NCM - Configuration Audit - Device Types

Unanswered Question
Dec 14th, 2009

Hi All

We are using NCM to audit configurations of various cisco devices on the network... We have basic config templates built, which would be compared to provide exceptions. Now, we know, each device has its own limitation , based on the device model/IOS etc.. With a base configuration, NCM throws large number of non-compliance reports for commands compared against..

my question is - isnt NCM intelligent enough to compare the configurations based on the hardware, ios etc by itself ? Are there any patches/modules etc available for us to upload to NCM, to do this funcationality automatically ? Issue is we have thousands of devices and we are creating thousands of exceptions each day to get the non-compliance solved !

eg - snmp-server enable trap ospf command is not available on some devices like 3550 (with IOS less than 12.2(25) SE). Now, we manually create a ruleset to exempt this from audit, but there are many rules like this which has to be checked against.

As far as I know, its not possible, but just thought of giving a shout out !

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
AJ Schroeder Mon, 12/21/2009 - 06:57

If I understand your example, you are trying to have the policy compliance skip over certain devices if they aren't at a certain IOS level. Is that correct? If so, the only way to accomplish this that I have ever seen is to create some dynamic groups and then apply your policies appropriately.

For example, if you create a dynamic group that contains all Catalyst switches with 12.2(25) or higher and then tell your policy only to apply to that group that may work for you.

At least, that's how I am doing that in the NCM deployment for the company I work for.

Hope this helps and good luck!


This Discussion