Solved: Auditing Configuration Groups

ROB ADAMS · ‎01-24-2017

What is the process to compare a WLC managed by Prime to a "Golden" WLC that is also managed?

My intent is to compare a managed WLC configs against a "Best" configured WLC and find those configurations either missing or mis-configured.

pieterh · ‎01-30-2017

I think the configuration audit is what you are looking for?

In Prime you create a controller config group, add controllers and templates to this group
next you start a "configuration audit" this compares the templates that should be installed with the templates that are installed, and report discrepancies.
You can use this group only for audit, or to push all the templates to the controllers in the group.

Prime also has the function "import templates from controller" to detect "missing settings".
This discovers settings , that were not distributed using prime templates, and put them into templates.
beware templates with names that allready exist are NOT overwritten/recreated.
but the audit detects the differences.

Alternatively there is WLCCA (wlc config analyzer) on the cisco support forum.
this can compare multiple controller configs saved from the command line.

sample report from Prime configuration audit:

Controller Name

Template Name

Audit Status

Template Applied Via

Attribute

Prime Infrastructure Value

Controller Value

AMR-WISM2-1-CCEF

ApAuthTemplate 3440b5d8dce4

Mismatch

Independent Template

certType

4

6

AMR-WISM2-1-CCEF

APGroupsVlanTemplate AMR-Alle-SSIDs

Mismatch

ConfigGroup AMR

interfaceMappingName

management

AMR-WISM2-1-CCEF

APGroupsVlanTemplate AMR-Alle-SSIDs

Mismatch

ConfigGroup AMR

mappingProfile

RFH

AMR-WISM2-1-CCEF

WlanTemplate RFH

Mismatch

Independent Template

macFiltering

1

0

AMR-WISM2-2-CCZ

ApAuthTemplate 3440b5d8dce4

Mismatch

Independent Template

certType

4

6

AMR-WISM2-2-CCZ

APGroupsVlanTemplate AMR-Alle-SSIDs

Mismatch

ConfigGroup AMR

interfaceMappingName

management

AMR-WISM2-2-CCZ

APGroupsVlanTemplate AMR-Alle-SSIDs

Mismatch

ConfigGroup AMR

mappingProfile

RFH

AMR-WISM2-2-CCZ

WlanTemplate RFH

Mismatch

Independent Template

macFiltering

1

0

ELD-WLC-01

ApAuthTemplate 3440b5d8dce4

Mismatch

Independent Template

certType

4

6

View solution in original post

pieterh · ‎02-06-2017

Hi Rob,

You selected the wrong path.
Your screenshot shows the path to create a new group, not to audit an exiting one!
and beware! it is "WLAN controller configuration group" not just "configuration group".
look at my screenshot, hope this helps?

Scott pointed attention to an important point:
Prime only compares with what you put in the templates included in the config group, not the complete config.
if not all setting are includes in templates in this group, than those differences will not show up in the audit.
I allready mentioned WLCCA as an other tool to compare the config files.

but you can use diferent config groups to compare "sets" of templates
controlelrs and templates can be used in multiple groups
i use a different set for
- global "settings" that i want the same over all controllers
- local settings for controllers within the same site
- special setting for something like a wlan preshared key that needs to be changed on a regular base.
You need to find out yourself what works for you.

View solution in original post

Rasika Nayanajith · ‎01-27-2017

I would take a configuration backup of these two WLC & using something like notepad++ find the config differences.

HTH

Rasika

*** Pls rate all useful responses ***

ROB ADAMS · ‎01-27-2017

Rasika,

I have a over a hundred WLCs. I was wondering if there was an audit or comparison Prime feature to compare a "golden" WLC with the others.

pieterh · ‎01-30-2017

I think the configuration audit is what you are looking for?

In Prime you create a controller config group, add controllers and templates to this group
next you start a "configuration audit" this compares the templates that should be installed with the templates that are installed, and report discrepancies.
You can use this group only for audit, or to push all the templates to the controllers in the group.

Prime also has the function "import templates from controller" to detect "missing settings".
This discovers settings , that were not distributed using prime templates, and put them into templates.
beware templates with names that allready exist are NOT overwritten/recreated.
but the audit detects the differences.

Alternatively there is WLCCA (wlc config analyzer) on the cisco support forum.
this can compare multiple controller configs saved from the command line.

sample report from Prime configuration audit:

Controller Name

Template Name

Audit Status

Template Applied Via

Attribute

Prime Infrastructure Value

Controller Value

AMR-WISM2-1-CCEF

ApAuthTemplate 3440b5d8dce4

Mismatch

Independent Template

certType

4

6

AMR-WISM2-1-CCEF

APGroupsVlanTemplate AMR-Alle-SSIDs

Mismatch

ConfigGroup AMR

interfaceMappingName

management

AMR-WISM2-1-CCEF

APGroupsVlanTemplate AMR-Alle-SSIDs

Mismatch

ConfigGroup AMR

mappingProfile

RFH

AMR-WISM2-1-CCEF

WlanTemplate RFH

Mismatch

Independent Template

macFiltering

1

0

AMR-WISM2-2-CCZ

ApAuthTemplate 3440b5d8dce4

Mismatch

Independent Template

certType

4

6

AMR-WISM2-2-CCZ

APGroupsVlanTemplate AMR-Alle-SSIDs

Mismatch

ConfigGroup AMR

interfaceMappingName

management

AMR-WISM2-2-CCZ

APGroupsVlanTemplate AMR-Alle-SSIDs

Mismatch

ConfigGroup AMR

mappingProfile

RFH

AMR-WISM2-2-CCZ

WlanTemplate RFH

Mismatch

Independent Template

macFiltering

1

0

ELD-WLC-01

ApAuthTemplate 3440b5d8dce4

Mismatch

Independent Template

certType

4

6

Scott Fella · ‎01-30-2017

Prime does a compare with what you provide as a template. The issue here is, are all your controllers configured the same? We also have hundreds of co trollers and we use HPNA for config compliance, but only look at configurations we need to. All sites will have different RF settings so this is what you should not compare.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

ROB ADAMS · ‎02-02-2017

Auditing Configuration Groups

Step 1 Choose Configuration > Templates > Controller Configuration Groups , and click a group name in the Group Name column.

Step 2 Click the Audit tab to access this page.<<<<<<<<<<<<I do not see audit tab.

How can i audit against a template?

pieterh · ‎02-06-2017

Hi Rob,

You selected the wrong path.
Your screenshot shows the path to create a new group, not to audit an exiting one!
and beware! it is "WLAN controller configuration group" not just "configuration group".
look at my screenshot, hope this helps?

Scott pointed attention to an important point:
Prime only compares with what you put in the templates included in the config group, not the complete config.
if not all setting are includes in templates in this group, than those differences will not show up in the audit.
I allready mentioned WLCCA as an other tool to compare the config files.

but you can use diferent config groups to compare "sets" of templates
controlelrs and templates can be used in multiple groups
i use a different set for
- global "settings" that i want the same over all controllers
- local settings for controllers within the same site
- special setting for something like a wlan preshared key that needs to be changed on a regular base.
You need to find out yourself what works for you.

Compare WLC Configuration against a "Golden" WLC