Cisco DNA Heart and System configuration administration

In my conversations with clients and companions, there are two matters which can be totally different however considerably associated: compliance and gadget configuration administration.  In my newest weblog, “Compliant or not? Cisco DNA Heart will enable you to determine this out”, we mentioned compliance capabilities in Cisco DNA Heart 2.3.3.  On this weblog, I’ll handle gadget configuration administration.

Let me begin by saying that DNA Heart all the time has the newest gadget configuration in its inside databases. This has all the time been the case. The configuration of a tool is first collected and saved when the gadget is added to the stock, it’s then up to date by periodic triggers in addition to event-based triggers. Occasion-based triggers occur when there’s a change within the configuration. DNA Heart makes use of these up-to-date configurations for all its capabilities together with, however not restricted to, assurance, gadget alternative, and compliance. Community directors may leverage these configurations so, on this weblog, we’ll discover other ways to entry them.

Visualize Configuration in Stock

For sure gadget sorts, like switches, DNA Heart has the choice to point out and export the total gadget configuration. This permits the community administrator to have fast visibility into the configuration. For safety causes, delicate information is masked which implies that we will’t instantly use this gadget config to revive a tool.

Configuration Visualization in Inventory
Determine 1: Configuration Visualization in Stock: delicate information is masked

Export the gadget configuration

Configuration archive is the DNA Heart function that enables community directors to export uncooked configurations to an exterior server. Uncooked configurations are helpful to revive a tool for instance.

Configuration Archive
Determine 2: Configuration Archive: exporting uncooked configurations to an exterior server

System configuration backup could be scheduled with the specified recurrence and the configurations are despatched to an exterior server. For every configuration backup, DNA Heart creates a password-protected zip file. This zip file accommodates one listing per gadget and every listing accommodates three information: running-config, startup-config, and VLAN database.

Password-protected zip file
Determine 3: Password-protected zip file


Running, Startup configs and VLAN DB
Determine 4: One listing per gadget containing working config, startup configs and VLAN DB

APIs to retrieve gadget configuration

One other strategy to entry the clear textual content gadget configurations is through APIs. The API obtainable in Cisco DNA Heart permits to retrieve uncooked startup, working configs, and VLAN DB within the type of a zipper file in an identical manner because the configuration archive functionality.

API particulars:

POST /network-device-archive/cleartext

Visualize Configuration Drifts

Arguably, I’m leaving probably the most attention-grabbing functionality for final!

At first of the weblog, we talked about that DNA Heart shops the gadget configuration and updates the configurations periodically and upon adjustments. Each time there’s a change within the configuration, DNA Heart will retailer and timestamp this new configuration for a most of fifty. We name these configurations config drifts. Furthermore, DNA Heart can present variations between these saved configurations to assist the community administrator determine any adjustments. For out-of-band adjustments, Config Drift device may also present the username of the individual that made the change.

Within the instance under, we’re evaluating two configurations taken on September 2nd, 2022, one at 1:56pm and the opposite at 2:57pm. We are able to see within the latter, {that a} “description” command was faraway from “interface GigabitEthernet 1/0/10”. As soon as we determine these adjustments within the working configuration, the community administrator can take particular actions to remediate the difficulty. For instance, the gadget could be re-provisioned.

Config Drift
Determine 5: Config Drift

We are able to additionally determine and label a selected configuration that we deem “normal”. That manner, will probably be simpler to match the present working configuration with the chosen labeled configuration.

Within the instance under, we’ll first choose the popular configuration and identify it with the label of our alternative, on this case, “TBRANCH-Std-Config“:

Label Config
Determine 6: Label Config

As soon as we label our normal configuration, we will then examine it to the present configuration. On this instance, the present working configuration is recognized as “September 2nd at 3:10pm”. On this case, each working configuration and normal configurations match.

Comparing running-config to labeled config
Determine 7: Evaluating running-config to labeled config

Have you ever tried these capabilities?

Are there every other matters you’d wish to see in these blogs?

Let me know within the feedback under.




Leave a Reply

Your email address will not be published.