Warning]

    This check lets the user know that different VRFs were found to have the mesh of route targets

    ["VRF without import and export route targets", msgID=134, Low]

    This check saw an incomplete VRF definition, which was missing import and export route targets.

    ["Missing route distinguisher", msgID=120, High]

    This check saw a VRF definition missing the route distinguisher statement.

    ["Missing export route-target", msgID=121, High]

    This check saw a VRF missing the route-target export statement.

    ["Missing import route-target" msgID=122, High]

    This check saw a VRF missing the route-target import statement.

    ["No interface in VRF", msgID=123, Warning]

    This check sees that a particular VRF is not used in any interface.

    ["No interface/circuit using bridge-instance (Tellabs)", msgID=136, Warning]

    This check identifies Tellabs bridging-instances that are not referenced by any interfaces/circuits.

    ["Unknown policy-name", msgID=129, High]

    This check identifies references to an undefined policy.

    ["VRFs with same route targets and route distinguisher", msgID=117, Warning]

    This check identifies VRFs with same route targets and route distinguisher.

    ["Unknown VRF", msgID=85, High]

    This check identifies references to an unknown VRF.

    ["Duplicated RDs in different VRFs", msgID=151, Medium]

    This check identifies if two different VRFs have the same RD and their route targets have no intersection.

    VLAN Integrity Checks

    ["Undefined vlan (Riverstone)", msgID=59, High]

    This check identifies in Riverstone configs references to a vlan that is undefined.

    ["Unknown smarttrunk", msgID=99, High]

    This check finds that the smart trunk specified in the "smarttrunk add ports <name> to <smarttrunk>" command was not defined.

    Modified: 2016-11-08