Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k

NCM - Configuration Audit - Device Types

Hi All

We are using NCM to audit configurations of various cisco devices on the network... We have basic config templates built, which would be compared to provide exceptions. Now, we know, each device has its own limitation , based on the device model/IOS etc.. With a base configuration, NCM throws large number of non-compliance reports for commands compared against..

my question is - isnt NCM intelligent enough to compare the configurations based on the hardware, ios etc by itself ? Are there any patches/modules etc available for us to upload to NCM, to do this funcationality automatically ? Issue is we have thousands of devices and we are creating thousands of exceptions each day to get the non-compliance solved !

eg - snmp-server enable trap ospf command is not available on some devices like 3550 (with IOS less than 12.2(25) SE). Now, we manually create a ruleset to exempt this from audit, but there are many rules like this which has to be checked against.

As far as I know, its not possible, but just thought of giving a shout out !

1 REPLY
New Member

Re: NCM - Configuration Audit - Device Types

If I understand your example, you are trying to have the policy compliance skip over certain devices if they aren't at a certain IOS level. Is that correct? If so, the only way to accomplish this that I have ever seen is to create some dynamic groups and then apply your policies appropriately.

For example, if you create a dynamic group that contains all Catalyst switches with 12.2(25) or higher and then tell your policy only to apply to that group that may work for you.

At least, that's how I am doing that in the NCM deployment for the company I work for.

Hope this helps and good luck!

515
Views
0
Helpful
1
Replies
CreatePlease to create content