We are using NCM to audit configurations of various cisco devices on the network... We have basic config templates built, which would be compared to provide exceptions. Now, we know, each device has its own limitation , based on the device model/IOS etc.. With a base configuration, NCM throws large number of non-compliance reports for commands compared against..
my question is - isnt NCM intelligent enough to compare the configurations based on the hardware, ios etc by itself ? Are there any patches/modules etc available for us to upload to NCM, to do this funcationality automatically ? Issue is we have thousands of devices and we are creating thousands of exceptions each day to get the non-compliance solved !
eg - snmp-server enable trap ospf command is not available on some devices like 3550 (with IOS less than 12.2(25) SE). Now, we manually create a ruleset to exempt this from audit, but there are many rules like this which has to be checked against.
As far as I know, its not possible, but just thought of giving a shout out !
If I understand your example, you are trying to have the policy compliance skip over certain devices if they aren't at a certain IOS level. Is that correct? If so, the only way to accomplish this that I have ever seen is to create some dynamic groups and then apply your policies appropriately.
For example, if you create a dynamic group that contains all Catalyst switches with 12.2(25) or higher and then tell your policy only to apply to that group that may work for you.
At least, that's how I am doing that in the NCM deployment for the company I work for.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...