In my conversations with prospects and companions, there are two subjects which might be totally different however considerably associated: compliance and system configuration administration. In my newest weblog, “Compliant or not? Cisco DNA Middle will assist you determine this out”, we mentioned compliance capabilities in Cisco DNA Middle 2.3.3. On this weblog, I’ll tackle system configuration administration.
Let me begin by saying that DNA Middle at all times has the most recent system configuration in its inner databases. This has at all times been the case. The configuration of a tool is first collected and saved when the system is added to the stock, it’s then up to date by periodic triggers in addition to event-based triggers. Occasion-based triggers occur when there’s a change within the configuration. DNA Middle makes use of these up-to-date configurations for all its capabilities together with, however not restricted to, assurance, system alternative, and compliance. Community directors also can leverage these configurations so, on this weblog, we’ll discover alternative ways to entry them.
Visualize Configuration in Stock
For sure system sorts, like switches, DNA Middle has the choice to point out and export the total system configuration. This permits the community administrator to have fast visibility into the configuration. For safety causes, delicate information is masked which implies that we are able to’t immediately use this system config to revive a tool.
Export the system configuration
Configuration archive is the DNA Middle function that enables community directors to export uncooked configurations to an exterior server. Uncooked configurations are helpful to revive a tool for instance.
Gadget configuration backup may be scheduled with the specified recurrence and the configurations are despatched to an exterior server. For every configuration backup, DNA Middle creates a password-protected zip file. This zip file comprises one listing per system and every listing comprises three information: running-config, startup-config, and VLAN database.
APIs to retrieve system configuration
One other option to entry the clear textual content system configurations is by way of APIs. The API out there in Cisco DNA Middle permits to retrieve uncooked startup, working configs, and VLAN DB within the type of a zipper file in an identical approach because the configuration archive functionality.
API particulars: POST /network-device-archive/cleartext
Visualize Configuration Drifts
Arguably, I’m leaving essentially the most fascinating functionality for final!
Firstly of the weblog, we talked about that DNA Middle shops the system configuration and updates the configurations periodically and upon adjustments. Each time there’s a change within the configuration, DNA Middle will retailer and timestamp this new configuration for a most of fifty. We name these configurations config drifts. Furthermore, DNA Middle can present variations between these saved configurations to assist the community administrator determine any adjustments. For out-of-band adjustments, Config Drift instrument will even present the username of the person who made the change.
Within the instance under, we’re evaluating two configurations taken on September 2nd, 2022, one at 1:56pm and the opposite at 2:57pm. We will see within the latter, {that a} “description” command was faraway from “interface GigabitEthernet 1/0/10”. As soon as we determine these adjustments within the working configuration, the community administrator can take particular actions to remediate the problem. For instance, the system may be re-provisioned.
We will additionally determine and label a particular configuration that we deem “normal”. That approach, it will likely be simpler to check the present working configuration with the chosen labeled configuration.
Within the instance under, we’ll first choose the popular configuration and title it with the label of our alternative, on this case, “TBRANCH-Std-Config“:
As soon as we label our normal configuration, we are able to then evaluate it to the present configuration. On this instance, the present working configuration is recognized as “September 2nd at 3:10pm”. On this case, each working configuration and normal configurations match.
Have you ever tried these capabilities?
Are there every other subjects you’d wish to see in these blogs?
Let me know within the feedback under.
Share:
